Edit tour

Windows Analysis Report
Obaid_WFH_Check.pdf

Overview

General Information

Sample name:	Obaid_WFH_Check.pdf
Analysis ID:	1431808
MD5:	b5e121f6bb5574a588a430b51fda7f9a
SHA1:	afba123e82ac84ea9910ecbf3775168249c09867
SHA256:	ecd936385cea6816a3baf0c61b72cb5da62ae56cb9420c66ff0c11efa3bd2a15
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6640 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Obaid_WFH_Check.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7200 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7376 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1736,i,10949930308330096366,4183056358984129761,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winPDF@14/44@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 20-05-34-613.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Obaid_WFH_Check.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1736,i,10949930308330096366,4183056358984129761,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1736,i,10949930308330096366,4183056358984129761,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Obaid_WFH_Check.pdf	Initial sample: PDF keyword /JS count = 0
Source: Obaid_WFH_Check.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A93vnpsl_gg86rr_4gc.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A93vnpsl_gg86rr_4gc.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Obaid_WFH_Check.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431808
Start date and time:	2024-04-25 20:04:43 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Obaid_WFH_Check.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/44@0/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.31.60.185, 18.207.85.246, 54.144.73.197, 107.22.247.231, 34.193.227.236, 104.76.210.69, 104.76.210.84, 162.159.61.3, 172.64.41.3, 184.25.164.138
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.121745694127591
Encrypted:	false
SSDEEP:	6:3l1Slyq2Pwkn2nKuAl9OmbnIFUt8MlKs11Zmw+MlKsjRkwOwkn2nKuAl9OmbjLJ:1syvYfHAahFUt8aKsX/+aKsjR5JfHAae
MD5:	7402F5993BDECFFC2217604CA20783C3
SHA1:	FF90501CB50B9B912BE81440571405AFD875E706
SHA-256:	0967291396DC97288898659A45E70D7FF7DDEAD328E63399F3C183BCE331860D
SHA-512:	DA2D86AF59C4139F637EF354430A00247C54C32188781D88109435B7D1E1D3A2E72F9E3D40FF8125C2543387E6E0AA91EB73992E32A815801A6760F6EF734E21
Malicious:	false
Reputation:	low
Preview:	2024/04/25-20:05:32.352 1cc4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-20:05:32.353 1cc4 Recovering log #3.2024/04/25-20:05:32.353 1cc4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.121745694127591
Encrypted:	false
SSDEEP:	6:3l1Slyq2Pwkn2nKuAl9OmbnIFUt8MlKs11Zmw+MlKsjRkwOwkn2nKuAl9OmbjLJ:1syvYfHAahFUt8aKsX/+aKsjR5JfHAae
MD5:	7402F5993BDECFFC2217604CA20783C3
SHA1:	FF90501CB50B9B912BE81440571405AFD875E706
SHA-256:	0967291396DC97288898659A45E70D7FF7DDEAD328E63399F3C183BCE331860D
SHA-512:	DA2D86AF59C4139F637EF354430A00247C54C32188781D88109435B7D1E1D3A2E72F9E3D40FF8125C2543387E6E0AA91EB73992E32A815801A6760F6EF734E21
Malicious:	false
Reputation:	low
Preview:	2024/04/25-20:05:32.352 1cc4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-20:05:32.353 1cc4 Recovering log #3.2024/04/25-20:05:32.353 1cc4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.167647113353894
