Edit tour

Windows Analysis Report
VTL-1535.pdf

Overview

General Information

Sample name:	VTL-1535.pdf
Analysis ID:	1431067
MD5:	22b84969b0a5b9b175542d9ee54cedee
SHA1:	6b57d5080f3d5960bfe9bf89ccd68d8fc6b2d792
SHA256:	6e7611dd2d06666bc97b347061883dfe2fe581b27915c1f3a5827bc62b5fef86
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 744 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\VTL-1535.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7364 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7588 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1664,i,4466782792045461819,7950585252457877801,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winPDF@14/44@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 14-35-40-919.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\VTL-1535.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1664,i,4466782792045461819,7950585252457877801,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1664,i,4466782792045461819,7950585252457877801,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: VTL-1535.pdf	Initial sample: PDF keyword /JS count = 0
Source: VTL-1535.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9r70gdd_1def1zu_5k4.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9r70gdd_1def1zu_5k4.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: VTL-1535.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
VTL-1535.pdf	0%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431067
Start date and time:	2024-04-24 14:34:27 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	VTL-1535.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/44@0/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.61.208.184, 23.1.236.34, 23.1.236.16, 54.227.187.23, 52.202.204.11, 52.5.13.197, 23.22.254.206, 162.159.61.3, 172.64.41.3, 184.28.81.158, 184.28.81.142
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: VTL-1535.pdf

