Edit tour

Windows Analysis Report
OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf

Overview

General Information

Sample name:	OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf
Analysis ID:	1431119
MD5:	2a59b58903caff84dcde12f33e1a9d46
SHA1:	b7547cc6b6170699d339f97ce5064f69dcf1d3d4
SHA256:	e344ac0e732be265891c118bfeb885f20fb41c8bcfc2e9a2de0d8a1ec87f8203
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7276 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7460 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7668 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1524,i,947318212079203335,16602321531751607594,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winPDF@14/43@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7364

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 15-59-27-121.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1524,i,947318212079203335,16602321531751607594,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1524,i,947318212079203335,16602321531751607594,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf	Initial sample: PDF keyword /JS count = 0
Source: OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431119
Start date and time:	2024-04-24 15:58:34 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/43@0/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.3.84.164, 107.22.247.231, 54.144.73.197, 34.193.227.236, 18.207.85.246, 23.219.38.56, 23.219.38.50, 23.219.38.19, 23.219.38.51, 23.219.38.8, 23.219.38.48, 23.219.38.41, 23.219.38.26, 23.219.38.10, 162.159.61.3, 172.64.41.3, 184.50.26.50, 184.50.26.27, 23.219.38.35, 23.219.38.40, 23.219.38.32
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.223373406814203
Encrypted:	false
SSDEEP:	6:Yf9Vq2Pwkn2nKuAl9OmbnIFUt8nYgZmw+nYIkwOwkn2nKuAl9OmbjLJ:YvvYfHAahFUt8nh/+n75JfHAaSJ
MD5:	6CC57F686B40997314D8FA896A884F66
SHA1:	57265DE5F2889C11BC1CF7A1CE7782E41AB799DE
SHA-256:	FF58D54A74FF87F573EC984C2840597018AF2DFAD211F66E40C48C94CF555200
SHA-512:	DBB91CD28FB4C3901F072D8082F1BAE38A96526288E0A73B4FB40D2448F9FB538BC7B93C763DD9DDDE23FA719518D15B04E5486D29E5F5257D4B58AB219C270D
Malicious:	false
Reputation:	low
Preview:	2024/04/24-15:59:24.722 1d94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-15:59:24.723 1d94 Recovering log #3.2024/04/24-15:59:24.723 1d94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.223373406814203
Encrypted:	false
SSDEEP:	6:Yf9Vq2Pwkn2nKuAl9OmbnIFUt8nYgZmw+nYIkwOwkn2nKuAl9OmbjLJ:YvvYfHAahFUt8nh/+n75JfHAaSJ
MD5:	6CC57F686B40997314D8FA896A884F66
SHA1:	57265DE5F2889C11BC1CF7A1CE7782E41AB799DE
SHA-256:	FF58D54A74FF87F573EC984C2840597018AF2DFAD211F66E40C48C94CF555200
SHA-512:	DBB91CD28FB4C3901F072D8082F1BAE38A96526288E0A73B4FB40D2448F9FB538BC7B93C763DD9DDDE23FA719518D15B04E5486D29E5F5257D4B58AB219C270D
Malicious:	false
Reputation:	low
Preview:	2024/04/24-15:59:24.722 1d94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/24-15:59:24.723 1d94 Recovering log #3.2024/04/24-15:59:24.723 1d94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.235037653180079