Encrypted:	false
SSDEEP:	6:3lBDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8MloXgZmw+MlVtDMVkwOwkn2nKuAl9OU:1hM+vYfHAa8uFUt8aF/+afMV5JfHAa8z
MD5:	F766A5EE8C4EBE912E8CD2AC26ABE98A
SHA1:	0F15B1BD0BA192295C81B6189C56AE271E2D613D
SHA-256:	73B9633468FA5B438637EB35A95F197344802D083028A6839DA16BDDC4E0B925
SHA-512:	448430E5B6062ADA61189F46EAC095B0F78BADD168389003907EED0D0D4C501550BFDD9C4A886876BE626C47E7DE406DABDA6F6BFB1EBBBB85CF6404C6FA95BA
Malicious:	false
Reputation:	low
Preview:	2024/04/25-20:05:32.394 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-20:05:32.395 1cfc Recovering log #3.2024/04/25-20:05:32.396 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.167647113353894
Encrypted:	false
SSDEEP:	6:3lBDM+q2Pwkn2nKuAl9Ombzo2jMGIFUt8MloXgZmw+MlVtDMVkwOwkn2nKuAl9OU:1hM+vYfHAa8uFUt8aF/+afMV5JfHAa8z
MD5:	F766A5EE8C4EBE912E8CD2AC26ABE98A
SHA1:	0F15B1BD0BA192295C81B6189C56AE271E2D613D
SHA-256:	73B9633468FA5B438637EB35A95F197344802D083028A6839DA16BDDC4E0B925
SHA-512:	448430E5B6062ADA61189F46EAC095B0F78BADD168389003907EED0D0D4C501550BFDD9C4A886876BE626C47E7DE406DABDA6F6BFB1EBBBB85CF6404C6FA95BA
Malicious:	false
Reputation:	low
Preview:	2024/04/25-20:05:32.394 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-20:05:32.395 1cfc Recovering log #3.2024/04/25-20:05:32.396 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	476
Entropy (8bit):	4.955058227529306
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZz2sBdOg2H+2caq3QYiubInP7E4T3y:Y2sRdsWbdMHc3QYhbG7nby
MD5:	8233C863EA4D7189B30D0CA656ADE9B3
SHA1:	E47A3C12124D9C94D6757D5F0CF8011DE4A2D3CA
SHA-256:	F8E6D19EAB7D4FB7E69865D5A222F52A1CF21826A0ED9A81EC7B9642CCD8E959
SHA-512:	A5234FB142BD1AA13EAC6BD6645363954F10CA1DE47475A8F4384FBB3D1327C5056CC78101ADEC4E67DED92F7CCF446D9C75EE3C66FC44311D8201F0C5FFB2A1
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358628338326193","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":1195229},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\dd2b2515-a754-4356-b3d7-fbccb6a9541b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	476
Entropy (8bit):	4.955058227529306
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZz2sBdOg2H+2caq3QYiubInP7E4T3y:Y2sRdsWbdMHc3QYhbG7nby
MD5:	8233C863EA4D7189B30D0CA656ADE9B3
SHA1:	E47A3C12124D9C94D6757D5F0CF8011DE4A2D3CA
SHA-256:	F8E6D19EAB7D4FB7E69865D5A222F52A1CF21826A0ED9A81EC7B9642CCD8E959
SHA-512:	A5234FB142BD1AA13EAC6BD6645363954F10CA1DE47475A8F4384FBB3D1327C5056CC78101ADEC4E67DED92F7CCF446D9C75EE3C66FC44311D8201F0C5FFB2A1
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358628338326193","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":1195229},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.256412823658674
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Ec5HZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goV
MD5:	733BFE73D40D33C7383793FC89478E9C
SHA1:	0A009DB6D408298FEA57C895D2296582DBDA439E
SHA-256:	AEBD375431AC395239909C382CEA7E5085F384DD1D1C1C54AF970B9FE6C4DF17
SHA-512:	3C832CF740C7217A6864E59E65DC44BE41D4581265943FEF4435F8A43DECDF5FCC725AFF8CDE4A20D5FCCB6E24AF9586EC7C87B1FA50D8CC9DAEA4405BA01FA5