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.197093080520967
Encrypted:	false
SSDEEP:	6:v7Vq2Pwkn2nKuAl9OmbnIFUt8YrFYTgZmw+YrFYTIkwOwkn2nKuAl9OmbjLJ:BvYfHAahFUt8GH/+GV5JfHAaSJ
MD5:	C4CB809A7B7F1073FE082EB597753645
SHA1:	E37104A0ACE3F7CA3BE49B0A2247646865C7D24D
SHA-256:	430DB4B218B53DD4C79B5554811924D4960AD485BFDCE3D7ECF5A90FB2E46578
SHA-512:	5019BF9BC54783D8E2BF9832E5BE635596C9E56D2C580E4E95A6B4E995AF3E0485181898C98BF211E52A09CC5C6A31397FB93FCDF45720D51741E2B967093C1D
Malicious:	false
Reputation:	low
Preview:	2024/04/24-14:35:39.005 1d50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-14:35:39.006 1d50 Recovering log #3.2024/04/24-14:35:39.006 1d50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.197093080520967
Encrypted:	false
SSDEEP:	6:v7Vq2Pwkn2nKuAl9OmbnIFUt8YrFYTgZmw+YrFYTIkwOwkn2nKuAl9OmbjLJ:BvYfHAahFUt8GH/+GV5JfHAaSJ
MD5:	C4CB809A7B7F1073FE082EB597753645
SHA1:	E37104A0ACE3F7CA3BE49B0A2247646865C7D24D
SHA-256:	430DB4B218B53DD4C79B5554811924D4960AD485BFDCE3D7ECF5A90FB2E46578
SHA-512:	5019BF9BC54783D8E2BF9832E5BE635596C9E56D2C580E4E95A6B4E995AF3E0485181898C98BF211E52A09CC5C6A31397FB93FCDF45720D51741E2B967093C1D
Malicious:	false
Reputation:	low
Preview:	2024/04/24-14:35:39.005 1d50 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-14:35:39.006 1d50 Recovering log #3.2024/04/24-14:35:39.006 1d50 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.176996555546948
Encrypted:	false
SSDEEP:	6:vnUwE9+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YNQ2WZmw+YP9VkwOwkn2nKuAl9OmbX:8wE9+vYfHAa8uFUt8SQJ/+89V5JfHAaU
MD5:	DD5998AEAB4239CE6549A16CD24C257E
SHA1:	F1FC67BAABCF082AA751EB92705C0A8AA56CFE9F
SHA-256:	C8DC0C3997B9758670A212BDBF944BB8CFC7CCAB3837D5BCB894E9C9BD5205A3
SHA-512:	E8A3796D3B3D396A274DC1B75A7E98747673A6B8B56CC41247BD577FD42C1D9B64B6523CC98F0A4EEA108BBD757272D023217CC3FB80E18C1795644A56A0C41B
Malicious:	false
Reputation:	low
Preview:	2024/04/24-14:35:39.145 1e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-14:35:39.147 1e0c Recovering log #3.2024/04/24-14:35:39.148 1e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.176996555546948
Encrypted:	false
SSDEEP:	6:vnUwE9+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YNQ2WZmw+YP9VkwOwkn2nKuAl9OmbX:8wE9+vYfHAa8uFUt8SQJ/+89V5JfHAaU
MD5:	DD5998AEAB4239CE6549A16CD24C257E
SHA1:	F1FC67BAABCF082AA751EB92705C0A8AA56CFE9F
SHA-256:	C8DC0C3997B9758670A212BDBF944BB8CFC7CCAB3837D5BCB894E9C9BD5205A3
SHA-512:	E8A3796D3B3D396A274DC1B75A7E98747673A6B8B56CC41247BD577FD42C1D9B64B6523CC98F0A4EEA108BBD757272D023217CC3FB80E18C1795644A56A0C41B
Malicious:	false
Reputation:	low
Preview:	2024/04/24-14:35:39.145 1e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-14:35:39.147 1e0c Recovering log #3.2024/04/24-14:35:39.148 1e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.968015424318641
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZnsBdOg2Hncaq3QYiubInP7E4T3y:Y2sRds7dMHG3QYhbG7nby
MD5:	DF9954063ACE27A785B2A8593A2E99B8
SHA1:	65CB851B3C5BB8456D3CBC6D4BABE86D3BB37AE8
SHA-256:	FA8666477CAE0735AD6127CDBAA6634688A7D82E1C3C5A917A6047466C93361F
SHA-512:	0B1502637A0414852B6A801FC8B9621F803C3ED297A02A00106EA017A91FF244CA1274652C159815B870F4B1729BAB5DB31F23283CC7E6998D355FC02E663F5F
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358522150726847","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154878},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\cde6ff0b-477c-42ec-aa8b-03bff2c196bc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.968015424318641
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZnsBdOg2Hncaq3QYiubInP7E4T3y:Y2sRds7dMHG3QYhbG7nby
MD5:	DF9954063ACE27A785B2A8593A2E99B8
SHA1:	65CB851B3C5BB8456D3CBC6D4BABE86D3BB37AE8
SHA-256:	FA8666477CAE0735AD6127CDBAA6634688A7D82E1C3C5A917A6047466C93361F