Encrypted:	false
SSDEEP:	6:Y0x3+q2Pwkn2nKuAl9Ombzo2jMGIFUt8nzdZmw+nzhVkwOwkn2nKuAl9Ombzo2jz:YxvYfHAa8uFUt8nzd/+nzv5JfHAa8RJ
MD5:	EDDFD1CD2C51962305DEB0BC188BC1A0
SHA1:	D0F9A559F0A034FA2F14D597F1EC469A9A82E6E6
SHA-256:	B716DEFBE614AAA1971EC397BCCED85A08E802C7CDD4051C8CF5B39BFD5E77FE
SHA-512:	101C72D8708C4511B927EBF091CC85C2981F1F81A463E0EA18802152779B81691370979B0602E63B88D829D6218A288D0256802302DE6C9BEC12F4621FA33973
Malicious:	false
Reputation:	low
Preview:	2024/04/24-15:59:24.787 1e38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-15:59:24.788 1e38 Recovering log #3.2024/04/24-15:59:24.788 1e38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.235037653180079
Encrypted:	false
SSDEEP:	6:Y0x3+q2Pwkn2nKuAl9Ombzo2jMGIFUt8nzdZmw+nzhVkwOwkn2nKuAl9Ombzo2jz:YxvYfHAa8uFUt8nzd/+nzv5JfHAa8RJ
MD5:	EDDFD1CD2C51962305DEB0BC188BC1A0
SHA1:	D0F9A559F0A034FA2F14D597F1EC469A9A82E6E6
SHA-256:	B716DEFBE614AAA1971EC397BCCED85A08E802C7CDD4051C8CF5B39BFD5E77FE
SHA-512:	101C72D8708C4511B927EBF091CC85C2981F1F81A463E0EA18802152779B81691370979B0602E63B88D829D6218A288D0256802302DE6C9BEC12F4621FA33973
Malicious:	false
Reputation:	low
Preview:	2024/04/24-15:59:24.787 1e38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/24-15:59:24.788 1e38 Recovering log #3.2024/04/24-15:59:24.788 1e38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8c40e248-46f1-4d96-9645-a5e637ae84fa.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.959716522192626
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZfy2sBdOg2Hacaq3QYiubInP7E4T3y:Y2sRdsWkdMHV3QYhbG7nby
MD5:	C0971F1722341E7106EEB90A184FA05E
SHA1:	EBD5601F9089359223F1299DDD73FE39E9FE2E29
SHA-256:	CF5DB87EE4902AAA4AD3D867334D4CA3DB7BBF2672E2C93F8009C61C20BC28D9
SHA-512:	A2DB1D3A90C58089F7880AF54C738049060C5AF112851B1169E5BBB5B94A89BDEF7D90E3E80CEC3B31262682639D5F2068CDA5A41CBCB5593168E17FA56248DA
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358527176745241","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":155652},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.959716522192626
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZfy2sBdOg2Hacaq3QYiubInP7E4T3y:Y2sRdsWkdMHV3QYhbG7nby
MD5:	C0971F1722341E7106EEB90A184FA05E
SHA1:	EBD5601F9089359223F1299DDD73FE39E9FE2E29
SHA-256:	CF5DB87EE4902AAA4AD3D867334D4CA3DB7BBF2672E2C93F8009C61C20BC28D9
SHA-512:	A2DB1D3A90C58089F7880AF54C738049060C5AF112851B1169E5BBB5B94A89BDEF7D90E3E80CEC3B31262682639D5F2068CDA5A41CBCB5593168E17FA56248DA
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358527176745241","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":155652},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.253471298198668
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo73wYMP1VMNPVMX6YMPZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go/
MD5:	C6283C396A6E6053C553D9DFA73D3DB7
SHA1:	04CBD3D779D7BB3E0A1EEA0FFCE063E361A6FCF3
SHA-256:	725AE68480492CDADBA84153D91F452D2BCE6D96DBCB8208A05B2085AE183367
SHA-512:	3CCED7BF13C5EB6057E41B66EC2BEBB742EE6B261A1224F2BA2007CE44F191100E4234F517ED288EBDA882E27391AB2A1E96135923698CB2428D041CC8D9B74C