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.168338945788006
Encrypted:	false
SSDEEP:	6:3lKDM+q2Pwkn2nKuAl9OmbzNMxIFUt8MlY2GSgZmw+Ml5VDMVkwOwkn2nKuAl9Ob:1iM+vYfHAa8jFUt8arGX/+a59MV5JfHP
MD5:	C697C462C6FAD07FAD05910B2E1B3D78
SHA1:	44775E6092AD89D031901E2903D5AFD7CDE77EBC
SHA-256:	29C3E3A4424238019AC500DD8C42CA9E80CD690F7F790A11DE403ACDDA152460
SHA-512:	8092EC488E469A9B62B3CAE23149315DFDCF4F6BEA187FEE4B20B71FF918535B30F5A61F5172255E000CCC5414890D810D3071EF0B9FD0A5B32D7AC4B3F515D2
Malicious:	false
Reputation:	low
Preview:	2024/04/25-20:05:32.890 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-20:05:32.905 1cfc Recovering log #3.2024/04/25-20:05:32.918 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.168338945788006
Encrypted:	false
SSDEEP:	6:3lKDM+q2Pwkn2nKuAl9OmbzNMxIFUt8MlY2GSgZmw+Ml5VDMVkwOwkn2nKuAl9Ob:1iM+vYfHAa8jFUt8arGX/+a59MV5JfHP
MD5:	C697C462C6FAD07FAD05910B2E1B3D78
SHA1:	44775E6092AD89D031901E2903D5AFD7CDE77EBC
SHA-256:	29C3E3A4424238019AC500DD8C42CA9E80CD690F7F790A11DE403ACDDA152460
SHA-512:	8092EC488E469A9B62B3CAE23149315DFDCF4F6BEA187FEE4B20B71FF918535B30F5A61F5172255E000CCC5414890D810D3071EF0B9FD0A5B32D7AC4B3F515D2
Malicious:	false
Reputation:	low
Preview:	2024/04/25-20:05:32.890 1cfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-20:05:32.905 1cfc Recovering log #3.2024/04/25-20:05:32.918 1cfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425180536Z-162.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.2058520977097795
Encrypted:	false
SSDEEP:	384:0YWDdxFgYrYr4OO0CWIgf2oe1kkUcMSa/7ZHfKNu6:0YWDTFjYr4OO0CWIgOZDTa/9/KN1
MD5:	61024AB1427A6229CED0C8670F048BA4
SHA1:	199B76739AF8CF553675AA746C85C2054A6DF46E
SHA-256:	DCFFD82F101981D707B4CC049E98F19B1C46A6010B4F6C3FB48A912448B69156
SHA-512:	B05195FDC3F47E4F0531F956FD33B81E8BB3C3BA34E53E06F68364EC8E2367A35D33001D5ABB72B070C05308C30E19D48823CB0A3A390CB9F976765CDE31430D
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445186104557027
Encrypted:	false
SSDEEP:	384:yezci5tgiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r3s3OazzU89UTTgUL
MD5:	69A9EF459E6028ECAF63FD62E9158AB4
SHA1:	F364B37A8856C7025966CB289818F66C870FC316
SHA-256:	1603203E376A361DEBB81B7A1E051DFE6DE4F07AD3B891E6C4884EEC057F959E
SHA-512:	D564C0280B01D38D36AD980F53F9938D514710315CF0EEBD77ECD827EA6BD723481E502AE54759992569FBA3D9002316B8482A66483A7EFC6C68CD04F83D375C
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.773175654060231
Encrypted:	false
SSDEEP:	48:7Mjp/E2ioyVwioy9oWoy1Cwoy1wKOioy1noy1AYoy1Wioy1hioybioyOoy1noy1A:7QpjuwFnXKQT9b9IVXEBodRBk+
MD5:	35E78B0067F182A3E53985586D8615D1
SHA1:	E97ECC7E7401B61EE506723703E651D76CF0250E
SHA-256:	9849D32022393D640D7FA72E381301A85600320F879A723EFD5C74ED1C6A4CC9
SHA-512:	A626C39BD11CBA1D3100B27129ADE7A850C437537BFD182EF0D33563D7E23CC8D976A79E421566351BAAA149A0CDAD9CFDD1657EAD42451BCD9842A059584343
Malicious:	false
Reputation:	low
Preview:	.... .c......FET...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5772

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.372813356372477
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJM3g98kUwPeUkwRe9:YvXKXintKZc0v7GMbLUkee9
