Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
INVOICE 135658-01 04_17_24 08_19_23 422.PDF

Overview

General Information

Sample name:INVOICE 135658-01 04_17_24 08_19_23 422.PDF
Analysis ID:1431080
MD5:8b179c7d9c4def7dff212f7fc1530d9d
SHA1:202d0211391244ac7ed74c7880def34a8f5a1624
SHA256:523491fc16aed3938f9d74b19ca5d73abe72cecf085cdabbefd0a75d8740a704
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Phishing site detected (based on OCR NLP Model)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7056 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\INVOICE 135658-01 04_17_24 08_19_23 422.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5076 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7240 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1604,i,13522873780708684326,15572357352614556485,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Adobe Acrobat PDFML Model on OCR Text: Matched 87.6% probability on "Phone: O Fax: z Terms: Due Date: Price Extension Quantity Item Number Rev Description Pack Slip# Ship Date PO Number Order Date FOB Ship Via * *Any and all disputes of amounts billed mus be raise within thirty days of the invoice date. Disputes beyond this point will not be honored.** Subtotal: WIRE/ACH CHECKS Tax: Freight: Total: This invoice has been produced electronically and is valid without signature. Thank You "
Source: classification engineClassification label: clean0.winPDF@15/43@0/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.332Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 14-47-03-284.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\INVOICE 135658-01 04_17_24 08_19_23 422.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1604,i,13522873780708684326,15572357352614556485,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1604,i,13522873780708684326,15572357352614556485,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: INVOICE 135658-01 04_17_24 08_19_23 422.PDFInitial sample: PDF keyword /JS count = 0
Source: INVOICE 135658-01 04_17_24 08_19_23 422.PDFInitial sample: PDF keyword /JavaScript count = 0
Source: INVOICE 135658-01 04_17_24 08_19_23 422.PDFInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431080 Sample: INVOICE 135658-01 04_17_24 ... Startdate: 24/04/2024 Architecture: WINDOWS Score: 0 6 Acrobat.exe 20 77 2->6         started        process3 8 AcroCEF.exe 119 6->8         started        process4 10 AcroCEF.exe 2 8->10         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1431080
Start date and time:2024-04-24 14:46:06 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 7s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:INVOICE 135658-01 04_17_24 08_19_23 422.PDF
Detection:CLEAN
Classification:clean0.winPDF@15/43@0/0
Cookbook Comments:
  • Found application associated with file extension: .PDF
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.3.84.164, 107.22.247.231, 18.207.85.246, 54.144.73.197, 34.193.227.236, 23.219.38.26, 23.219.38.58, 162.159.61.3, 172.64.41.3, 23.219.38.57, 23.219.38.56, 23.219.38.48, 23.219.38.50, 23.1.236.34, 23.1.236.16, 23.219.38.35, 23.219.38.51, 23.219.38.32, 23.219.38.34, 23.219.38.19, 23.219.38.33
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):289
Entropy (8bit):5.1869308279605
Encrypted:false
SSDEEP:6:gMM+q2Pwkn2nKuAl9OmbnIFUt8fZZmw+YFcMVkwOwkn2nKuAl9OmbjLJ:gN+vYfHAahFUt8fZ/+q9V5JfHAaSJ
MD5:D75ED9B8AAA894883E0F75BE1756CAB4
SHA1:4833DDBBFB2A52DB08D4C945515E9E158A9A6549
SHA-256:7529636862A8213680C9AE2A012EE56F20292C7BD997582BF39D8D4175927420
SHA-512:B18807C61043D734CB50E39455B2F1A4522A06D820379564E8297EACCA5A0BA37B833131DD138C020911C36172FE7FCCDFC05AEF8DCEEC37A6F7081FB0CB9F2E