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.195382099827802
Encrypted:	false
SSDEEP:	6:W+q2Pwkn2nKuAl9OmbzNMxIFUt8IZZmw+RVkwOwkn2nKuAl9OmbzNMFLJ:XvYfHAa8jFUt8IZ/+/5JfHAa84J
MD5:	11EF13C322BEC1FE8D9E0520C07261EF
SHA1:	4947FBAC81FB6CDA84BEC9709115B13387FC0D2E
SHA-256:	C3E569AEA3B8A9C63309AE2155A205BBC888FF6D9077EBC5870BA3D016F9CBDD
SHA-512:	1A2B24C39B5006C2C22AF9BC234C0F61C7E374424C01373DAB1DF8291135A4EB43280664A4DCF06C61FAF599BA6AFCFEB12F066E7E29B52ED725B98BF56D6966
Malicious:	false
Reputation:	low
Preview:	2024/04/24-15:59:25.028 1e38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-15:59:25.034 1e38 Recovering log #3.2024/04/24-15:59:25.051 1e38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.195382099827802
Encrypted:	false
SSDEEP:	6:W+q2Pwkn2nKuAl9OmbzNMxIFUt8IZZmw+RVkwOwkn2nKuAl9OmbzNMFLJ:XvYfHAa8jFUt8IZ/+/5JfHAa84J
MD5:	11EF13C322BEC1FE8D9E0520C07261EF
SHA1:	4947FBAC81FB6CDA84BEC9709115B13387FC0D2E
SHA-256:	C3E569AEA3B8A9C63309AE2155A205BBC888FF6D9077EBC5870BA3D016F9CBDD
SHA-512:	1A2B24C39B5006C2C22AF9BC234C0F61C7E374424C01373DAB1DF8291135A4EB43280664A4DCF06C61FAF599BA6AFCFEB12F066E7E29B52ED725B98BF56D6966
Malicious:	false
Reputation:	low
Preview:	2024/04/24-15:59:25.028 1e38 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/24-15:59:25.034 1e38 Recovering log #3.2024/04/24-15:59:25.051 1e38 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424135928Z-153.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	2.3384323164082255
Encrypted:	false
SSDEEP:	1536:WNGxYI7LL0U4N+B5lRKejJp5kq+eXu8SkdyiP5JtoisCltt6bm+trgklOtIDTrUq:fYaYOWR
MD5:	67BD708C5BBAC73377E72BA78137C079
SHA1:	595298E8FCBD2CDC7A73322ECB534CF9184600BE
SHA-256:	E691D9332D7D23B361604392D4C947B717D6A41217839A67E6EFBE53653C8C72
SHA-512:	C8B769BF276505090E9D7042906BAE04C3D20442F6A91CCD53AA193985B3B7C635E9C68C173A01139F3A7B8C3C584766B7E26225F05435A3CF822AA8CB00368C
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445485442194619
Encrypted:	false
SSDEEP:	384:yezci5teiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rxs3OazzU89UTTgUL
MD5:	957C2F8C17115CBBB9F216F26F55C981
SHA1:	1E3B4F6F2D65E3C6FF22F97ECC10651D32B99E30
SHA-256:	451B3798B21F8117EFA8E9BEA2BB30FB1041387BFDA2A9F3B34C1EA46C2DF9DA
SHA-512:	B977B3153E0E8FF954E76FDEC6BA8000925F2F0A659C2ED55FB901E3A34E1AF3ED55F77CCC8A8DE8E829844AFFEAFB4E57625019E5B850FB4CB229971CF3AC9F
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.776548564251042
Encrypted:	false
SSDEEP:	48:7Mop/E2ioyVBioy9oWoy1Cwoy1ZKOioy1noy1AYoy1Wioy1hioybioyZoy1noy1R:73pjuBF0XKQ4ab9IVXEBodRBkm
MD5:	744A1B46FD0471504B5DE67EF6F0C8FF
SHA1:	D3D7CF4271C2CA92E7C3433F984C278B20B070C9
SHA-256:	BBE57FF12E840643653716592B2870155BE7961C665ACFB7C6F853EA09021F36
SHA-512:	45253D5E2401322F0D5FA0785E4385CFE552F8CA88CDED2DA066A258B057ED5E8BCA1D6390F58AAD688BB2BC6B81590A2519792CA17E5B264CBCC38755748958
Malicious:	false
Reputation:	low
Preview:	.... .c..... .\|................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7364

