Edit tour

Windows Analysis Report
VTL-1535.pdf

Overview

General Information

Sample name:	VTL-1535.pdf
Analysis ID:	1431047
MD5:	22b84969b0a5b9b175542d9ee54cedee
SHA1:	6b57d5080f3d5960bfe9bf89ccd68d8fc6b2d792
SHA256:	6e7611dd2d06666bc97b347061883dfe2fe581b27915c1f3a5827bc62b5fef86
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6412 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\VTL-1535.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6548 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3004 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1720,i,2881297844661282025,9822932352563221621,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winPDF@14/44@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 13-53-40-864.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\VTL-1535.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1720,i,2881297844661282025,9822932352563221621,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1720,i,2881297844661282025,9822932352563221621,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: VTL-1535.pdf	Initial sample: PDF keyword /JS count = 0
Source: VTL-1535.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A91mb2p0b_1lx7fp2_4zc.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A91mb2p0b_1lx7fp2_4zc.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: VTL-1535.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
VTL-1535.pdf	0%	ReversingLabs
VTL-1535.pdf	2%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431047
Start date and time:	2024-04-24 13:52:51 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	VTL-1535.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/44@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.3.84.164, 54.227.187.23, 52.202.204.11, 52.5.13.197, 23.22.254.206, 162.159.61.3, 172.64.41.3, 23.219.38.42, 23.219.38.40, 23.219.38.48, 23.219.38.58, 23.219.38.33, 23.219.38.51, 23.219.38.41, 23.219.38.57, 23.219.38.16
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.22400411846469
Encrypted:	false
SSDEEP:	6:iEuFN+q2PN72nKuAl9OmbnIFUt8nq+Zmw+nq6VkwON72nKuAl9OmbjLJ:SIvVaHAahFUt8q+/+qy5OaHAaSJ
MD5:	316A5F8BCF3B84E7B288BAA917323E4C
SHA1:	2D8433ACA11DE1BC3177B3B99843619D10763DAA
SHA-256:	8A371F0BB1A1B300A5B5A25284D04311F46BE7743DAD54FCF0B141F9A89D1C30
SHA-512:	89664FCE5C401AB27A83DCB79677826611C78D20843E1D38566EF27D149DAC2CA91CCD246A3817234906164B58BD358287AF57153F94EF82D7BABD9DA854EE24
Malicious:	false
Reputation:	low
Preview:	2024/04/24-13:53:38.910 5b8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-13:53:38.912 5b8 Recovering log #3.2024/04/24-13:53:38.912 5b8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.22400411846469
Encrypted:	false
SSDEEP:	6:iEuFN+q2PN72nKuAl9OmbnIFUt8nq+Zmw+nq6VkwON72nKuAl9OmbjLJ:SIvVaHAahFUt8q+/+qy5OaHAaSJ
MD5:	316A5F8BCF3B84E7B288BAA917323E4C
SHA1:	2D8433ACA11DE1BC3177B3B99843619D10763DAA
SHA-256:	8A371F0BB1A1B300A5B5A25284D04311F46BE7743DAD54FCF0B141F9A89D1C30
SHA-512:	89664FCE5C401AB27A83DCB79677826611C78D20843E1D38566EF27D149DAC2CA91CCD246A3817234906164B58BD358287AF57153F94EF82D7BABD9DA854EE24
Malicious:	false
Reputation:	low
Preview:	2024/04/24-13:53:38.910 5b8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-13:53:38.912 5b8 Recovering log #3.2024/04/24-13:53:38.912 5b8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.207966259888897