MD5:	FD43E617714CCBB5604A45BC92DF4760
SHA1:	20F2CA317EA5FD78E259DC7F1964117D8FD2F330
SHA-256:	6CFFA04A974946EDFE1E1F3BCCAEA302DA8E7D505646490A0F08D68D72170F2B
SHA-512:	182DA0028896D3B2381C009C79ABEE84C8E73BFBB541464D335B328CCF60C738C80C5D4EDCEA6FA25F2379687539C22D9CF619B33744F07790A79701A765C83D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.323126850486204
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfBoTfXpnrPeUkwRe9:YvXKXintKZc0v7GWTfXcUkee9
MD5:	167ED0C32A7D53F8D8842DF614FBDD15
SHA1:	6132DE69F85643AC96F95C8EE26B7CE5BE42D916
SHA-256:	213749C87FF6D994E554169BCDDF1737B796A3CE3803FA4C9602308B87A43FD4
SHA-512:	4BD1606F962F8330D2CACB6EDFEC141DCD19991F922F5F8D7D7C4F2FA1A39D569E1324D64180E1C9BC840A67E4E5BFDFB2B9B7055C7D9326E31DD4EEAE4B4856
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.301386345844012
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfBD2G6UpnrPeUkwRe9:YvXKXintKZc0v7GR22cUkee9
MD5:	5EB759F8CE05D1F4C720742E7A995B6B
SHA1:	97FE3A2FEF743CEC325BE85DC161C6B2BFFD8275
SHA-256:	A9976E6D00938FE8A36DEB5889A229388070AEFFB1E08ADAD453B12827246ADF
SHA-512:	3491482CFDE29CEFA5B54FF5788092414EA7A100CB041A4AE50DEF773A1416B3DD0A72058212B7EFB45D78FBB7DB7CD6D9BF8AE5B0C660E6930BAB41AA8CE04F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.360155440464313
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfPmwrPeUkwRe9:YvXKXintKZc0v7GH56Ukee9
MD5:	48BD0976669CAB663B36F330DE47DEFF
SHA1:	7917587289C9E1D3294D03825B886B781FA0E525
SHA-256:	B47CD175DC766D3A05587C16A36BCFA696E0AA0915586E8953F4D1D31C142E61
SHA-512:	40294B0B5EEC039C5F59006E8C75E3E2D178CE935A68B04CF1FCE67DF173DEB9128FFF806802C5F20637991C18B33C423660A7AED922982BFEDC941209008F5D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.3207110204459305
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfJWCtMdPeUkwRe9:YvXKXintKZc0v7GBS8Ukee9
MD5:	D77B14997456EC767C2F7EEFB5A11E89
SHA1:	EAA3926527D914D4977851A50587FC44FC81E39A
SHA-256:	782AB28D1966CD59CFA9914DA37E5F4C5355DD8ABBBB58A40823BE846EC7EC36
SHA-512:	ADDFD82690C3964A4ABA93EFDEEA9724EDA844E0AB0C4D270AB28A65E0D74DFAE7C51D7F3861121BBE56C010CE8A775DC029BF68B347985FC64A3591FA328BBC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.30741481372837
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJf8dPeUkwRe9:YvXKXintKZc0v7GU8Ukee9
MD5:	9C0D1D0F68598ED5DCEA586A884B306D
SHA1:	A74EC2546DB7C75D3D386DD09DB96F70C81B67AA
SHA-256:	64284E2B7523799483AD0FFA32C972C84AFE35AE5BC5B5F8D07C6BEBFBE9AC1C
SHA-512:	E55EE6399872A3675B48A9CCE2EBA2A446B9B3646329E1C92185B696DB768A6D52DF4D3E54D591C40A0E1EAF170BF1507A754AD201DB95167A615DEDD78DEAA8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.311221071773531
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfQ1rPeUkwRe9:YvXKXintKZc0v7GY16Ukee9
MD5:	1DA79AEF047BB0FB6D472DBF60969A4C
SHA1:	6469A8F9C8A61463FACDC17F339C6F68B82521A3
SHA-256:	B024D80D819F3981C14C2D361D399A7E98A78E4B1F001572047F65F0B082D939
SHA-512:	0592E2135306B12292E78ACD980E66CB0BBA0F20C8257D845A58EA806314400C28BF6C221F9C78429ADEC8A83E22059B164EFEAD1DDCE78445C3FA6C848AC835
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3167178977857805