Malicious:false
Reputation:low
Preview:2024/04/24-14:47:01.058 b1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-14:47:01.058 b1c Recovering log #3.2024/04/24-14:47:01.059 b1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):289
Entropy (8bit):5.1869308279605
Encrypted:false
SSDEEP:6:gMM+q2Pwkn2nKuAl9OmbnIFUt8fZZmw+YFcMVkwOwkn2nKuAl9OmbjLJ:gN+vYfHAahFUt8fZ/+q9V5JfHAaSJ
MD5:D75ED9B8AAA894883E0F75BE1756CAB4
SHA1:4833DDBBFB2A52DB08D4C945515E9E158A9A6549
SHA-256:7529636862A8213680C9AE2A012EE56F20292C7BD997582BF39D8D4175927420
SHA-512:B18807C61043D734CB50E39455B2F1A4522A06D820379564E8297EACCA5A0BA37B833131DD138C020911C36172FE7FCCDFC05AEF8DCEEC37A6F7081FB0CB9F2E
Malicious:false
Reputation:low
Preview:2024/04/24-14:47:01.058 b1c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-14:47:01.058 b1c Recovering log #3.2024/04/24-14:47:01.059 b1c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):336
Entropy (8bit):5.166618031261816
Encrypted:false
SSDEEP:6:MuoL+q2Pwkn2nKuAl9Ombzo2jMGIFUt8WU+1Zmw+WUoLVkwOwkn2nKuAl9Ombzos:MuoL+vYfHAa8uFUt8k/+ELV5JfHAa8RJ
MD5:0026E833F08A8FADF1B9F06BEBD89E9C
SHA1:6CC4BD2C83B9EBD3CE8B4414B3F1B67950BA2CC8
SHA-256:6F6BD8E9DE6CAA7FD6D9B104CFFE81A79A1CC80573EECAEB7795B53BA98525CA
SHA-512:6DABE5F9824C8393035A69CDF4132D382B63D1B60300C97D34F3C3A1E7DA6670DE7D7283C880D611D2FE1603FC0494762DE3B3DAA449A82D6ADEA5D86F2263D9
Malicious:false
Reputation:low
Preview:2024/04/24-14:47:01.085 1c7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-14:47:01.086 1c7c Recovering log #3.2024/04/24-14:47:01.086 1c7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):336
Entropy (8bit):5.166618031261816
Encrypted:false
SSDEEP:6:MuoL+q2Pwkn2nKuAl9Ombzo2jMGIFUt8WU+1Zmw+WUoLVkwOwkn2nKuAl9Ombzos:MuoL+vYfHAa8uFUt8k/+ELV5JfHAa8RJ
MD5:0026E833F08A8FADF1B9F06BEBD89E9C
SHA1:6CC4BD2C83B9EBD3CE8B4414B3F1B67950BA2CC8
SHA-256:6F6BD8E9DE6CAA7FD6D9B104CFFE81A79A1CC80573EECAEB7795B53BA98525CA
SHA-512:6DABE5F9824C8393035A69CDF4132D382B63D1B60300C97D34F3C3A1E7DA6670DE7D7283C880D611D2FE1603FC0494762DE3B3DAA449A82D6ADEA5D86F2263D9
Malicious:false
Reputation:low
Preview:2024/04/24-14:47:01.085 1c7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-14:47:01.086 1c7c Recovering log #3.2024/04/24-14:47:01.086 1c7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\464fa6b2-750d-41ff-96b7-511bb7f655a1.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):475
Entropy (8bit):4.96509579916514
Encrypted:false
SSDEEP:12:YH/um3RA8sqZksBdOg2HAcaq3QYiubInP7E4T3y:Y2sRds2dMHr3QYhbG7nby
MD5:3426F540646EF0285D2AF302664C708D
SHA1:799824C0650ECE7A2A0A5AD4CEC66F92DBC14F82
SHA-256:50546C83B9369FE56C1737B4A8E166B6C26F159285D38C06EC2AB56AE76ACB73
SHA-512:5EAD311C3BCBEB25428BE532AE937312A90624A72A899D63B034F1A1E94E80613207EA0CD6A0AA569B7902057832C0526C4975375AE57B063FE4D7668B774469
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358522833112089","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154763},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):475
Entropy (8bit):4.96509579916514
Encrypted:false
SSDEEP:12:YH/um3RA8sqZksBdOg2HAcaq3QYiubInP7E4T3y:Y2sRds2dMHr3QYhbG7nby
MD5:3426F540646EF0285D2AF302664C708D
SHA1:799824C0650ECE7A2A0A5AD4CEC66F92DBC14F82
SHA-256:50546C83B9369FE56C1737B4A8E166B6C26F159285D38C06EC2AB56AE76ACB73
SHA-512:5EAD311C3BCBEB25428BE532AE937312A90624A72A899D63B034F1A1E94E80613207EA0CD6A0AA569B7902057832C0526C4975375AE57B063FE4D7668B774469
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358522833112089","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":154763},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):4443