Encrypted:	false
SSDEEP:	6:iiM+q2PN72nKuAl9Ombzo2jMGIFUt8nl96Zmw+nUTpMVkwON72nKuAl9Ombzo2jz:lM+vVaHAa8uFUt8v6/+sMV5OaHAa8RJ
MD5:	A7E8B8F236AFCF576AC97DF69238DBA3
SHA1:	EF9FE7D191A95C4677752431D60A438D042D988D
SHA-256:	092F9F48BC0354F43D0D8F3E96D341872F94AC50389DD8E99182271B56DDA15D
SHA-512:	AF971C1E4D6B747D8E1DF084CCD5771A64AFE99C3B192162F6E69AB0C2C46B572D79D618F2D081016C3A1949D562F8B03B2B0A62A89FD8BB5A660B48DD02CC64
Malicious:	false
Reputation:	low
Preview:	2024/04/24-13:53:38.990 b6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-13:53:38.991 b6c Recovering log #3.2024/04/24-13:53:38.992 b6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	339
Entropy (8bit):	5.207966259888897
Encrypted:	false
SSDEEP:	6:iiM+q2PN72nKuAl9Ombzo2jMGIFUt8nl96Zmw+nUTpMVkwON72nKuAl9Ombzo2jz:lM+vVaHAa8uFUt8v6/+sMV5OaHAa8RJ
MD5:	A7E8B8F236AFCF576AC97DF69238DBA3
SHA1:	EF9FE7D191A95C4677752431D60A438D042D988D
SHA-256:	092F9F48BC0354F43D0D8F3E96D341872F94AC50389DD8E99182271B56DDA15D
SHA-512:	AF971C1E4D6B747D8E1DF084CCD5771A64AFE99C3B192162F6E69AB0C2C46B572D79D618F2D081016C3A1949D562F8B03B2B0A62A89FD8BB5A660B48DD02CC64
Malicious:	false
Reputation:	low
Preview:	2024/04/24-13:53:38.990 b6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-13:53:38.991 b6c Recovering log #3.2024/04/24-13:53:38.992 b6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\02013571-b65f-427f-a361-6f94831f9e9c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.964484232732606
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZYpsBdOg2Hycaq3QYiubcP7E4T3y:Y2sRdst6dMHd3QYhbA7nby
MD5:	D2465C92BEDC2BD8CD3D5D77C964380D
SHA1:	1FDF876E4B5DEE7EE46F32A338503FCB01A340FB
SHA-256:	1567A1930E20E14502CF57CC1F4107F1CB36A600F4F68BC24CC69217F85EFEFD
SHA-512:	33F1E0D02C7445AB98FA488303DCA68608E18E2A277D04F12F6B23E8878BCB6CCE1C58921AA5C380B57FB8C4FE1E5F905408946B2A224580EFA7DB9943132954
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358519630695509","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":155380},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.964484232732606
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZYpsBdOg2Hycaq3QYiubcP7E4T3y:Y2sRdst6dMHd3QYhbA7nby
MD5:	D2465C92BEDC2BD8CD3D5D77C964380D
SHA1:	1FDF876E4B5DEE7EE46F32A338503FCB01A340FB
SHA-256:	1567A1930E20E14502CF57CC1F4107F1CB36A600F4F68BC24CC69217F85EFEFD
SHA-512:	33F1E0D02C7445AB98FA488303DCA68608E18E2A277D04F12F6B23E8878BCB6CCE1C58921AA5C380B57FB8C4FE1E5F905408946B2A224580EFA7DB9943132954
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358519630695509","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":155380},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	5859
Entropy (8bit):	5.2475911772703565
Encrypted:	false
SSDEEP:	96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7CiIVb:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhu
MD5:	9A211C1D5052809B303A420CCA27905F
SHA1:	85F403352F419D8A5D1746CE808ADE00006F6A40
SHA-256:	8B33504EAAD24BDA150D4E87E02577F09481FD7DB0A111560FDBD2C4F87CC684
SHA-512:	2932FA9C2FB5EF79F9261DA06A0C0BA6D2DA9DB2F9568304670537E0BAEE4C66A673D72CFEEDE6015367253693DA41079C09B128F8756EFFCB65BCC0EDD75DF8
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.199360147422053