SHA-512:	0B1502637A0414852B6A801FC8B9621F803C3ED297A02A00106EA017A91FF244CA1274652C159815B870F4B1729BAB5DB31F23283CC7E6998D355FC02E663F5F
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358522150726847","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154878},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.258801943704671
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7roeCZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goA
MD5:	D6C39C50727AC2BB3AEA7692D7196A27
SHA1:	EED9D1061EDA162E4C39F79396AFF8BAE8A65E6C
SHA-256:	95E0D9919B972A6BDA9EDD893E5B5056A34600BD3EA114851FBA712E1DA23114
SHA-512:	AAB14BE408CE93655AF4ECE1B0CF5B0C84648404F994178B4E987A897EA6E79214928ABC7F4167E63A81C9433B234B98F6D9AE0DFFFC90074B25BD488CE2AD3F
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.178868138714307
Encrypted:	false
SSDEEP:	6:vR09+q2Pwkn2nKuAl9OmbzNMxIFUt8YuPVE2WZmw+Y1E9VkwOwkn2nKuAl9OmbzE:O9+vYfHAa8jFUt8LP+J/+N9V5JfHAa8E
MD5:	98B37715F9888833A7D0FF919726398F
SHA1:	DB19E2B6877214835E8181253FE17734F968C49F
SHA-256:	F9D83815FD682A19A414082F257B01840B773A8BAC2D63FC93A41B60C11B2C8C
SHA-512:	84874D052E97379C09895CBF74710D3565FA0B287350BB75552A999FCF2E69107BABB96DA750FA3EE48F65A1A5E8014C43A768CFEDB311CB94618FC98168444D
Malicious:	false
Reputation:	low
Preview:	2024/04/24-14:35:39.514 1e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-14:35:39.528 1e0c Recovering log #3.2024/04/24-14:35:39.529 1e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.178868138714307
Encrypted:	false
SSDEEP:	6:vR09+q2Pwkn2nKuAl9OmbzNMxIFUt8YuPVE2WZmw+Y1E9VkwOwkn2nKuAl9OmbzE:O9+vYfHAa8jFUt8LP+J/+N9V5JfHAa8E
MD5:	98B37715F9888833A7D0FF919726398F
SHA1:	DB19E2B6877214835E8181253FE17734F968C49F
SHA-256:	F9D83815FD682A19A414082F257B01840B773A8BAC2D63FC93A41B60C11B2C8C
SHA-512:	84874D052E97379C09895CBF74710D3565FA0B287350BB75552A999FCF2E69107BABB96DA750FA3EE48F65A1A5E8014C43A768CFEDB311CB94618FC98168444D
Malicious:	false
Reputation:	low
Preview:	2024/04/24-14:35:39.514 1e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-14:35:39.528 1e0c Recovering log #3.2024/04/24-14:35:39.529 1e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424123543Z-170.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.7505174757137598
Encrypted:	false
SSDEEP:	192:iCXahjdtXo6CbwuPzQ5Tcq38bpOH03vG27v:LIdhCbwuLQtgOU3+27v
MD5:	A81728809BDFCC0C42912C2C5223A6A7
SHA1:	8B056D77CA9DCF483B1526C69CDB24C687D13564
SHA-256:	F7A0F77762A74E7A8CDC3FAEF68F09913293F79DB0D095EE830D52EC75A2B2DA
SHA-512:	5DDE77CE246393DAB8365F074366ACF161A5FBE99AFB1F7EB8B578C79EBB417207FC991D092E156B5F5D3ED060ECF3603844722D6E2925D1F87F597E44B0C05B
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.4453293634865885
Encrypted:	false
SSDEEP:	384:yezci5t4iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rfs3OazzU89UTTgUL
MD5:	5B7A3EBFA58F8B20C525E809F380CEE2
SHA1:	62855A4C0F5A124D482DE076D4640AAC94B844F3
SHA-256:	99FDB652EDFE00D4EDA26107B3F07B19101EC106E8D3C612B7C339DAE9458B28
SHA-512:	5FBA597866747BB9616BC647F4E7331B56DF453EAB12766C9F0515D955B1B19E9C216B116CDACCC236451869638BD68E71ACC66F6718AC3723F50CF64417D1E1
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7769778770579645
Encrypted:	false
SSDEEP:	48:7Mrp/E2ioyViioy9oWoy1Cwoy1+KOioy1noy1AYoy1Wioy1hioybioy8oy1noy1H:70pjuiFpXKQFlb9IVXEBodRBkF
MD5:	43C9D5AABEED25A30EDD8EB47232D722
SHA1:	4250659134FF2849EF9F848AF68187E435E66259
SHA-256:	85B93A67A9AEF0384B6E3F109DEE7A97E04A05F5B1FEFA344CDA02639E2D46CB
SHA-512:	049C6CAD25CC0DC605E54CE3BCD2C4A7AA0EC293F0AF3E75D2C4CD2C82808979A274D88E28A43BF708E0F915F2A212392FBEF9B55F1ED954B0A9E24C35A4473D
Malicious:	false
Reputation:	low
Preview:	.... .c......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7204