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.371038147272319
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJM3g98kUwPeUkwRe9:YvXKXKpaq+Zc0vhvWGMbLUkee9
MD5:	F3D5AA43B0C89ED9746074AB83AFF70F
SHA1:	AB35343FA2EBFA51CB9720CE0F64BD8BF49072DE
SHA-256:	EB9C528A1B3F92BB018E861CD8DC3BB9936A50AC69F88AF3ECDF1569945A9B95
SHA-512:	5B8170490767B881A761041F82DA9B058D4D0AC83B9177730BCC0369EF9EABDD600F260483C42611B663D17F0BAF9970ADE50AF99EBF698B35142EA00FFDE806
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.319373778895183
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJfBoTfXpnrPeUkwRe9:YvXKXKpaq+Zc0vhvWGWTfXcUkee9
MD5:	E993F836EA9077FC4DFB8425496BE87B
SHA1:	FCC0DDD3E11CB5A1885928A360051ECE57DB5146
SHA-256:	1561208ADC7EF57834DD0161F1D9998288725394B064CD70A5BA21ED04A9D94C
SHA-512:	9187CD713FE894C6F58DC003AA4DCF6D0618B3B203CFAA0227E1CA73698510146AAA557E49C9F64547A43F725C9CD22B85500D6A41D1677351DE20B274D7E636
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2972238724722525
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJfBD2G6UpnrPeUkwRe9:YvXKXKpaq+Zc0vhvWGR22cUkee9
MD5:	9D86508E8078ED228B6D17F3D207E4EB
SHA1:	7868812B2EB42344DE0ADF8999730204BDC05AA9
SHA-256:	86EFE28E85F9E8CCA217D52B704D34B5B4111E2D33AFAECEC0B486E385706BF5
SHA-512:	A105F4CB92B07D674182F1E6F7F0438796634B4412DE7C37681FFE90DAC0049784F5C2B8EEFBCFE1603F16EB990C9C819AD453C58E6ACECC9677A16A215CAFC9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.358317943325553
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJfPmwrPeUkwRe9:YvXKXKpaq+Zc0vhvWGH56Ukee9
MD5:	41240A6BE700117D1DD78CD25E37B2B3
SHA1:	7FA05558ACE36AF740D85BCA6B80B283849A1D11
SHA-256:	FB7E95507ECB4E682E15CD5B1BCB30F390C29465F825AB13B8A9FB40F1834A83
SHA-512:	71BADD36959F937B31E04464AE10E1A4A503E0211F21B922E837930B8354BCD9164D5F6F3183DF6C1E1644662F51235FD2BA6ABAEF3F2EFC8A1A9215C5FBEC0A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.321844809102529
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJfJWCtMdPeUkwRe9:YvXKXKpaq+Zc0vhvWGBS8Ukee9
MD5:	42AE1808729565BBA70440AB93D9C016
SHA1:	2135463B180209881A744077771A8233953597A3
SHA-256:	8E823F9ADAB4865C7F2A6E275C8CCEDE8AE5D1DB73C900406A396C8016034334
SHA-512:	DBBC51B814DA2E2E7D76F98929FDFFAB7057671464E8ACD791E7A62979F0E709B8B3611FA66EF56684E5BBDFA6A3BCE96A77421C90B2960D11954818226C6AC6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.308105924248161
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJf8dPeUkwRe9:YvXKXKpaq+Zc0vhvWGU8Ukee9
MD5:	23E6153B538F83229C35BA18D0DCCDC4
SHA1:	BCD0431F3EF1CE98D3CE3718CBC0C6C86E34A883
SHA-256:	77D596959C64D9BB650DD36173855AFCCB80389E59AA4D14B644C826B4FD3464
SHA-512:	DDAD13BAAC9F038CAC2733AF035176EFAC5936B0B54872AABBF2649D365EBCB5C8935DD1D6CDCCC6AACD16480FF8C35A7371177BEF653EA14D32429AC9E27425
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.311905081842777
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJfQ1rPeUkwRe9:YvXKXKpaq+Zc0vhvWGY16Ukee9
MD5:	46E36F9EDDBDB397894F27BF3C732355
SHA1:	9700D6BB0473533CCAA33A2E81FF3B1AE2E80898