Encrypted:	false
SSDEEP:	6:6M+q2PN72nKuAl9OmbzNMxIFUt86Zmw+IMVkwON72nKuAl9OmbzNMFLJ:6M+vVaHAa8jFUt86/+IMV5OaHAa84J
MD5:	9AFA2B9539458C3FE07B8BF32316C36E
SHA1:	8FDE551C27B92D97BBE1EBD627261F266F5B88B8
SHA-256:	3DB9187E157F13F663FB1E35D4BBD2558463E41D160E2F76A7C273C1471E6D10
SHA-512:	A838A11CD919C97ED83642CBC630DFAA49828A458A91D1446904BE8F2E1776B56C3668C4819CBC50AD55F71BFFE8EB67F4EA7D1B35FFB4400333559B5FF3E87B
Malicious:	false
Reputation:	low
Preview:	2024/04/24-13:53:39.345 b6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-13:53:39.367 b6c Recovering log #3.2024/04/24-13:53:39.449 b6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	327
Entropy (8bit):	5.199360147422053
Encrypted:	false
SSDEEP:	6:6M+q2PN72nKuAl9OmbzNMxIFUt86Zmw+IMVkwON72nKuAl9OmbzNMFLJ:6M+vVaHAa8jFUt86/+IMV5OaHAa84J
MD5:	9AFA2B9539458C3FE07B8BF32316C36E
SHA1:	8FDE551C27B92D97BBE1EBD627261F266F5B88B8
SHA-256:	3DB9187E157F13F663FB1E35D4BBD2558463E41D160E2F76A7C273C1471E6D10
SHA-512:	A838A11CD919C97ED83642CBC630DFAA49828A458A91D1446904BE8F2E1776B56C3668C4819CBC50AD55F71BFFE8EB67F4EA7D1B35FFB4400333559B5FF3E87B
Malicious:	false
Reputation:	low
Preview:	2024/04/24-13:53:39.345 b6c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-13:53:39.367 b6c Recovering log #3.2024/04/24-13:53:39.449 b6c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424115343Z-168.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.7505174757137598
Encrypted:	false
SSDEEP:	192:iCXahjdtXo6CbwuPzQ5Tcq38bpOH03vG27v:LIdhCbwuLQtgOU3+27v
MD5:	A81728809BDFCC0C42912C2C5223A6A7
SHA1:	8B056D77CA9DCF483B1526C69CDB24C687D13564
SHA-256:	F7A0F77762A74E7A8CDC3FAEF68F09913293F79DB0D095EE830D52EC75A2B2DA
SHA-512:	5DDE77CE246393DAB8365F074366ACF161A5FBE99AFB1F7EB8B578C79EBB417207FC991D092E156B5F5D3ED060ECF3603844722D6E2925D1F87F597E44B0C05B
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445087089518916
Encrypted:	false
SSDEEP:	384:ye6ci5tRiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mis3OazzU89UTTgUL
MD5:	5B1DF0B8BAAED5128A169191CDC9E843
SHA1:	A6BB71B1B636D8FDFF23E1A30DB602EACE5A6702
SHA-256:	FAB233D102DEE0E5C9D9F5DF8DB313A26E2EEF082EC3DEF02ECA04B418906B0F
SHA-512:	46898851B40C60D50D95C9DD0D4D853F22E004364BB389FCBCE1A762E12F012E0327A41C156780F173D33EF0F108FA229D2EBF84051DC1CA81DF09FB699DC870
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.77054823913998
Encrypted:	false
SSDEEP:	48:7MKo7JioyVjioyXoy1C7oy16oy11KOioy1noy1AYoy1Wioy1oioykioyBoy1noy2:7SJujZoXjBidvb9IVXEBodRBka
MD5:	AEA5960E53974963276059E127B43D3B
SHA1:	9E40D55703F637FDD8A2EBB9E0A98E9174B78DD8
SHA-256:	FAC7456281DCA5618BD782C013D77384BA802006FF4D33C4E25973D2E34E98ED
SHA-512:	AA0130DDFD97007C35A96846528BA1A7FFA021A1BF778C9381A547CE4A580B9663A86910697465612C023739F87256E1254778714A5EEEABDF9B37EC3521CB9C
Malicious:	false
Reputation:	low
Preview:	.... .c......."................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6456

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
MD5:	265E3E1166312A864FB63291EA661C6A
SHA1:	80DFF3187FF929596EB22E1DB9021BAD6F97178C
SHA-256:	C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
SHA-512:	48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.369082868216791
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJM3g98kUwPeUkwRe9:YvXKXsoIc9sGMbLUkee9