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfFldPeUkwRe9:YvXKXintKZc0v7Gz8Ukee9
MD5:	2C2422B8465F46ECB21AC618E4954A4C
SHA1:	6B32569B4E79BAB566F235A1FDAB87035B287843
SHA-256:	ADD36C991460055F1EA842783CC686216C8D7BD2C601F40A9D41280FB634268A
SHA-512:	7582B5EEC45E6AC5AA9464CEDBC3AEA93AE78DBE5D61B2655C0376162830256B193CC9898D8AD0362ED3CFD1B67ECA47F4CE10A6EBA238DE6726BD001A809B13
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.743841938183374
Encrypted:	false
SSDEEP:	24:Yv6XitKzvDKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNQ:YvW7EgigrNt0wSJn+ns8cvFJy
MD5:	B6BF8E6FE321C1B74AD37A4B5E2ADF8C
SHA1:	5432F50DC7180D4E80355AFF8A7E21275022EFC7
SHA-256:	7EE73DF12793EAB5F55778B0D92DB2CD8C586BAFDEB409965E8C6D2B0F1E668B
SHA-512:	7716EEACED2A649D473C271995206B07C5FE59B6B5AB4C141880FE6FC1F4282FEFE2B36D8026B5C59F6582DC78EAE1684CECD5D9EAED8C70EADB5ECD8E119884
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3139993126764615
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfYdPeUkwRe9:YvXKXintKZc0v7Gg8Ukee9
MD5:	C47CEEAC9DEC3DB272FE7653B951A1FC
SHA1:	307414F6CB8554D787F080CE59B61206BDB6785D
SHA-256:	56FDC4C27B8B93906842FE875C3A84D4D3849BB7EF8E66322C7C1AFE4D58168D
SHA-512:	023007BC89516A75694DE2938B9C5C711110085F8EDED448850F38F8F9CEDFA685228948ED90BCFE68743F73525D8A0DBB6B43D1977DFD62E8D5EA309B8D55B5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.781762381966558
Encrypted:	false
SSDEEP:	24:Yv6XitKzverLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNY:YvWmHgDv3W2aYQfgB5OUupHrQ9FJO
MD5:	4174332827983009FD9CB2CA61264E22
SHA1:	D0DEAEEFB036F3260097B86175C053B1A8DCAA77
SHA-256:	1E268A16E2F12894A6B16619429FE0296F188DD9D7D3DF0C3A106505F4859AFE
SHA-512:	A2BECC35AFE694CEBAF8BFBFDF5976E81828C97A14EA7E9BA79073879FD0581C2A7C038506B027AE86D5F638B3E9E3EF5655D8CF164441C960CBEA65BA18E9FB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.297450195142925
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfbPtdPeUkwRe9:YvXKXintKZc0v7GDV8Ukee9
MD5:	90C2F2A64E7C4CB58D065EC6A221524A
SHA1:	C69E8CA3C1FA0ACF139DF9DA51C91771FD030868
SHA-256:	B28FE7FCFCF3FFCD2ED141AB52A964C08F38FB10105502BCD88BF5B0D53647DA
SHA-512:	9C12E843893E436F710858AF5D9C896A57D6729F5AB3A00CA74ECD853B12EBFDC389D85213A5D59AA07AE83F73AD719981552242DF6ACC2BD85EA3B27082098E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.3019810385613555
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJf21rPeUkwRe9:YvXKXintKZc0v7G+16Ukee9
MD5:	3655961307417BBF09A8947D00B4B7A7
SHA1:	FC4A85BED1D46A42FDE21864E5B3912253C8E694
SHA-256:	8F1D17D5C900CDE5F08A04256D194A7BC3CD62AB5F713143F571AACFC40135C3
SHA-512:	B7FDFA4449F4DE09593854861EEAB235019FF46E8211A3242DB3204FEAAA61907EA67414A7382473A3A88189618C9316A5AC91B3C6BB53CE9DF1884932D81A50
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.320540623360388
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfbpatdPeUkwRe9:YvXKXintKZc0v7GVat8Ukee9
MD5:	55FEEC9DD1541EFBFFF8066950DFE00A
SHA1:	4F51E97070886493A641459255191DA2BFB863D0
SHA-256:	80308D6ADD546CB18443750A3B56F1A9AE01C7CBFE308291E859D384B1DA68A0
SHA-512:	0F9308339B0E9C7815C0FE4E341FD8A46A8F11C4B2387DBBFEA9F475FFB27103E176578B64303FE643476283C2C7C45839582AA66BD8118833A74696453DE8D8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.277689154822248