Entropy (8bit):5.256994717579897
Encrypted:false
SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7EcbD6:etJCV4FiN/jTN/2r8Mta02fEhgO73goc
MD5:358CC3BDAE5CCCB8D53E54034206385C
SHA1:B186603644ED6C06928D0EFE1ADA467607138099
SHA-256:28C41B9CCA295362D666D1FC6C3F615F1350E7828637B8FCF43A27811BA4712B
SHA-512:09349163EC0148A071AAEEB46453490747CF1613DF29DEE40382536ABF5EB3DADCB1B7A0EA5A774EDF3436974C63319271DFEB77AE3ADF5EC5F09F4733578749
Malicious:false
Reputation:low
Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):324
Entropy (8bit):5.167820336917319
Encrypted:false
SSDEEP:6:HYL+q2Pwkn2nKuAl9OmbzNMxIFUt82811Zmw+gzLVkwOwkn2nKuAl9OmbzNMFLJ:HYL+vYfHAa8jFUt8v/+uLV5JfHAa84J
MD5:830502EEE13D16E36B35C31DB12B149D
SHA1:C1B89A5C69C8A1A9FD3ACA47F0C676EF374DB22B
SHA-256:087241EC856184DC3495AD9B0A98D9C71DDEB382CB5BDE48E719EF32F910C677
SHA-512:3415C68E93B446C894B12DC3EF14D9C846A674177DD8C49D219588882376FDC465E9245A8C181F29C066B310BB418FC89710151C1E56CB64A9DAF591A09FDA3F
Malicious:false
Reputation:low
Preview:2024/04/24-14:47:01.533 1c7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-14:47:01.542 1c7c Recovering log #3.2024/04/24-14:47:01.567 1c7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):324
Entropy (8bit):5.167820336917319
Encrypted:false
SSDEEP:6:HYL+q2Pwkn2nKuAl9OmbzNMxIFUt82811Zmw+gzLVkwOwkn2nKuAl9OmbzNMFLJ:HYL+vYfHAa8jFUt8v/+uLV5JfHAa84J
MD5:830502EEE13D16E36B35C31DB12B149D
SHA1:C1B89A5C69C8A1A9FD3ACA47F0C676EF374DB22B
SHA-256:087241EC856184DC3495AD9B0A98D9C71DDEB382CB5BDE48E719EF32F910C677
SHA-512:3415C68E93B446C894B12DC3EF14D9C846A674177DD8C49D219588882376FDC465E9245A8C181F29C066B310BB418FC89710151C1E56CB64A9DAF591A09FDA3F
Malicious:false
Reputation:low
Preview:2024/04/24-14:47:01.533 1c7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-14:47:01.542 1c7c Recovering log #3.2024/04/24-14:47:01.567 1c7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424124705Z-158.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:dropped
Size (bytes):71190
Entropy (8bit):1.1055354227982366
Encrypted:false
SSDEEP:48:T+t9M79QdiGyu3zyoVIIpXURan1aWp7ibvMy6MItMMM5MISG4bXsb1HtTKHu:CfM78iGv1pXFnQWQ4MItMMM5MIRKHu
MD5:1D11ABBFFC9A9741CE5E5D9B7FF47852
SHA1:F0F9DC6662EDCFA62766E2919675C3EB211C519A
SHA-256:EFCDF92457469AF5EA2031FF3EE86CDB6DA6F38D4131A6C8BFC0900E91BB2AC9
SHA-512:5C45B74256B5D9783FF88BA406087A144076ACC4FD4160CFC0CD89DC19CA2065C56C10352758C20E9D2FBB97FDB2A375109A9A58DE408E1439202249DD8FA8C5
Malicious:false
Reputation:low
Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:dropped
Size (bytes):86016
Entropy (8bit):4.445276158233256
Encrypted:false
SSDEEP:384:yezci5tbiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rYs3OazzU89UTTgUL
MD5:DAB1E3D445B846C743763B31A0CFD328
SHA1:75A8952F1CC5E6140CBB5C4228D36C2248E6F205
SHA-256:CF5D74DDF716C97BA71EE3790AA38E4EE87A601E015B71E7FB26E9B62DF38593
SHA-512:7E1B8432C18FD5698B1CE5F1D416B6E5B2F30686C4BB37615A129816150CA1E6F4C9F9D3FFF512941E88624CF8B5FB969FEFAF606D5D85716EBCB5639DFBB363
Malicious:false
Reputation:low
Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):3.7764545683067863
Encrypted:false
SSDEEP:48:7M7p/E2ioyVVioy9oWoy1Cwoy1dKOioy1noy1AYoy1Wioy1hioybioytoy1noy1D:70pjuVFIXKQ00b9IVXEBodRBki
MD5:6DE0CD533DC29C32F47B64B27099B255
SHA1:4C5FF0B78EDCA4193C80ECEEA28073FE3BA22EF2
SHA-256:A50A2BBC271BFB351B881134C0519C5EBE06A6B262EB55E46FBEFF9A50142123
SHA-512:C291BFD04BE0D3820389F5EFCA1D97F6E7377AB446CC7DB6A9EAF3CBFD16378B241EEF4DF4F1A5006998CBF2A321CF6205D37B2888F0ED04FA610C9E20847094
Malicious:false
Reputation:low
Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.332