MD5:	7905E7460A9122DD318E3762A2AFCD7B
SHA1:	2A4432C58060B45FF6FCD24C0E76E7E775BE15D7
SHA-256:	0B84596154B76A6AA58B329475FAE79564D9A4B7109AF77E5C643E4888E610EB
SHA-512:	62A9EAA6F4EFC9EC18142B6B0A3ADC52042DCE40F0F510D85CD8DB5119A08657B869B977891C718C70F2DB565ECDB0E232196325072DE407B428D3EE56EB6674
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.321399751339432
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJfBoTfXpnrPeUkwRe9:YvXKXsoIc9sGWTfXcUkee9
MD5:	95B3A6F037CFFA2BC47EF4A12A70D2E4
SHA1:	94B889A54CE1E85EA598A0312DF8607479DF45D6
SHA-256:	822FCEDAA8F5E53B0ED521C6A7C2DA0FF53649024C700B0EE3A6749A52438BA0
SHA-512:	1404272537CE60D146B76E506DEF0229039EECF6AB6482011639D983AF2ED047DFE724A3454BAA6F8AFDFF7C871141737A85C3B4919296C29F78E86D067E7AEF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.30010596556631
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJfBD2G6UpnrPeUkwRe9:YvXKXsoIc9sGR22cUkee9
MD5:	CDB1F1EFE7055B7B8336C733780FAB77
SHA1:	3CAA5D8CD9360A00760CD676D90404873BDEC691
SHA-256:	603DCD90D643534DD9F4B534B8CBA054B4FFBAB885579EF30145FB7ECF4FF150
SHA-512:	297B26608A7C15367BFA31F4E4C0ADBF985DA305EB57EA6F5A7F7F054BEB12304D5D3AFFE74831104C828D6E35BE74742672820172110F1E374469C6F9631944
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.349306127456151
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJfPmwrPeUkwRe9:YvXKXsoIc9sGH56Ukee9
MD5:	C2F993D69C241C977B829FF41460FC92
SHA1:	BF5D46D7B23259FD1D4F866915870FE4BB049408
SHA-256:	4976C4032B597029FD8CF58ABDEFE05CC47A37830A9F6E30889AFA848CD38617
SHA-512:	75DD62C9B1F4D93D365E5E0D69ACBC57BC2686AC218701C30F22AE3B2E795E65E9E3896E90C4AF8B74E37BD81FC2B27EA156B4F4D7AA57D275F9EF04A026A085
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.31566019475933
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJfJWCtMdPeUkwRe9:YvXKXsoIc9sGBS8Ukee9
MD5:	F37F3EA3CB725F9A32EF0BE3BC6110F2
SHA1:	48BEC2A01D3385DC331017445DE3C265B2EF30AF
SHA-256:	B3EDA11118A859D65014194A26D0990F5F135CBB67E5A52F1A58A26279A576B0
SHA-512:	D06089ACC88A854B9714195128EEE5F8083A3F9192491294925733E1980D193314934175962843C4BE6C0372049D8C842CAFCB516091CC2422D8300A4EA46B9D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.300368797994321
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJf8dPeUkwRe9:YvXKXsoIc9sGU8Ukee9
MD5:	CBF8DAF9E8B6B194D4E040314E324D19
SHA1:	CF26D3055964D74A9BF260F531DD9EA39B791A1B
SHA-256:	749AED474C9B2457BB22462C22D81913515DADD0CB2A5AE800F48D0C6CF146D3
SHA-512:	70AB41B258906FCD29F939E5D435F6457C46564C22C6B088B363114D3EDFC2AB971B53DAE55CF4013A72DD150968FF4B9F60AB65F609DB7F8B3B325FA4978B48
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.302999063130585
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJfQ1rPeUkwRe9:YvXKXsoIc9sGY16Ukee9
MD5:	65E12ABB0BD29908BD6677655A448C9F
SHA1:	9475748A6B737E8E7153716C06245EE74589F090
SHA-256:	FA98E2B65B045A53D80DE121D60C742CB384ADA46FC9CE53D52A528D5F99F9EA
SHA-512:	24EDE0A2DBF8C02C8F224BD44067FA67B33E40D7DE56152C6929A420473923E509D082BFA77DE24146ED17901455A388AF67FF260CAF70E49A7D8ED2BC72B340
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.310353298903123
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJfFldPeUkwRe9:YvXKXsoIc9sGz8Ukee9
MD5:	754CF9F30072AAD3C641123BBA3B7390
SHA1:	30D5B75F29DE30F24660B0C35158BD192B46D1A9