SHA-256:	B6746A9E311F7E82ABE0AA705E21148A51713913D7F06E2E1D4B42861310F631
SHA-512:	7AEDA1E51E9A3AF8350198A60ABEA26E6EB7B4D16F36CCCEDEE6CF11F4CE05BB81D9BD40FD9622910010CFC7CEE7C050EAEBDACA5045B6F7F8AADD378CC43062
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.320129968096438
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJfFldPeUkwRe9:YvXKXKpaq+Zc0vhvWGz8Ukee9
MD5:	08BE53492E3939A3014B82354954C85E
SHA1:	86347F02C86CD500C0A4728FE8AB121875D7D983
SHA-256:	164C42941CD4F195839BE1BDAD5BC0F591797E985E34411D1CC3882DA3C83AFB
SHA-512:	5071315ABD6AF4FE3A9BE9BC690BD69189F79A75A25C1CAA789C8580591C65D03AB01E8178CEC10837A693103059C6850D3E929841D999989D038F1F683E4D22
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.7422052189324635
Encrypted:	false
SSDEEP:	24:Yv6Xhq+zvgKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNex:YvMoEgigrNt0wSJn+ns8cvFJYx
MD5:	A71F41BC31DE50AED082C29696CAFE72
SHA1:	1111AF96143E3799A7DD34EADD68B95D3AFD8743
SHA-256:	DCD124116270CE1D0776605C9E887AAB97419E9C003A9B272D7759A14DCE4EDA
SHA-512:	9E8CF340A0F902597D204D05FCA483D00F158159FE0D5C8BA26087F9E8B29B7BBE71C59F28C5FA61E899FF73F853BE916F0FE559E2E168614159F79FA5C25B6A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.31514487076548
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJfYdPeUkwRe9:YvXKXKpaq+Zc0vhvWGg8Ukee9
MD5:	896ADF7CDE066E4A01B3D2BB439762A4
SHA1:	F696C3A76CD85911F81F2590DD7A84A26C9033FB
SHA-256:	5F5E0F2E2EB8F38273D015AB7242DF83E6776069D4F63A2D2A4825D18F7BCC66
SHA-512:	5312601F0C41D684851CD9E89395FCE1657CC01594F7EF1B02152CFDEE8666C078B89BE95916A5978CD422A521ED5380B8D02B400A4D0F35A34E5F2182BDC5B0
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.77947664505214
Encrypted:	false
SSDEEP:	24:Yv6Xhq+zvvrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNGA:YvMHHgDv3W2aYQfgB5OUupHrQ9FJUA
MD5:	10A9CBF5EB89CD44D9501D46A81010BB
SHA1:	BB163A8B08AABF830E3893EDF515B9F462A322A7
SHA-256:	2EC566D7FBB536EE0D5FC3C266813A83C7FD5B84D84FBDFFC75EDC291D778B25
SHA-512:	889E02F79DAE5CB079B43A2B67E5E109EC4F917C0C591A518ADEF529D80904B9CD80ACAC2014757B6B93006868246A60C0A5759BEEED528986AC092EBB0DF9D0
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.2985878799804755
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJfbPtdPeUkwRe9:YvXKXKpaq+Zc0vhvWGDV8Ukee9
MD5:	962DB5D1E4C35D77978ED8F12C511231
SHA1:	666D63AD6852BEC8693E4D16BEABADA9C2F7FCE0
SHA-256:	51698F3960763FBA5771D790225DB25DD18986B08FE88ED27A8F8E633347C1A3
SHA-512:	D5DD0DD27EA2A7F0536C5406E0DD81A3E6B797EBE23F303929EFB5B42DB8A8086C8EBD2AF43226933FC350DAEB4CE650DBA51665B0EA52E8A44D05F922BDE6BC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.303134579633574
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJf21rPeUkwRe9:YvXKXKpaq+Zc0vhvWG+16Ukee9
MD5:	4981FB3231D7DDEBF060ED336B848A2F
SHA1:	11401E76EC33DEAD2E53051E9E0E4B050E5F60B9
SHA-256:	3A14C8CF6F7937284B1528BFF064CA36C436F008098B5954D79A97E552B6A427
SHA-512:	127595BA3AD5A142DA9569CBD04EDB2C86809EB543E52D0D0A49128CE8C289F98D588503415902E9AB138B5E3EA48E89FE8A6DABCBE62B0952042DE93041F81F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.321686181449406