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):185099
Entropy (8bit):5.182478651346149
Encrypted:false
SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):185099
Entropy (8bit):5.182478651346149
Encrypted:false
SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.387906541530667
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJM3g98kUwPeUkwRe9:YvXKX76OtZc0vCnGMbLUkee9
MD5:8EC8DD7DBD7582F1540CED0D2897926E
SHA1:E22CF9B4960437E2BA86240402CDDC9837462F42
SHA-256:B327B10E3772450B4A961C5872EF03A2D559E2AE70862BE0592E6C825B0AD367
SHA-512:79DDA14DF8045171E96D23B0DF705B577B7EB586C3FE7A0CC39B9C7F83A04E07E9E6C90297B41DC2F777FF1BD69DE4AC1D59537791DD28379B43C9B7337B2606
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.340201326578247
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJfBoTfXpnrPeUkwRe9:YvXKX76OtZc0vCnGWTfXcUkee9
MD5:D080184A44FBD68F3C36A082AE0F604E
SHA1:8ABF23361FFF9B900A01CFC67A9E0857E9A05EB7
SHA-256:03F27A19A7BD603F630F073FD4FE52CF362B43ADC6060A7A905D440E8894365B
SHA-512:5E222E960B6EA6F5337237F975294248A2CE5B0B087C39A6F2B80A9AE5FDB1C0C0B305F1761FCFCF0AF30BE7D5E4C49965AB342339669A8EEC8528D6FECF3F40
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.319092179189004
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJfBD2G6UpnrPeUkwRe9:YvXKX76OtZc0vCnGR22cUkee9
MD5:D35581F6DBA204F1091EE270979BD559
SHA1:DABA319F91CBBF8F704E1521E6D7D8065E316DD7
SHA-256:3CCE3F80E3DAB4120CC790DE26459EA25D90A7BB5FFCD3AD7EFCA847F53DEE51
SHA-512:10851F1BAB2E8768472B235AD4125D0D2E250B6B50FA6F36D49CE03B0A6BC9D49BCA906FC6FAB1623FF27DDEB9BD52C7233EF6DA5C0841E703E8AD2A816BD957
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):285
Entropy (8bit):5.375778211066651
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJfPmwrPeUkwRe9:YvXKX76OtZc0vCnGH56Ukee9
MD5:CA9905B6D3867E7477B27DDE39A41969
SHA1:35C983CADD66B66F3F3156CCE07D7C0DD59E4E24
SHA-256:C8DC5A70102788A690E1B842BD11BCDEF32B9CF037B25FFB859D2E664F35C643
SHA-512:15B45A26BAEB353FAF5BA4E37BB951B98A8EB434F5F808773148E5BBBAE268712403681FBF61EDED3CDC7A981C6869EC46BA553DE2D036CC56944CAE683E2811
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.33701953425822
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJfJWCtMdPeUkwRe9:YvXKX76OtZc0vCnGBS8Ukee9
MD5:AD3A445D42EEBAA7303957BEF053A23E
SHA1:83C8E621DA8CA01842BE6D87CA998DBDB581E846
SHA-256:7EF3E34A8456BA1C82976061E06FF151E043173789D56F4A32138D1F2E625545
SHA-512:037DC05CB20D83FF62690CE9130BA2C6A3136932321BA2FD0463254D5CB04FC7788E09373B656FA5F97B94A0FF8C20EEE2E33FAAA10ABA74761B54E4149C6D8B
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.324636269233424
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJf8dPeUkwRe9:YvXKX76OtZc0vCnGU8Ukee9
MD5:D59F22E181A9F2F9B8B7A23051A82134
SHA1:2817EEE36667708DBB2953B2CA36910563A5F217
SHA-256:05E842061395FB5ED1C8C01DEB51086350574A3BCC64B5898ECB1C12F7B4C57F
SHA-512:3AA148FBEFCA6241E6E7FC8DFA5DBA8E0CAB188620D3B572C7192A6503314DF5203817F0593818F6BF0DD85F4250B93B00D8F497A181186E20E2D5889C6EBA84
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.328244965046798
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJfQ1rPeUkwRe9:YvXKX76OtZc0vCnGY16Ukee9
MD5:C43B28E2E0B79BD2816C23CCA1D937B6
SHA1:B6C3909610C2B7EB7D97CEE719A84C95B2D038B1
SHA-256:F8C3DB5A4A5043DC8E69E8FB911B2FA0B06569F5F7FA38A7916940CF5B6E704B
SHA-512:D06C5B29A0208599984BF261C4346B48EAA360F243B01261A242EF59E177ADBCBB3C13EA06F2D3EC2FF1BD450EEB08FC768F9CFD6AFC84CC3FE79966DBC2F9A7
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.3320475997844605
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJfFldPeUkwRe9:YvXKX76OtZc0vCnGz8Ukee9
MD5:1429A4FFA82818867CA84F1DFC93F3A6
SHA1:D34F675124F2304A0C1FAE45B41AE543CAC57640