SHA-256:	4480D88FD53E3557762AC36CDE613FBF554821E5E6D04B86FD73A90621BBAAEE
SHA-512:	E7923BDFA1B6C2CF6BAEDAE49A1681CF74EEC8EFCE1CC8E9383529CE0418C7788BFC9E40ECE9889E423E09B269F01A763DDDF8F22E414F0823E1EFFF4CC7A72C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.744540773739331
Encrypted:	false
SSDEEP:	24:Yv6Xt9UKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNT:YvgUEgigrNt0wSJn+ns8cvFJ1
MD5:	4872E7ABEB31DD95A270E24F0970D27C
SHA1:	4DEAD2D182C614018D9E2432C6A7413EE101B075
SHA-256:	247C16F504B1EB869E522137154072CBE1A40574EE8E57B373C91815234F1C6B
SHA-512:	30E1E18169109AFB2F2A9AEB135CBAD5C447B6A336739F6B891827C20C51D1FA9B8F38CB764E951F44F49E834A8AF5D09DFACF3709F297ACB825B71362840F02
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.307634713793803
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJfYdPeUkwRe9:YvXKXsoIc9sGg8Ukee9
MD5:	6E0477367D21976432D088648001428A
SHA1:	BB892869DBFD6F0687AFF43804D6B91C7D7DAFDF
SHA-256:	4D9B6C9AC6166FFA04FE0CE82A4D6D6D222ACCC1186B673CC9C2D24BA5F5D3AC
SHA-512:	F3FFC99D8E99EBDD778535EC8284B18BD61CF6E410616D3BE454690D7DA1C62069C1D660099931A88C669E2ED4EE468758087EC16DA7B5AADD692BE5C3F7B862
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.779544708273034
Encrypted:	false
SSDEEP:	24:Yv6Xt97rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN7:Yvg7HgDv3W2aYQfgB5OUupHrQ9FJB
MD5:	69A96EE7D15DDEA687DA6F5C7D921DB5
SHA1:	FA0D3430FC1FAE23FEAD9D5885B9DB7B9E0F9E7B
SHA-256:	856BDF04A3B72045F9641AF0F3C862F1B53C283823B0AA130F313E8538408902
SHA-512:	0DD24ECDC2B3AB2E24A9A5E291E742B634DA538FE1468E65CA5AAEA0A6CFE8B17DF03DFDCD8867181809D8FECDA23082C8D18067EBF49E7547A92958B88826FB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.291129339207916
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJfbPtdPeUkwRe9:YvXKXsoIc9sGDV8Ukee9
MD5:	B19F1FD51B43219BFBB5596EFE5DA020
SHA1:	FE95B8D2FFD28DABC50A977F21745D0341B94A79
SHA-256:	FB697FFF1BBCE16DA14356B0B4B4D4BC5C6EAC1C0338B776E72FC567F36C8E75
SHA-512:	83F58136522AE1E68FA1C6F30ED72E73964DF0EA403ADE36E3003D6EFF811EB0D2C2AAEF10D5F8D5DE3374CC3D0BCC8B5C2ED59B2E7530C8BBBE982C1D45DE71
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.294301954750595
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJf21rPeUkwRe9:YvXKXsoIc9sG+16Ukee9
MD5:	5FACA033854A304C9910CC6C2F40C84D
SHA1:	0BF27138F6A371A23863710C51484D6D44F6C919
SHA-256:	1E2F3BE2ABE7AE9A530443C13927E986D4E1C925CEF7510C77B7A7659F0E99A1
SHA-512:	6F9BE78100A909082D637A37D85AF33996B9002C3ED9F95184D28F04D338696D491EACBF2E9F092703658BA906D63B740FFF39FD9EA501A798FE1E1D5BCBBEBB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.31417602447773
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJfbpatdPeUkwRe9:YvXKXsoIc9sGVat8Ukee9
MD5:	4008D5C05042153E69CC64E612729F15
SHA1:	5917ED1B77E86BDB6C64C575E295A80CD90181E9
SHA-256:	0A7B9F1CBF6D3A446C8CF58F938B3C293287B725E319AA87DFCCF1BC44868BAD
SHA-512:	B79D590919E1E257290B7BE0AD16666D0D99025B73B3E148AD0D1DBC8D9E57C16778F60A6BE85AD9AA56E7D57A280419CC31B8BC3FA77B2C89159BEEFECADBCB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.271257794412849
Encrypted:	false
SSDEEP:	6:YEQXJ2HXN0EkJoInZiQ0YaDoAvJfshHHrPeUkwRe9:YvXKXsoIc9sGUUUkee9
MD5:	6AAB72C7C243D4D7485CEBCB2B96BB82
SHA1:	9EFF979BA0B9D6EC751EBC077B81841B5DCF3587