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJfbpatdPeUkwRe9:YvXKXKpaq+Zc0vhvWGVat8Ukee9
MD5:	E6A307878518CA6D8AEFA129F540A2FA
SHA1:	79AF95AF37224C03BD08BC2DB092526B84689277
SHA-256:	037FC6E271C0DAF5F66D812D01E634BB73069EC1DEF2FAFECF3C97EB2F1F9239
SHA-512:	9E3603B3B80C1442B88BA7A759A71B629BE7F2E74C028983FC8B78016A4171ADACEE835ECE113A1A9DBD517D34785AFE10964D17C27237FB146F82657ACBF4D5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.28113701608022
Encrypted:	false
SSDEEP:	6:YEQXJ2HXDWpaqvVoZcg1vRcR0YAvZoAvJfshHHrPeUkwRe9:YvXKXKpaq+Zc0vhvWGUUUkee9
MD5:	C86BAFF75FD67B811DAE89F6D65CB2A9
SHA1:	A24AA01A1B3C660CC622F634B0C973F1682442EA
SHA-256:	9871DFAAB8F9803E3473840308E964A1D8A118BB0DED3A15BD362E7CC39825CA
SHA-512:	9BFEAC3D45D13525D7D1EE84C6D80A6FDA4B7C500D5160FFDC6BF75319005FE67BE6714E58D352DCC904E61016996284C5E6112CCDC025F284DCA387EBFF24A8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.375093374338411
Encrypted:	false
SSDEEP:	12:YvXKXKpaq+Zc0vhvWGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWKx:Yv6Xhq+zve168CgEXX5kcIfANhBx
MD5:	F099CE3C1319E20D74BE07E65D850107
SHA1:	98BBD487780026CA2AF1E8B3CF6A1D73742B8434
SHA-256:	382F72780AB98CCFC12078C7D34B30BF972DBC7BB4927C6EFAF7523F7A86ED6A
SHA-512:	7FFF04CA80995232D59AAB69E7468B7421296C7964684581A33B0EE2F907BBE517879DF21EC83E18611EEA626EB6692C52DD357546F9EEB4E9377316D17A9922
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"4350a2bf-03c9-4b50-9384-f1e9cf36fc55","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714145821137,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713967171163}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.14045865528973
Encrypted:	false
SSDEEP:	48:YUXKRxOckh6gD5tZcID4Ep6qNM1uPc6pWbQs9OmBqc:hXrckh6gD5tZcID4Ep62MUU6pWUiOmBj
MD5:	7B7E4DE08B243DECC887FA32E0AD0974
SHA1:	C83FCB919A346AACCBF508BF34EF640B750FF140
SHA-256:	E946B972793D91AF7C583F97B3A30E2DD671A0D4A6C06E790DD3CDB22045ACFC
SHA-512:	14D0994A80AD9BA4CCBEE18B3C3EC0D4A2C4653EF3A2229709D5C3591B7F538942D061561F6BC30A2348A58915A3B75FA92F8A4B68F7509C4055F4C62232A571
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"28f4a1a80972a195f65885bd144dbac4","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713967170000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"81c75bf7f3df6ccf33538d4e34d52226","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713967170000},{"id":"Edit_InApp_Aug2020","info":{"dg":"16e338873f1dd4f698c4b5453194e12c","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713967170000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"a13b458cbb777bf9d428312372e50358","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713967170000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"c4efa94021f22ddbed38d373ff617e45","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713967170000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"d2c01854d02587a1a006025b25c03371","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713967170000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1865893916665882