SHA-256:0AB0E4FA9BE4AA5171D61DF21A01E85F3577CAB49FA59D7BBE365D6B00683A0A
SHA-512:70DA68AFC37CE25D83F25D9B7400510C3C4083400164638E344319B578D8FD7384D22CF229FAD67F3E740193C2938937B6BCCE6381C459D57E9E7BA562CD04DB
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1372
Entropy (8bit):5.743060932745491
Encrypted:false
SSDEEP:24:Yv6X7tzvC/KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNee1:Yvsx6/EgigrNt0wSJn+ns8cvFJYe1
MD5:C2C3ACD808B48680DB0F519EF5F088B2
SHA1:F79AF66A349AC7E7C090B0402807E67A76C79724
SHA-256:AA89257B8469CB3BA2F73AE0A52054004C5B26502898605E73FBE186C39B28AF
SHA-512:5987D4EB26AA02D47F755AD329939D80EEB0D7DBE513B724217432F35DD519B0607E34704FC27DCA5B79D70C046B391CA22BDD2E106C2B328DD18EB0D35421F1
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.330477119019673
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJfYdPeUkwRe9:YvXKX76OtZc0vCnGg8Ukee9
MD5:5D3D9C24B976E66226B3F7D563DA87FB
SHA1:546EF0C9CBCCE763FC2D900FF712DD033BEA2A28
SHA-256:3D6672AA540B8B3AB852ACBDE59DCAF1013144BE29C210842C75D8CFD2E35207
SHA-512:DE3F1DC1F86E6ACAB8F849EB73AD4487BFA3DC86D75BF89E36DE31BAD2806AF0F68142F74DCD5C9F197057CCFBC2B9474897B8A6886FC80EC24F864F9C39C72B
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1395
Entropy (8bit):5.780214050668082
Encrypted:false
SSDEEP:24:Yv6X7tzvCCrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGe1:Yvsx6CHgDv3W2aYQfgB5OUupHrQ9FJU4
MD5:84948D13BA42CDCD915C487E405A2D41
SHA1:6047CC9E77FEF19C966282C72F2FD89F56DC16F0
SHA-256:820597202212A6A3D090EFCBD03DEE10109916E1DE9FE1C7363C79CF1833C427
SHA-512:FE89680A34DB8E283ED43DA3DFD6CC8F195F6FA2C52DA1135A44DAD5ED35C05A08A0C349020DC3FAC4043A3463F4FC7FD18CEE7D301B2E56522C8739B00598D1
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):291
Entropy (8bit):5.313814751958006
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJfbPtdPeUkwRe9:YvXKX76OtZc0vCnGDV8Ukee9
MD5:D84AA9E5FA8BEBB1EC0C9E9D6DD4814D
SHA1:FB55221C3210C78F676390ACF306FED97FDF2C7E
SHA-256:4BB5A40D444FE948848BEC8AB2E58BE026FD4AC54365495A49F52AC33D4B3401
SHA-512:4FCF1462D03BCF70D9DD21698F89CA8E4165757DDDD2851809FD473109AF7B9406E3093F85DA83465AB7809ED520CC34EA803607A7EE223ADF7309A5937C117D
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):287
Entropy (8bit):5.3182383033440646
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJf21rPeUkwRe9:YvXKX76OtZc0vCnG+16Ukee9
MD5:6B5E6314A544C7EDD600E1ACCE51E601
SHA1:F5A102C2921E75192EA1E44737C17F0D9405815E
SHA-256:F0B9C7B9AC5E9F26E1401F32EB4F1B452CD4B6A4B7647590E07284FB6ADB2DA5
SHA-512:3398746A42D916F8A19567F6C44ACFD76431F792AF0FFDC42011190A5A61E73AABBE845416394EBDFB23E373E4B447E1BC80F8E900C21E22AFE33DDB15BE2857
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.336706224736874
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJfbpatdPeUkwRe9:YvXKX76OtZc0vCnGVat8Ukee9
MD5:BFEF71BAFB3CCB69E98320B2873F16F4
SHA1:6215590E6AA4A61DB2785F468B9B934A639A035D
SHA-256:3351BD77C0D80708ECBA6CBE5A30E7FFA9666AA6C4459086819D3972B762817F
SHA-512:1D25B0737A9667BE980871134751AD904D03F341BA4A56BDC2DDFB3BF5ABAD178322195588EAB8692A897DE175893301BA71017D23C8D0DAD546550C99CF1143
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):286
Entropy (8bit):5.293179657890844
Encrypted:false
SSDEEP:6:YEQXJ2HX7VgOsVoZcg1vRcR0Y3RUoAvJfshHHrPeUkwRe9:YvXKX76OtZc0vCnGUUUkee9
MD5:AA08920AA34135F051CEA73DE79923B8
SHA1:1B0644F5C0030CC91F6A0E73FC20387FCA8EF44F
SHA-256:46F39D46B07BFE9B4CD20484695274DCB0B68B4B47E97B19B4717A8834DC44BB
SHA-512:DF7FE3194B304EE080D4C19C84DE3FD9D2015FAD4F40EF2DCC00EDB3D5739D8375D6F3C8BD8F558907E4ED155A72A0571FE528918CB75DE8FBBD3C3A6182FC71
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):782
Entropy (8bit):5.376180356545225