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.383054830138272
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJM3g98kUwPeUkwRe9:YvXKX1CvGbZc0vULsGMbLUkee9
MD5:	8EE7844B0204EA5D5C7C4CBEC420B7A4
SHA1:	5ABD528ECC982C800F0ACFC948CDB815AC9DBBF9
SHA-256:	B36C00B8D254DB3783D69FA90FC7AEFDBEF97BADE2A5BC466BBAC31F0B191F3B
SHA-512:	9CD1A23245BD6C08FA6971EF15F08D051FF19EACCDA1325C304FF2CFB7CD9D23C38AEEF60C378BE02A6D1D1E6FA02083A39744B9DE2AA0B5492F2B221E786C48
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.33561141999215
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJfBoTfXpnrPeUkwRe9:YvXKX1CvGbZc0vULsGWTfXcUkee9
MD5:	1C6A3D349FF093C14FF9D71888303F5E
SHA1:	73F157E6B965535FEA7C63540BBA0B19B41C8D44
SHA-256:	C61B3DE84DA108A593E346E88CA1CC8A3DEF0D7AB04C7588EF0070025F3DD2E7
SHA-512:	6AF404B88E633433C1C2F8912A4253C5D2BEC5DCC4D388F271A62C9F3F2826CB7BC44CD34F55E9BCD16D57B1E2656E95C834396ADE1DA70F46F2AE0E1641837B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.31401073886058
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJfBD2G6UpnrPeUkwRe9:YvXKX1CvGbZc0vULsGR22cUkee9
MD5:	C816F2CDAB5080FE44BCD571178D4831
SHA1:	5A941BD0120E117A7E349B65069EC082BA838789
SHA-256:	ECBC050AF0DC453ABCD879CC951661634A3FF5F7F27CEC0B3AE398CAF1B9A36A
SHA-512:	F156E2BD1397C036D6CC0074D0C0E5B4D0E5DC770F3DC22BADC15AF62F1B3E1B116F82FBAADBA4CB61B50662D9F72DBD9D2711D6B728CB7AFE18AD8B3B4842B2
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.370756264186804
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJfPmwrPeUkwRe9:YvXKX1CvGbZc0vULsGH56Ukee9
MD5:	D26C2A660D1D48C5ED3B80608BFF6610
SHA1:	2A0C820D21D8B08DB99635209659A46282C49407
SHA-256:	427F0A331E1FD48D69ED6ACA7144373DD04A7C3E41A8A807ADBF1073B31CA85D
SHA-512:	9DDB8EDC1B941EAE369C88EA18C99065DDBEC159F9A1E231D9439D039FE0A4A6D44D5972E5B2CBC88B9208901456272ED9D63E6240E8614399E0BF137FD6BA30
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.334118797064049
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJfJWCtMdPeUkwRe9:YvXKX1CvGbZc0vULsGBS8Ukee9
MD5:	AD0A2CC16A1849EDB762E743796FD7E9
SHA1:	D602013EEF8F173A64B0FF50E09F0F21115902E8
SHA-256:	FB69A67120311FF6235CB0E3499DFAE647C83B1A104E00C987AA08E1F05C68E9
SHA-512:	703C34B6E611456E66577070AAF53522F3FDF3ADB2339383A3B0F2DEC8E594C73205564DB10659E2429D200BE6EB088283384FB3C8FFBD49D6B46ED44E580ECA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.321149604238234
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJf8dPeUkwRe9:YvXKX1CvGbZc0vULsGU8Ukee9
MD5:	5A4CB2030E705542A6E165297BCE4315
SHA1:	9C62C77CB86DA2A011B8739A567228F5CBB4C210
SHA-256:	871FEF0F760B80AAA41E0D7AA6D1EA08C4A173991088375EF1853583880D5CFA
SHA-512:	81CCCC1B6AAB9ED17177C8073CC776CA291157E56DAB086AF9E4237263C8B763CB605CC859D0F0F5BA395307942E5117FE666E8B0FD2478CFDD9DB9DD9038132
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.3257235455802725
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJfQ1rPeUkwRe9:YvXKX1CvGbZc0vULsGY16Ukee9
MD5:	1BC6EB5B7CF725EE1B62238C6A686A93
SHA1:	29CFC944C03F70A5144A0D16BD761798F356BD57
SHA-256:	D8897E6F4A971A0C591EB374A4BC4C74A1C484C209E1E0A0384A1D419AAC403E
SHA-512:	4F83EE4FCC128B8C20B698D596CFB7BEE72ADA7FE4F8460E6B571FD60B3D1015E83E70444F814B0CB9649DF87473CE060E44DEFDD82C8B523B1A7438DB3DF727