SHA-256:	84C8D7F71FF1675EB9BC344B7122902E9E1B5A24BB12F825FDE0B3BEEB69A622
SHA-512:	FED9B3F3D628ED726CFFDCADA239136E36B3BE4365C66409D62503785337739C5C7E568E44A9D3897AD3CC4F9C8EC5311F46FCF65D916E7F1E9CAB4024C8E68A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.367381921302291
Encrypted:	false
SSDEEP:	12:YvXKXsoIc9sGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWGY:Yv6Xt9C168CgEXX5kcIfANhe
MD5:	AA2DFE10FF40413A08ADE80F6FF7B74A
SHA1:	A846A0BA384EF0B6BDA8BD03C56863AF4BA521CC
SHA-256:	A6646AD57BD99EF16838042CC92C80CA935CAB0EBE34C5E31E92D37137BB05E9
SHA-512:	22A3B26BB074C326E36F9D6A4C8BC444AB0953D2B60B75D130DF26CC1D7BA9F41091C6F446D0016D9CDD58BAE953A1097A0CA6A08D8746076192915A53B26548
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7efbd466-88f6-4fd8-ac99-f93336536400","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1714137375266,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713959625316}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.136531963143788
Encrypted:	false
SSDEEP:	48:YAa1lzWoboEwH9ul3wKBFiWQwzgPQnO1O2U9W3g:NoboEwH9ul3wKBFiWQfYn6OfW3g
MD5:	0E24348A087E29EF0D5FD30617AC91E1
SHA1:	AE0E0FEDE2037656AA1641BFD186A1D34B1111C0
SHA-256:	DA04089F227B5D3749B135533070C36D35EF23F505C5421E88487F56FF0B63C7
SHA-512:	6B29E20148CB42E9DD9FB83043BB3568F9A72D6CF97D1621D1BE7AB3730CFE504403FB3DA9CC9295E39E609EF48C46B193247DE3F28FE455941EFD0179470FF1
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3250892dcee9c6dfaf76740a1c8dfb44","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713959625000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"24ce49a3d9c3c9a48b26ee050ac368e3","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713959625000},{"id":"Edit_InApp_Aug2020","info":{"dg":"102a8e5d38bcb9ba469652409fb94353","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713959624000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"2aa64ba10b9a7d932212491fe4a0d65a","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713959624000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"7742e3d9fb3163c496a781f5ba11b1ff","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713959624000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"24c57711f5862f7530f6085c95f8d76d","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713959624000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1462750934274777
Encrypted:	false
SSDEEP:	24:TLhx/XYKQvGJF7urs3fUQZRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUO:TFl2GL7msvUsXc+XcGNFlRYIX2v3kiUy
MD5:	A03213286ED01100B38846B361F88005
SHA1:	A2255E7E604EEE7B08E8B995B625B317E9444F04
SHA-256:	F35BD0F9EFDF9B0238F2EAFF8AE9F8A01AA946E6A9EBB7100AB447014736074B
SHA-512:	582EBB671AA600999349DCBD49DA9E1935383B6395CA81A77DE8570513DDDB82AB41C8560801E240DA4372DD1736FA0521B7BD7081692B5B4C5954A896A95930
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.552483086042294
Encrypted:	false
SSDEEP:	24:7+tk4fUQZUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxmqLxx0:7MdUbXc+XcGNFlRYIX2vzqVl2GL7ms6
MD5:	B08CF0D555F78361F994D273353B6E56
SHA1:	D33DB746DB466B2024CD1D164311D0528CA6195C
SHA-256:	E6F0B4F0AF2A282ADA996B8C1A0B82B2FFB0808BA1B84A1E800BD007DC341015
SHA-512:	96687C302871D73F9C7E012DD7E8A5D55E807B6901CBAC663C9F82D227BB3D8CB351B68A70D612ED9EF93763CC80FD8B03446B01BCB57141DDAAAC51BEF8293D