Encrypted:	false
SSDEEP:	6:YEQXJ2HXint6oR9HVoZcg1vRcR0Y/xgKoAvJfshHHrPeUkwRe9:YvXKXintKZc0v7GUUUkee9
MD5:	D2123807C2077CC2632DABFA6AB63EAC
SHA1:	B40C59BE14AE3D2896BFFF372DF3601674C71126
SHA-256:	E56DB2626BAA2DAC9F5BFABD5E489EE873370D8BEB42DF66284300A48DE842A3
SHA-512:	554720EEB5CB2B962C3E880BA2C5664EF1ADFBB116118B96E22B15595ECA773CA35178B2CECAAE7C44D3845CFFD0120D293FE2DC3DAF74C2C325C4DED578B235
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.372627534359294
Encrypted:	false
SSDEEP:	12:YvXKXintKZc0v7GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYv:Yv6XitKzvb168CgEXX5kcIfANht
MD5:	1A5D06718279723DFA316EE5B30D70C8
SHA1:	0271A4AC503D218049404751CECB384DA611B00E
SHA-256:	CFF7C3AC7CFA7F746DF2607FC00DD236A03C36C259FEA26391A68483A21AEEF0
SHA-512:	F6E0603CAD7FF7E32C4BE8A297D5D02922F7C248A90B707352DFF8F3355AF89523C20F396C4D031BF9C9C5B242C1E563C8F1F9AF69AB61E0544DE83D683624BF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7b81514f-e1fa-4160-93d7-40131dc848c5","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714242098035,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714068338066}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.129502065684939
Encrypted:	false
SSDEEP:	48:YZWGCOgOql1yAbpTI8/fP8Qzy7TqO9h3U:8WG7ql1tbp88XkQzy7/5U
MD5:	4186C994E253A1AA5A2A342CBE5ACBF7
SHA1:	15EE9637856C9D90FF63596EDFC22B2CB0FD9B9E
SHA-256:	1589D4E63CCC39529CDB3A68405CB4E6D6694F7D388718F2878E08B9C3C924B1
SHA-512:	8B000362EBC237202BCC78D24284ADB1BEF166A1252FCC8D07ED7C02EABD5B1062310F273205913478134F19CA2549E12AD6032C0842117CB3FA0262F79A1014
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"4a9b2fe41a1f4540e33b2b359bf1d7b8","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714068337000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"08ecb91fef5baa752608a23680629ed9","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714068337000},{"id":"Edit_InApp_Aug2020","info":{"dg":"b668ea3e2764735d593f50c5f911cdc2","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714068337000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"9db3cbfdb5f6f018ebb8a6e4032a8edd","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714068337000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"d5f50ff08e81f2c00b8285764d8ce4fa","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714068337000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"dfde1ea5cb143db7b82abe664b3d4035","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714068337000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1869050633465628
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUQBp4SvR9H9vxFGiDIAEkGVvpkBp2:lNVmswUUUUUUUUf+FGSIt/
MD5:	908A16033B7883AD2FD18BD7BF060E9C
SHA1:	E29C637ABF1070DD33D826D094D706D48CD87304
SHA-256:	01134E76564E1DCF8A085B1B6CC46E3DB6757DA7468AB61C68D815E7490D1416
SHA-512:	7DE0B089A13297FC2EFA2B03B91818FC514EE6DE3AF5F78C1AAE4925EA727E23AAB843EB7BE65A8BEFAD686309AF22BB5305A52CC8CAEBB6B2A1FA14DB885B40
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6059474010247679
Encrypted:	false