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.332219162730972
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJfFldPeUkwRe9:YvXKX1CvGbZc0vULsGz8Ukee9
MD5:	9DD7493F838FA272B3ADDA25FCC17F97
SHA1:	9F85A56BD7EF5D8F5752AFE563926732DF8BE800
SHA-256:	2325493071E820E575F53A7BA6704F798FDBDC3EBCD14B45AE2B6F7D9E74C5AC
SHA-512:	15454D7720204D5896274726C536632C4B30702C633BF7C408A2399F98FB322670AF4E530C9A0408791223CF8489A483B5773B25FFB1536FD81C6801B158DD62
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.745580419358557
Encrypted:	false
SSDEEP:	24:Yv6X1CvOzvULUKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNez1:YvBvmcoEgigrNt0wSJn+ns8cvFJYh
MD5:	4496F5B6FB5A6B022F20D60525204826
SHA1:	CD10DD87BBE150443CE59D15D21FDDE79CA679C6
SHA-256:	BA8B2CFC604413BE775D360D2517BE3112D0866B74FB28EF6A12F8C7EC3CA6A7
SHA-512:	B2965EEAAA867C1C8EF5C89D491B9D932335713E85E23564377B58D5976B47EFE284CCA9DEE9032F588CB0CB1D69D36E7379BE0A1D2D14D93AF96A0451135E23
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3275462703667396
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJfYdPeUkwRe9:YvXKX1CvGbZc0vULsGg8Ukee9
MD5:	4A85CF465D5AF71552A14C0535B1E021
SHA1:	2C647267FBB1B70B63B56BAB0DEDAC56B5ED7BF8
SHA-256:	D12BC153D5A2BCBAF45D378F56869A9183E7B998D48CAC6B3D3D6CFD3DE2C421
SHA-512:	98E5C4EF9D6A656BC9A53B6489C92952D20043459449E844DC3B6258D3455E1D40F87B95953DFCED1A014639BADE611CAFF297511FA4F80D9378C9BEEB965C58
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.782106173845349
Encrypted:	false
SSDEEP:	24:Yv6X1CvOzvUL7rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGG:YvBvmcHHgDv3W2aYQfgB5OUupHrQ9FJT
MD5:	484AA7E697B1D9302BEBF3781ACF6459
SHA1:	282C8EF49DC849F17BC0A98EE5B556821378FB00
SHA-256:	026BA2E6B3525641A69AC3A4135680DE36B14CD509E1257145F804F5991D411C
SHA-512:	41E71C3A629977E12DB1241B7000326D65338D980C0B221C18E749A5DADF2EC45435D41697370B1B98E48E6B0753F2A7A8C2E8653B8D2160B52CFC71ED9BB791
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.310904046594783
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJfbPtdPeUkwRe9:YvXKX1CvGbZc0vULsGDV8Ukee9
MD5:	BDC376AA1509559BC469BEDA98923165
SHA1:	9B363D5998A3F9D473BB53460F024586DA93F73F
SHA-256:	E17BD39A14F431D840436704CEA1220B018957243549FDAD6D52741A111BC1BD
SHA-512:	C9F5A0C1E30EF533919AEDCF0944BAD81CC1172DF1B8620CC2C7B722F0E397E04B12E4218C61F7FF8EBF7452D1FC9770DFA26A9FEBB44D50F9CFE0ADC2063426
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.316232646336004
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJf21rPeUkwRe9:YvXKX1CvGbZc0vULsG+16Ukee9
MD5:	1DFA3E7C486EC217199422F9C81AA240
SHA1:	4FF7F610827127E91D7E88539AF9820E0280E1E3
SHA-256:	1E0CA5A5192C4B7954CE2D0C0271258987DDDF1C9098D4967911D846DE564B5D
SHA-512:	F12E1C17CEF3CFE8F2E1523A204D9974AFAB3FD8F130BD0DAD4822997E9037839C56428BB0F11DF24855601B6DBFD7AC4CD0760A46D68BEABDF4563F36F30AC9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.33377537608394
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJfbpatdPeUkwRe9:YvXKX1CvGbZc0vULsGVat8Ukee9
MD5:	961B9088BD6E37693ACFD71C0DF328B9
SHA1:	853BB60D732EDF0086B1E0094748D46E2D5666B2
SHA-256:	C1B3C5D28ECE38D6033056FC01C75E5B6B7CB98AA90555F998F46B2FE535A81E