Encrypted:false
SSDEEP:12:YvXKX76OtZc0vCnGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKe1:Yv6X7tzvCn168CgEXX5kcIfANhBe1
MD5:6728680F5847240024693C499FA6D59F
SHA1:D2D09F19737B75C3129B72CBF1643C9F2A19B6F0
SHA-256:316B51E9E8308DEBC8A66846C889F97B88CAD539F0923E49B22EBA53DF50A15C
SHA-512:35CE9C43675350C8F5B5063ED1600FC49231623780D762F1E7A912AA27C9E7AABB70393D6E885350E9DBDA495EF811B5E870058BB15DD80CE3757F2EA694BBF4
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ddb91040-781d-44b9-9301-6f8f83f77370","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714139227277,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713962827307}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:3:e:e
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2814
Entropy (8bit):5.138718430679621
Encrypted:false
SSDEEP:48:YVS1JdO1lggktRSZHRwnDh6p2JPc1rWYqh9OcWZv:YSDk1lggktRSZHRwnd6pQU1rWL/OcWZv
MD5:83D5A3404F0CCE731470FA407FD242E0
SHA1:7D54490544E7B9A6AAEDA81E43334EE731419661
SHA-256:22663DF4622DCA0D1B314B74067B433FD68B2594B6D4359D8D17F4CACA7196A1
SHA-512:F308B49D0E7D4D1C147F6684413CD4C000A7FFF2A6A2228924D0379AD19E33645C7E69474906BD81A5953166D6AABC2B0AF4B26548635D439EA3B98984365929
Malicious:false
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"67cafdef561eecc8591fb5e1538053e8","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713962826000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"e091f1c5313838eb6f851a324fbbbd51","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713962826000},{"id":"Edit_InApp_Aug2020","info":{"dg":"6b63f0aac5c8f3bdd6b58368d3393293","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713962826000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"2e7b530b68cb958be7c86fda89854b82","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713962826000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"7d6184cc0789db24a4c51cd962d5a5d7","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713962826000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"dc321cd0fc368b73c4d333ed5b90eb0c","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713962826000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:dropped
Size (bytes):12288
Entropy (8bit):1.187796128310411
Encrypted:false
SSDEEP:48:TGufl2GL7msEHUUUUUUUUQSvR9H9vxFGiDIAEkGVvpa:lNVmswUUUUUUUUQ+FGSItO
MD5:5903C80C93BEEF788E09B36975DB5448
SHA1:26E547FCF329DC19E324329D4752760B660277BC
SHA-256:805C8C22E7893318C88A1AB9B6F32858C427FDB7D9EDF2BE824CB3E969ECC2A6
SHA-512:EA324641DB6E30F0D8A94BA5F0EB54DB85B02FEFFA4E261FA551D589B8EC7CC6823360748F7A5C5A52E6929201AC1A687A4FA9D7716BB3ED2BF9C56DC9D44704
Malicious:false
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.607423844454006
Encrypted:false
SSDEEP:48:7MhKUUUUUUUUUUivR9H9vxFGiDIAEkGVviqFl2GL7mshn:7DUUUUUUUUUUuFGSItAKVmshn
MD5:499F7D1BD67591C252DD8F24B006B86F
SHA1:2A6F1D33A66C98FE38376A995808DC6741853970
SHA-256:7AA106E478007EFEBF2554CCEC65D661C5D24C55BCCAA9277C33A95014D3C7E4
SHA-512:142F04C700403F31E03A08E2F97EA53C5E3DB0B759A7ECE7526EE02B756C7BAAB435D0E283D27E4FD65CE4375A5824D5CD7ED1FFA171E624DBCB33BBBDC1E9ED
Malicious:false
Preview:.... .c......-.p......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI556ea.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.505069684106714
Encrypted:false
SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aRMF:Qw946cPbiOxDlbYnuRKHWF
MD5:D0A8850DAE9F38608BCD9A11C26D99FD
SHA1:B9D048C108533EAC53BEA5CA5DBF63AD6AC1B74B
SHA-256:BE11ADE7B22A9C920BB6DD53D46AEFC4EE0F3157B44335EC24611FEB1C1F9024
SHA-512:3148C6083230DDA03CAC8158BA615A12F201A82EE11A0F1AAC8BD67A206023DA7F902B37270D72DCFF84AF5F6922F87637D612F71B3F3FD18289133F6091C9C1
Malicious:false