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUQSvR9H9vxFGiDIAEkGVvpi:lNVmswUUUUUUUUQ+FGSItO
MD5:	2201E0B27B39E0A4F7B39AEA6DCC6AC5
SHA1:	67C8D5FD0E8EB11EBC9B3895FFD4094778F5E991
SHA-256:	A7F9926ABAD1F356E9520C62732EB6D9C109F8223EC8E4F397415A06E0B99405
SHA-512:	E655EB2137FB1945989152D7A41106A1EA20DDBC0951F0E9F3922C12357756553C62C68D20720C3CD8149968D6DDE1F381EF5CCDA97EAF658A5E62F0949F619B
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6067153463263286
Encrypted:	false
SSDEEP:	48:7MhtKUUUUUUUUUUivR9H9vxFGiDIAEkGVvjqFl2GL7ms9:76QUUUUUUUUUUuFGSItRKVms9
MD5:	C109DD1C0CD843E332BEC26ECAD98904
SHA1:	866BB043E6C2D819C9201A0A8BA90EDD80424A0D
SHA-256:	7AB4AA58D37D73F537AEA54F004E80EF979D9487BE2792ECF821536799954C31
SHA-512:	CA132E6E4379175785914B6FC5E54B313AD3FD5EB4662B05CEC27EFA4910F35F6374A368530A1E00924DB3CFEED64F945A6A98D1AA983E895B82161BE91102AE
Malicious:	false
Preview:	.... .c......(.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI38d55.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.529459928009153
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8c+aVfflH:Qw946cPbiOxDlbYnuRKH5fflH
MD5:	73056D90E425B7C41CDB08AB5C2D3EC3
SHA1:	9616867BB1664CA3A6F5622C145B0D48C16EEBA0
SHA-256:	EE2D83991A6E242B6DE693359A771242AAEA2ACB457A1ADFE3EBA0F3E10E8646
SHA-512:	14B95E38CA1445FA9671DAA0B197F47117554B4B0946F115018CE25F2B91266F19D89A7F4BF5C7F7185FA65C26BCCE0A222EC0DBF3457025BE4A4B4DA7E5E277
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.4./.2.0.2.4. . .1.5.:.5.9.:.3.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 15-59-27-121.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.371658036091037
Encrypted:	false
SSDEEP:	384:pYkZMIVcJmGDxGdH/0ZJydeiKXg3dZLXoq42a4p7/sWsLU53q+LP2PGXiES/AYMH:KSb
MD5:	4DB9C5CDB1EB843DB9EACBBE9F891294
SHA1:	D17F184EF721FB17F3C742DAFBFC921B8CCF82D4
SHA-256:	8C8129301E8C90D6149898ECA7200454F8ED3260A08D2DBCCDBBE768B9D66A78
SHA-512:	01436DA2950C7E4B25FC5256AD673427FA8E9563FDFCAD338D091B699053CDF111C476DC331FF019AC17901E5D018089AED533D1ED78A8185DF09534E2021160
Malicious:	false
Preview:	SessionID=31fafc3a-af45-4b7c-b415-0671efa221c5.1713967167146 Timestamp=2024-04-24T15:59:27:146+0200 ThreadID=8184 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=31fafc3a-af45-4b7c-b415-0671efa221c5.1713967167146 Timestamp=2024-04-24T15:59:27:147+0200 ThreadID=8184 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=31fafc3a-af45-4b7c-b415-0671efa221c5.1713967167146 Timestamp=2024-04-24T15:59:27:147+0200 ThreadID=8184 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=31fafc3a-af45-4b7c-b415-0671efa221c5.1713967167146 Timestamp=2024-04-24T15:59:27:147+0200 ThreadID=8184 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=31fafc3a-af45-4b7c-b415-0671efa221c5.1713967167146 Timestamp=2024-04-24T15:59:27:147+0200 ThreadID=8184 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.39063697149972
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rm:y
MD5:	6AF0817C5E3406F2CFBD64E4187A47AE
SHA1:	D685B6E80D9C5D470F2591468FB39B746973FC78
SHA-256:	D1C4D2B09A8A838B05ACACB2F11597122529614FA92125D23C2760BBE75E355D