Malicious:	false
Preview:	.... .c......h............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIc32a9.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.522811667751431
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aB:Qw946cPbiOxDlbYnuRKHF
MD5:	6680DC9F519EF0939BA6308BDEBE0993
SHA1:	563D4AB444AD9A92FAC764A634A41ACCE2C6A7AE
SHA-256:	F25387822DEABBC146759DA8F4CDE5299EE6D4860E01C8F2AA1A684D43A3F268
SHA-512:	3F298DBB9982F4EE13E8D3CC99C2F24A946558469B3615D959A9CB19DD866C21B85CF13524221D35177AF94A809219DF39D4746682F848DF273D350398667A59
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .1.3.:.5.3.:.4.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91mb2p0b_1lx7fp2_4zc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.023567066106634
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOvIqGhJqGhqmCSyAAO:IngVMre9T0HQIDmy9g06JXOxqmlX
MD5:	94794524342ED5D99B742BC57E59EAF0
SHA1:	709508D89070537A7AB86C384AA13639AA4F1F35
SHA-256:	429066651EF442320ACA19FB31C23C827596F970ED7A272DB12E5266FB2CAD8E
SHA-512:	3A8CD389992C78C73C522BF32C7ACDAE10AA681CAD7CA83D521E8AEC9C06992265414E1AEB6AB5ED603B9073E31582BA245FC280A915095B83E1B185B94231AE
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<3754D7F101D11D4CADEDA1B5FE3DB2B4><3754D7F101D11D4CADEDA1B5FE3DB2B4>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 13-53-40-864.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.338264912747007
Encrypted:	false
SSDEEP:	384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
MD5:	128A51060103D95314048C2F32A15C66
SHA1:	EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
SHA-256:	601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
SHA-512:	55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
Malicious:	false
Preview:	SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16587
Entropy (8bit):	5.363734387367229
Encrypted:	false
SSDEEP:	384:XKbXHX8t/t7tItPt8t5tJtet0g7gltnLxGxExmkMkzkzk2k/J92eLhL9LDeTppp4:T3pn
MD5:	05CA079E303614D62FF6153182471F49
SHA1:	AD168C004D748B7D293CA7C57220D2C21A18C99B
SHA-256:	AAE6D0E1BE2DB705603E64D6408B30040B8BF23BCCB64A76B6055A8160E36D5F
SHA-512:	34FA6A2E399285C41C4FD294478EF0B61AB36FA2E23B93520A569967F6284903B3A29F2B3A7430AD4CD47510A742E32E7FED65B6722BDEBCD9B9632555735A07
Malicious:	false
Preview:	SessionID=396c3efd-3e74-4cee-a836-11cce29fabf0.1713959620888 Timestamp=2024-04-24T13:53:40:888+0200 ThreadID=6308 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=396c3efd-3e74-4cee-a836-11cce29fabf0.1713959620888 Timestamp=2024-04-24T13:53:40:889+0200 ThreadID=6308 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=396c3efd-3e74-4cee-a836-11cce29fabf0.1713959620888 Timestamp=2024-04-24T13:53:40:889+0200 ThreadID=6308 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=396c3efd-3e74-4cee-a836-11cce29fabf0.1713959620888 Timestamp=2024-04-24T13:53:40:894+0200 ThreadID=6308 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=396c3efd-3e74-4cee-a836-11cce29fabf0.1713959620888 Timestamp=2024-04-24T13:53:40:894+0200 ThreadID=6308 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.39133997823613
Encrypted:	false
SSDEEP:	192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbKcbOI0Mcbr:V3fOCIdJDet05
MD5:	3EE735D6AF81D8BFB3BAF058A7C384F0