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .1.4.:.4.7.:.0.8. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 14-47-03-284.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.345946398610936
Encrypted:false
SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:false
Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393), with CRLF line terminators
Category:dropped
Size (bytes):15114
Entropy (8bit):5.368778325378305
Encrypted:false
SSDEEP:384:VLtWlLnwP+IfJPuP1B0obGt8qVyavbGtAt9tdBX7naHNXKWATKi13RwXwB41nHOS:jGCPa
MD5:80E627F33E8515188579524EAE8564DA
SHA1:6D4CEF458E944803990D88892F0AED26E84D7CBE
SHA-256:2B19E39F364E6F243B8486DC2DDC26274D99C5EB662FEC5035BD9D8FFD0578D2
SHA-512:B18FC091BB9F84012E7C8B3E391F191CC9A76CE3A0341E72483B7264CA7231A11C8ADFC1FBA9CAD82326F1A18346D2F1EB6EDD05CF32A9AB4EC00D9ADBECCBAC
Malicious:false
Preview:SessionID=9e0a1b79-89cb-4d3c-bb02-2e8564c0b11d.1713962823306 Timestamp=2024-04-24T14:47:03:306+0200 ThreadID=6736 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9e0a1b79-89cb-4d3c-bb02-2e8564c0b11d.1713962823306 Timestamp=2024-04-24T14:47:03:307+0200 ThreadID=6736 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9e0a1b79-89cb-4d3c-bb02-2e8564c0b11d.1713962823306 Timestamp=2024-04-24T14:47:03:307+0200 ThreadID=6736 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9e0a1b79-89cb-4d3c-bb02-2e8564c0b11d.1713962823306 Timestamp=2024-04-24T14:47:03:307+0200 ThreadID=6736 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9e0a1b79-89cb-4d3c-bb02-2e8564c0b11d.1713962823306 Timestamp=2024-04-24T14:47:03:307+0200 ThreadID=6736 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29752
Entropy (8bit):5.382848704142609
Encrypted:false
SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r9:J
MD5:483DBF67B5B73F6E0512A6C0D8675A74
SHA1:A8BE9DC392EB424D4181701155DD2FCCC5A679FE
SHA-256:23F86E73D86E02CCD611DE38B28249D880B874478F0AD592DB7048BF377FCFCE
SHA-512:F3F507674F0086D7D418492F2812DD16E383FBAB0EFF922F3633FC49FD0483B1F5E0F0B023A42A527C5BE6647E182011B3998664A48CDB2FD19169AD0155AD0F
Malicious:false
Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\4d88126e-6324-4696-b93c-bc6725b5462e.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:5C48B0AD2FEF800949466AE872E1F1E2
SHA1:337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:false
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\70cfd232-30e6-455c-bb29-4539e071fbe9.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:dropped
Size (bytes):1419751
Entropy (8bit):7.976496077007677
Encrypted:false
SSDEEP:24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru
MD5:AE1E8A5D3E7B2198980A0CA16DE5F3D3
SHA1:A1DB2C58AFC81E6A114A8EB47BE0243956F79460
SHA-256:8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
SHA-512:5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\853fede2-5e9e-4732-a8ed-578485c6520b.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\d8ebb569-1dc6-4847-b40f-b5a186a97898.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 894778
Category:dropped
Size (bytes):669332
Entropy (8bit):7.976659911351141
Encrypted:false
SSDEEP:12288:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1mabFhOXZ/fEa+DNh3P6Q21IvHx75/eOMn:6JJJJm942egf6MNB1Dofjc3PJ21k7Rev
MD5:C4B24E98358EC87C7F853C86A641C2DD
SHA1:037F2682BE3AADCBB7149AC18ED434FE005FB132
SHA-256:88C547944F788B7B436D7AAE8530462183F5D714A5AAFCA3FF743E66D420E0AC
SHA-512:E91D631E4F145E4D9DB6AC5A2ABE3CCA4C096B97A1B092239FB3A694FEB6FE44382670F25B7602FBCBE6BDE5B03FEE5579E14A688CB6FECACE2358753BF38EC5
Malicious:false
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\f4e4b28d-7271-4e97-82af-8d7a530af11e.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