SHA-512:	B0CE6C5305F1D4E51D357B0380AEE11D20DD02110E3B80626B9C97DEB2F520DDC806A24D8E9BEAE5AA25D58DA766523725414A726AB1263336FE0E2B10E8922D
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\761ef9ce-e3e3-4bbc-9398-303ee8b4e412.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\a1d8c15c-8b15-4242-bcf1-dc3dd0d2c1ce.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\b0158777-29b6-47f5-a8e7-253361eecc63.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\c2b14387-dd31-4fd4-a9e1-c744825ea515.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7ouWLaGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLaGZ7wZGk3mlind9i4ufFXpAXkru
MD5:	13F55292D0735B9ABD4259B225D210FC
SHA1:	810CC5D545BFA11D2825F6E1DFA69176794DA7EC
SHA-256:	8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6
SHA-512:	4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.3, 2 pages
Entropy (8bit):	7.910892649988593
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf
File size:	143'507 bytes
MD5:	2a59b58903caff84dcde12f33e1a9d46
SHA1:	b7547cc6b6170699d339f97ce5064f69dcf1d3d4
SHA256:	e344ac0e732be265891c118bfeb885f20fb41c8bcfc2e9a2de0d8a1ec87f8203
SHA512:	39f773ce29373192c6c1e24a1c8fd4fd37d7495ec3329f2b22e2b3b5f26b64a89622b2586bfa01e407b0e59367bfe4295c02d1b43c2a1eedd5d331caf5071278
SSDEEP:	3072:8UKXWERTaTuqPwgyuR8pGX50QLqosUsdG89iVHxg4h5eUEfsb3BRM9sb:8U0WeTqRPO28pGX506FayHxmfsb3fRb
TLSH:	0FE37E039D489B97E42983D87E575FAC6F0A3F1DE8453AFB54254DCB7E206660C8E02E
File Content Preview:	%PDF-1.3.%............3 0 obj.<< /Filter /FlateDecode /Length 68 >>.stream.x.+T.T(T..H-JN-()M.Q(....Z.*..........1.ih.gjajl.......k........EC.r.endstream.endobj.1 0 obj.<< /Type /Page /Parent 2 0 R /Resources 4 0 R /Contents 3 0 R /MediaBox [0 0 595 842].

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.3
Total Entropy:	7.910893
Total Bytes:	143507
Stream Entropy:	7.909092
Stream Bytes:	141617
Entropy outside Streams:	5.095392
Bytes outside Streams:	1890
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	13
endobj	13
stream	5
endstream	5
xref	1
trailer	1
startxref	1
/Page	2
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
5	16963f743f338012	b6fc7a3ed7b001c5065ae49bc8379b30
11	9616bf7c3f330008	0886bd1f4a3232e314afda2666c95c57

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7276, Parent PID: 2580

General

Target ID:	0
Start time:	15:59:23
Start date:	24/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7460, Parent PID: 7276

General

Target ID:	1
Start time:	15:59:24
Start date:	24/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7668, Parent PID: 7460

General

Target ID:	3
Start time:	15:59:24
Start date:	24/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1524,i,947318212079203335,16602321531751607594,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8c40e248-46f1-4d96-9645-a5e637ae84fa.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240424135928Z-153.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7364

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Windows Analysis Report
OBIJEKWU IMMACULATE NMC CBT RESULTS.pdf