SHA1:	1BE70F6254389F2A0799C52C606EF98032D3FEF2
SHA-256:	1D9C99FF4D3A61951D5FD8AE23FB4F7CB04CB8D277DD4DF57409008BD7A8C579
SHA-512:	DEFE103A3DD60B015700791F162D4135A6ACFADCADAEFB81669B2F928230B7915E6234D28E91F3FDE276FF2938367D20BC406BDB09FB4473FDFFF738BE016B08
Malicious:	false
Preview:	05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\47a17638-72db-4013-aa9c-604254702905.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\628b1c09-5b93-46c1-96ed-e81fafd5c8e8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\a30c28b5-e1b1-45f1-b26f-d9cb5d789953.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\b397c953-7a95-451e-8513-b99f5c5983ab.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
MD5:	716C2C392DCD15C95BBD760EEBABFCD0
SHA1:	4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:	DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:	E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.7, 2 pages
Entropy (8bit):	7.767217007254646
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	VTL-1535.pdf
File size:	94'924 bytes
MD5:	22b84969b0a5b9b175542d9ee54cedee
SHA1:	6b57d5080f3d5960bfe9bf89ccd68d8fc6b2d792
SHA256:	6e7611dd2d06666bc97b347061883dfe2fe581b27915c1f3a5827bc62b5fef86
SHA512:	ac82555d85e6a0ee4c758fda582a824bd26e353fdce7cb44783495b7200e92032a0d6f0d21a6ef058f33613ba7b5d0e479a6755865eca48e143417c1c321654f
SSDEEP:	1536:RdJTX1p76huLvWB6huLvt0rR7Lv2Xf7c3OapNYhHxKd/l4p99:fJJYTs20ZviU1ooVMr
TLSH:	1B935824494C7CEED75697D60B1F7C1DB5AC7272F2D81621332CDB4207A4ABBA12B20E
File Content Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 23 0 R/MarkInfo<</Marked true>>/Metadata 392 0 R/ViewerPreferences 393 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 19 0 R] >>..endobj..3 0 obj..<</Type/Page/Paren

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.767217
Total Bytes:	94924
Stream Entropy:	7.942044
Stream Bytes:	81193
Entropy outside Streams:	4.461449
Bytes outside Streams:	13731
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	32
endobj	32
stream	9
endstream	9
xref	2
trailer	2
startxref	2
/Page	2
/Encrypt	0
/ObjStm	1
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
5	a4676b6b525a1451	b63b63a532f372998f17ded15df83d49
21	a4676b6b525a1451	b63b63a532f372998f17ded15df83d49

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6412, Parent PID: 4004

General

Target ID:	0
Start time:	13:53:37
Start date:	24/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\VTL-1535.pdf"
Imagebase:	0x7ff651090000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6548, Parent PID: 6412

General

Target ID:	2
Start time:	13:53:38
Start date:	24/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3004, Parent PID: 6548

General

Target ID:	4
Start time:	13:53:38
Start date:	24/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1720,i,2881297844661282025,9822932352563221621,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff70df30000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report VTL-1535.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\02013571-b65f-427f-a361-6f94831f9e9c.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424115343Z-168.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6456

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Windows Analysis Report
VTL-1535.pdf