SSDEEP:	48:7McKUUUUUUUUUUQBpavR9H9vxFGiDIAEkGVvPqFl2GL7msk:7kUUUUUUUUUUzFGSIttKVmsk
MD5:	2F34E24665403071F3B66BB70D17EAA7
SHA1:	A7974F226908AF1FF7715BF1EE830E47241AD6D6
SHA-256:	40136A690871EF5A1ED8E8DA3BD565E6BCFAEF90090E885CA658649F0E862BC8
SHA-512:	3907A6658F693887091269FE1A0195AF7CF2A812A7B78142EAFB7EAB71D3DFE4C036504963A307A9C615AA4D8217A3E3265724A133B9130CE221B02049E30AFB
Malicious:	false
Preview:	.... .c......n*[......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI85fd7.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5004142083842487
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+WlNDaCH:Qw946cPbiOxDlbYnuRK8rH
MD5:	715B2273730CD5A5081AE9437E1A33AD
SHA1:	96744BF2C005A541287CBF4D0603F95157003755
SHA-256:	D2D5C2B116D13A71795BAC54B6E712D0AF01DF08A7D2DA409F4407C7D3073C10
SHA-512:	63D63CF1D85841E76A466E3146F6AF6F72970B3A7874F2F73C6820F3D12687DEC67C6EA0FBE7605D2E8D7718A6CAF913C7E32844733E3F61E583D2729E7D3803
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.0.4./.2.0.2.4. . .2.0.:.0.5.:.4.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A93vnpsl_gg86rr_4gc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.043140745342817
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOq5YJ6vlI8CS5YJ6vlIUCSyAAO:IngVMre9T0HQIDmy9g06JX7JsoTJsJlX
MD5:	CBFD68EECABF3425924AB5F03C89D227
SHA1:	204079D419488226338CE93360BF350C08F18A2E
SHA-256:	B114954E83DA13B134BB2A5DFDFA20DBE38589681757EA07200475C1D60ECA8E
SHA-512:	9B5EEDF4EFF8284838F386042122F87B1280311542B51ACFC6F30D125685F53563B9FE3D1B5E93163E4B7B4CAC5E18CECBF0176155FF506C20843D58553181D1
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<BF81E21E61C92044AF6FF9DD96F0CBD9><BF81E21E61C92044AF6FF9DD96F0CBD9>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 20-05-34-613.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.381342081959021
Encrypted:	false
SSDEEP:	384:KXDqb/WDi5VAKibdGQGYY80HA6bFeGeWe0eXQPjFtdoYpCZbTNxJqlA3M3qzRv53:j0r
MD5:	F0F22303A693664A53E0313646E7B56E
SHA1:	8EB7432B44D1F7A36EF62E46961402F5D921746A
SHA-256:	3D807ACB42FB710BA5E9CC64E0FA24C7D8021615B465BBBCB6DBA720A177DD41
SHA-512:	4BD10DCB9CEC32522580BE615686589634FBD25E8B381C2ACB69C0EDD41237399414C6F4BB7632719F6AEB7215CE2DA81D8C99C013DB3F4D5A1268E7C851D26F
Malicious:	false
Preview:	SessionID=da17d245-9dca-41b6-93bd-d6965c4eab88.1714068334631 Timestamp=2024-04-25T20:05:34:631+0200 ThreadID=7192 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=da17d245-9dca-41b6-93bd-d6965c4eab88.1714068334631 Timestamp=2024-04-25T20:05:34:645+0200 ThreadID=7192 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=da17d245-9dca-41b6-93bd-d6965c4eab88.1714068334631 Timestamp=2024-04-25T20:05:34:645+0200 ThreadID=7192 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=da17d245-9dca-41b6-93bd-d6965c4eab88.1714068334631 Timestamp=2024-04-25T20:05:34:645+0200 ThreadID=7192 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=da17d245-9dca-41b6-93bd-d6965c4eab88.1714068334631 Timestamp=2024-04-25T20:05:34:645+0200 ThreadID=7192 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.385203906466951
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rX:r
MD5:	E1F3C6E8EA6515E968DF97FD66861922