SHA-512:	8DADDDC0C9B68328FE823147FF6528C258B4DF36CF75CCFD5861FC864E14FF0391B7D8E0DBB4732B18B8E2029CB798B8B57847B8B4AA23DA6BCE3B99D9D22BDA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.2933530204486825
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1cD3fGjXmVoZcg1vRcR0YBQ2DoAvJfshHHrPeUkwRe9:YvXKX1CvGbZc0vULsGUUUkee9
MD5:	BFC481BDE6A3B1B00A5D4C7A55324753
SHA1:	68B98C31B2439BE91967F3CD9A1F66E80E5E76E6
SHA-256:	A684E01E30309783D99AC1AE8299DE4DBD2482DC2CEC6F1B3BE4B054C4EA0A98
SHA-512:	780672CEE8B4856F15E79DA7D835117F4338BBF3887448155828D268AFCF5D963844A1118776C7A77B3DF887F72D281C15F1A8FC9AE3313BF3732875D69ED90D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.377597423030982
Encrypted:	false
SSDEEP:	12:YvXKX1CvGbZc0vULsGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKz1:Yv6X1CvOzvULC168CgEXX5kcIfANhBz1
MD5:	AC819A4A632CD63C92B7E21D94517BD2
SHA1:	455426DFB2FEE554C29657E19B2BB1594451EA8E
SHA-256:	52692AFB1621B523B043059B2D73AE083B6DE3668483EF2CB9A0698E791953E1
SHA-512:	005E632B6A24780FCF675AD925E5E2C3BAD0F5DC7F572DA1AE76BADF01835C5AEC02D25F5E616D0DDF93C6CF46D55751FC16921B957946E3D6A7984E5B23ED64
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"3880a963-684c-4a76-b3f8-752b837158ab","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139506061,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713962146098}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.140398642975479
Encrypted:	false
SSDEEP:	48:YxJKcOrYx3fh4gQvXx54bc6Hoz2G+6nK9xcx2Pg6W8HI9OWj9h:mgvUx3fh4gur4bnIzX+6nRxJ6W1OWj9h
MD5:	8D8E456E21CF1460A679E4C59D0397DC
SHA1:	197B16627CC8D5FFFDE359452D7F627471BF3EE4
SHA-256:	C4B5EC7100D27CC4CC4E98535D76DA7B57C85E87351BFAEF07D4E3333AD47350
SHA-512:	8F915AC79EC6F03872C751D13E637BBE83B402A564D4664B36F0CE1B41AE12506AD95E8E977F1430ED73B852094274FF5443206D77D3999A25C22DFF5C246C1E
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c4a804d6ac29c517f9b115c99ba2ec57","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713962145000},{"id":"Edit_InApp_Aug2020","info":{"dg":"faebb8f4ea2620ba5bbd16ad6827dfee","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713962145000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"c0a0832037cba7c9532646ca93051c8a","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713962145000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"15d44a16fa6aa1fdd06b896f025a4786","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713962145000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"bbe47dd4cdb81bec11c5f6fef3e846c0","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713962145000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"eb1189eb59fbec7f1fe43a331858c927","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713962145000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1873224299974618
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUOSvR9H9vxFGiDIAEkGVvp8:lNVmswUUUUUUUUO+FGSItI
MD5:	FAAE12B5042BC5F0D23F6AB4982E0A61
SHA1:	6EE2E8690EE18039C0AA7A997A6BF3F124A40CB4
SHA-256:	9A1C8783B8DB5527DFD1719D62230199D9F671BEB4C650517CB14A5C4288DB57
SHA-512:	1C7ED5270CB6813FAF68507571A8DD8CEE0571F809B4AFCF41ACDA798930016C6899673D9F5B709AFDF0D1A13CF50DBF047283E9F325297148BD4AC91365814C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6069871296816616