Static File Info

General

File type:PDF document, version 1.5, 1 pages
Entropy (8bit):5.686942185261857
TrID:
  • Adobe Portable Document Format (5005/1) 100.00%
File name:INVOICE 135658-01 04_17_24 08_19_23 422.PDF
File size:9'639 bytes
MD5:8b179c7d9c4def7dff212f7fc1530d9d
SHA1:202d0211391244ac7ed74c7880def34a8f5a1624
SHA256:523491fc16aed3938f9d74b19ca5d73abe72cecf085cdabbefd0a75d8740a704
SHA512:8f574998954a8ec2a609972a259790803fe1158ee406fc83bb00bcb44b2ec29abdbee628cbc59fb396d99270fbf868bcd97248e2f6f0e7ceb0678ffc0f814151
SSDEEP:192:SOiJeEm3H/3TJhNpmarJrXoKLmrOmRTjlrVoKFGO4WrOtc+6O4Y:Ke93/TvB4KLMtTjdKKMncUc1nY
TLSH:9D1286185146C488B69BABCAF73F7AA02568B30783C45CF23D1D0D418E53DEDFA6D19A
File Content Preview:%PDF-1.5.%.....1 0 obj.<< . /Type /Catalog. /Pages 2 0 R. /ViewerPreferences << . /FitWindow false. /DisplayDocTitle true. /HideMenubar false. /HideToolbar false. /HideWindowUI false.>>.>>.endobj.2 0 obj.<< . /Type /Pages. /Kids [ 3 0

File Icon

Icon Hash:62cc8caeb29e8ae0

Static PDF Info

General

Header:%PDF-1.5
Total Entropy:5.686942
Total Bytes:9639
Stream Entropy:7.912476
Stream Bytes:2150
Entropy outside Streams:4.330585
Bytes outside Streams:7489
Number of EOF found:0
Bytes after EOF:

Keywords Statistics

NameCount
obj17
endobj17
stream1
endstream1
xref1
trailer1
startxref1
/Page1
/Encrypt0
/ObjStm0
/URI0
/JS0
/JavaScript0
/AA0
/OpenAction0
/AcroForm0
/JBIG2Decode0
/RichMedia0
/Launch0
/EmbeddedFile0

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:14:47:00
Start date:24/04/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\INVOICE 135658-01 04_17_24 08_19_23 422.PDF"
Imagebase:0x7ff6bc1b0000
File size:5'641'176 bytes
MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:false

General

Target ID:1
Start time:14:47:00
Start date:24/04/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:0x7ff74bb60000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:false

General

Target ID:3
Start time:14:47:01
Start date:24/04/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1604,i,13522873780708684326,15572357352614556485,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:0x7ff74bb60000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:false

Disassembly

No disassembly