SHA1:	296B0FB0B8EEBF266F3ADDFEC60633A4048F194E
SHA-256:	2B10921E14AB9C419882B03BC2C341624043BC13E05B257C94DC8F032066D467
SHA-512:	7D9DCFA4CE9145C34C62E538814877C7D563BF4048BEB341BDD4CB560F78F4EBBAE590BF12A9C76181C0B8A83F585DA07A3C43FF0676A475654B434868060834
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\541f2c89-c1b6-44c3-bf1c-b9cc65c8c26e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\9c026ce5-6078-4d65-a846-91df4ae4eae8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\d9f468d3-3d6f-47c8-b31f-ff7498b35f4c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\f61774f1-b9b4-496c-9c42-94a85b31afa0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:	PDF document, version 1.4, 2 pages
Entropy (8bit):	7.996601171716677
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Obaid_WFH_Check.pdf
File size:	492'551 bytes
MD5:	b5e121f6bb5574a588a430b51fda7f9a
SHA1:	afba123e82ac84ea9910ecbf3775168249c09867
SHA256:	ecd936385cea6816a3baf0c61b72cb5da62ae56cb9420c66ff0c11efa3bd2a15
SHA512:	fa71f043c442126ba22651b6ae41009332c1fac7381376f11c2ee2097648c1b1f1815864b9dc8196bcbc7fad7c916541b44eaf6e64a4df94f060e41ab3794d73
SSDEEP:	12288:m5Lz2vC7PqARdrBqTyXyKge/NuYfbF/iABjsaoX:mV/7SA3rJyxe/AYJJBM
TLSH:	B2A423695CBEBD40C0404961E8C82796039BD0FCCA76BA453E4BEB57A8ADF73C5DC912
File Content Preview:	%PDF-1.4.%.....4 0 obj.<<./ca 1./BM /Normal.>>.endobj.5 0 obj.<<./ca 0.2471./BM /Normal.>>.endobj.6 0 obj.<<./ca 0./BM /Normal.>>.endobj.7 0 obj.<<./ca 0.3294./BM /Normal.>>.endobj.8 0 obj.<<./CA 0.851./ca 0.851./LC 0./LJ 0./LW 1./ML 4./SA true./BM /Norma

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.996601
Total Bytes:	492551
Stream Entropy:	7.997066
Stream Bytes:	487613
Entropy outside Streams:	5.307552
Bytes outside Streams:	4938
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	33
endobj	33
stream	15
endstream	15
xref	0
trailer	0
startxref	1
/Page	2
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
13	8080808080808080	ddc0b61b0e7d611c14796574124538a6
12	0000000000000000	ca3773d02665336a2dd855142645f147
15	01065e36aac84480	039d47c43e5faaa14e7a2a5a977c6090
14	00020c26aac84400	0326a9d5a963ca1403cc0bd588ffa0e2
17	00000050a2900000	37b3f1bb6dda2883a4d0a3c0333254a0

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6640, Parent PID: 2580

General

Target ID:	0
Start time:	20:05:31
Start date:	25/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Obaid_WFH_Check.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7200, Parent PID: 6640

General

Target ID:	1
Start time:	20:05:32
Start date:	25/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7376, Parent PID: 7200

General

Target ID:	3
Start time:	20:05:32
Start date:	25/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2084 --field-trial-handle=1736,i,10949930308330096366,4183056358984129761,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Obaid_WFH_Check.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\dd2b2515-a754-4356-b3d7-fbccb6a9541b.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425180536Z-162.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5772

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Windows Analysis Report
Obaid_WFH_Check.pdf