Encrypted:	false
SSDEEP:	48:7MeKUUUUUUUUUUcvR9H9vxFGiDIAEkGVvNqFl2GL7msu:7CUUUUUUUUUUsFGSItTKVmsu
MD5:	1C1CAB29E845E79692AE3DA9D73BFC03
SHA1:	4ECB3DC7DF417C6673BC77A53AB4F9257D32D36E
SHA-256:	00029280B122293ED18C4159B514F8527A187659469CFEAB52C80F7F86A81386
SHA-512:	33DFC6A8498C4E488AAC0367FCC079A9D4F9EAF4B82BA5A59511DE46A80047692BE10A0517A1861DD1C92D7DA7B3FC8377D34B0407B1F26FA36493D6F092E60F
Malicious:	false
Preview:	.... .c......../......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIf4c2d.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.524398495091119
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aRd6e:Qw946cPbiOxDlbYnuRKHz
MD5:	9D1A8B15E43C8303A900028E9DDC095E
SHA1:	1B7D5001D1C55726A353AE156ED1639F1B611978
SHA-256:	89507B6366190070E93C3B025697897A92E9A284D60213B27C442B8D7B902E77
SHA-512:	E7D2E25D9A98B6EB92AA0BF037DBE511BDAAF101A9C574556FE4975A59C0824BFDD8CB8F457749FC6C5F80972ECB5167A459EEB89764A46B5A9ED379CBF1E77D
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .1.4.:.3.5.:.4.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9r70gdd_1def1zu_5k4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.077618690959493
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOVonnkAMannnkAM+CSyAAO:IngVMre9T0HQIDmy9g06JXenLM6nLM+R
MD5:	502E6BC9241DD33964389FA3B82B99D2
SHA1:	763B6ABFB51668EEC2DC13B1749A3DB16574E69E
SHA-256:	FAD8B23BA3F390CD01047DC39E0DF31D4FDEB921537CCDDE4F0CD9A80A85C1F5
SHA-512:	827F3F08F4CB2DDA8EABB1748A7FD8EF4ACDD2A5FD233DBCEA1B05D4B84241D725AC0D111D36F76F5934D55E4A4EAEA6FE1F94BED86A57C7372CF4C43528593A
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<49D43F6CCDBBB34EAD361DFC277BE08C><49D43F6CCDBBB34EAD361DFC277BE08C>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 14-35-40-919.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.372167109654566
Encrypted:	false
SSDEEP:	384:WsdRMRRQd8oVYL7OP7t2ttj6j7YbUrfOe5H0A8ayvC625sskX/7i5ijqkCbAVt9g:WYz885
MD5:	0F02CF4BF4051EDCD34290B6E86CE579
SHA1:	189599051860819C350AB45AEF53CD46A6FD5D75
SHA-256:	03E2101AD959D6D6EBE82D8CDB8D7D00485E57A5CA975C1C094CAE147D452572
SHA-512:	94B33213C64ACF8AA547AB3F2DBE12E6017C6E5DD94195F8DDE0B18AFB8F50887718035CC2072519A816DD0521E9FBAACF877EC8DE95BD7B5551690DAC934C96
Malicious:	false
Preview:	SessionID=6c5caed8-935e-4abc-8494-7c210f1cbb17.1713962140943 Timestamp=2024-04-24T14:35:40:943+0200 ThreadID=7356 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=6c5caed8-935e-4abc-8494-7c210f1cbb17.1713962140943 Timestamp=2024-04-24T14:35:40:967+0200 ThreadID=7356 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=6c5caed8-935e-4abc-8494-7c210f1cbb17.1713962140943 Timestamp=2024-04-24T14:35:40:967+0200 ThreadID=7356 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=6c5caed8-935e-4abc-8494-7c210f1cbb17.1713962140943 Timestamp=2024-04-24T14:35:40:967+0200 ThreadID=7356 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=6c5caed8-935e-4abc-8494-7c210f1cbb17.1713962140943 Timestamp=2024-04-24T14:35:40:967+0200 ThreadID=7356 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.382020423432386
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2ru:S
MD5:	638B945FAA33114DB679BA0523E53B75
SHA1:	46249DE1CC58E35F8FA46A31F378A0BF373C68DE
SHA-256:	81C90A13BAEB617E99489CFA72B99BA8B59AE51B54B4EC4DC9AD04245CD4AE30
SHA-512:	87317685A018EBF2022B17E2FF3975D99610D892C63A46F8CB236AEACE03AD461A7F538B4DC46B58883D19914D544DEACFBF79A72A2A30E52C8B7B5647DA89E6
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\2c0d288c-7239-4746-962b-8f13a7b8f7c8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\44aeca13-ec9c-4948-a428-921e585fdf71.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\7815b66f-e24f-4f8d-aae4-b61faa20c717.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\9012edc7-4b18-42a0-89ae-fe052b5ea6bc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru
MD5:	AE1E8A5D3E7B2198980A0CA16DE5F3D3
SHA1:	A1DB2C58AFC81E6A114A8EB47BE0243956F79460
SHA-256:	8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
SHA-512:	5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.7, 2 pages
Entropy (8bit):	7.767217007254646
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	VTL-1535.pdf
File size:	94'924 bytes
MD5:	22b84969b0a5b9b175542d9ee54cedee
SHA1:	6b57d5080f3d5960bfe9bf89ccd68d8fc6b2d792
SHA256:	6e7611dd2d06666bc97b347061883dfe2fe581b27915c1f3a5827bc62b5fef86
SHA512:	ac82555d85e6a0ee4c758fda582a824bd26e353fdce7cb44783495b7200e92032a0d6f0d21a6ef058f33613ba7b5d0e479a6755865eca48e143417c1c321654f
SSDEEP:	1536:RdJTX1p76huLvWB6huLvt0rR7Lv2Xf7c3OapNYhHxKd/l4p99:fJJYTs20ZviU1ooVMr
TLSH:	1B935824494C7CEED75697D60B1F7C1DB5AC7272F2D81621332CDB4207A4ABBA12B20E
File Content Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 23 0 R/MarkInfo<</Marked true>>/Metadata 392 0 R/ViewerPreferences 393 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 19 0 R] >>..endobj..3 0 obj..<</Type/Page/Paren

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.767217
Total Bytes:	94924
Stream Entropy:	7.942044
Stream Bytes:	81193
Entropy outside Streams:	4.461449
Bytes outside Streams:	13731
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	32
endobj	32
stream	9
endstream	9
xref	2
trailer	2
startxref	2
/Page	2
/Encrypt	0
/ObjStm	1
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
5	a4676b6b525a1451	b63b63a532f372998f17ded15df83d49
21	a4676b6b525a1451	b63b63a532f372998f17ded15df83d49

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 744, Parent PID: 2580

General

Target ID:	0
Start time:	14:35:37
Start date:	24/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\VTL-1535.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7364, Parent PID: 744

General

Target ID:	2
Start time:	14:35:38
Start date:	24/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7588, Parent PID: 7364

General

Target ID:	4
Start time:	14:35:39
Start date:	24/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1664,i,4466782792045461819,7950585252457877801,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report VTL-1535.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\cde6ff0b-477c-42ec-aa8b-03bff2c196bc.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424123543Z-170.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7204

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Windows Analysis Report
VTL-1535.pdf