Edit tour

Windows Analysis Report
CERT-1416920247.pdf

Overview

General Information

Sample name:	CERT-1416920247.pdf
Analysis ID:	1432433
MD5:	05f30d9cb8f7b79c65256dca2447549a
SHA1:	3a00a290c43fa03f3312237074d0395b52d8ea94
SHA256:	0f14c0cb3b105175dee0032ac24b96d071aef81fe5329cccffa18f3663058985
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6684 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CERT-1416920247.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7180 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7376 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1592,i,11691557971963258939,14076181574158468208,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443

Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49739
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 192.168.2.4:49741 -> 107.22.247.231:443
Source: global traffic	TCP traffic: 107.22.247.231:443 -> 192.168.2.4:49741
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 192.168.2.4:49742 -> 96.17.64.189:443
Source: global traffic	TCP traffic: 96.17.64.189:443 -> 192.168.2.4:49742

Source: Joe Sandbox View	IP Address: 96.17.64.189 96.17.64.189
Source: Joe Sandbox View	IP Address: 107.22.247.231 107.22.247.231

Source: global traffic	HTTP traffic detected: OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-aliveAccept: /Access-Control-Request-Method: GETAccess-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-keyOrigin: https://rna-resource.acrobat.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: a4ecfc44-3976-4051-8c45-0a7e26b55a37x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 107.22.247.231
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.64.189

Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: a4ecfc44-3976-4051-8c45-0a7e26b55a37x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: classification engine

Classification label: clean2.winPDF@14/46@0/2

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-27 03-20-34-600.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CERT-1416920247.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1592,i,11691557971963258939,14076181574158468208,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1592,i,11691557971963258939,14076181574158468208,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: CERT-1416920247.pdf	Initial sample: PDF keyword /JS count = 0
Source: CERT-1416920247.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9skb9_nxo82l_3h0.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9skb9_nxo82l_3h0.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: CERT-1416920247.pdf

Initial sample: PDF keyword stream count = 198

Source: CERT-1416920247.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: CERT-1416920247.pdf

Initial sample: PDF keyword endobj count = 281

Source: CERT-1416920247.pdf

Initial sample: PDF keyword endstream count = 198

Source: CERT-1416920247.pdf

Initial sample: PDF keyword obj count = 281

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	12 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
96.17.64.189	unknown	United States		16625	AKAMAI-ASUS	false
107.22.247.231	unknown	United States		14618	AMAZON-AESUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432433
Start date and time:	2024-04-27 03:19:43 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 42s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	CERT-1416920247.pdf
Detection:	CLEAN
Classification:	clean2.winPDF@14/46@0/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 69.192.108.223, 172.64.41.3, 162.159.61.3, 184.26.41.186, 184.26.41.208, 23.33.46.46, 23.33.46.26, 23.36.38.92, 23.36.38.93, 23.36.38.78, 23.36.38.84, 23.36.38.118, 23.36.38.79, 23.36.38.109, 23.36.38.77, 23.33.46.49
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
96.17.64.189	bundle.exe	Get hash	malicious	Jupyter	Browse
	awFjt23a5H.exe	Get hash	malicious	Unknown	Browse
	Proforma packing list-PO#37454-7148767.xls	Get hash	malicious	Unknown	Browse
	Instruction.pdf.lnk	Get hash	malicious	Unknown	Browse
	PEDIDO-DOCpdf.rar	Get hash	malicious	Unknown	Browse
	installer-build-x64.exe	Get hash	malicious	Unknown	Browse
	https://media.muckrack.com/portfolio/items/14900624/942f7bdf8b053c2baa0b4582cbf09c88.pdf	Get hash	malicious	Unknown	Browse
107.22.247.231	[EXTERNAL] New file received.eml	Get hash	malicious	HTMLPhisher	Browse
	Payment MT103.xls	Get hash	malicious	Unknown	Browse
	https://ddec1-0-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2facrobat.adobe.com%2fid%2furn%3aaaid%3asc%3aVA6C2%3a2a138187%2d69c4%2d4ab4%2d842d%2dee0003585bc9&umid=48a0bf19-c23f-4ede-a21a-c8110fd2ff5e&auth=3396b606d81544f1fa36c033f23b9c9aa919296a-56125daf7e96fa7cc3eab78dc35383db072b630f	Get hash	malicious	HTMLPhisher	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:aa27f609-25f0-4828-b7d2-b06346f88949?viewer%21megaVerb=group-discover	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	cbaa5b23840b4752354ec62d6a5c89129f0f504b8be2d453fb8bff37fd885ac6.zip	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_e58087ae88278b39958b41d20906aefc2b88a08d.zip	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:US:9e302e2f-d0ed-45a9-8388-cab11cb350ef	Get hash	malicious	HTMLPhisher	Browse
	Fatturation110124.exe	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:US:b1c915de-7158-4dd9-aa63-db461c226178	Get hash	malicious	HTMLPhisher	Browse
	http://irp-cdn.multiscreensite.com/8bce5147/files/uploaded/68996768590.pdf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AMAZON-AESUS	https://palmettoanimalclinic.aweb.page/p/0ac693e3-6f85-4fd6-86d7-f770e6e73d32	Get hash	malicious	Unknown	Browse	3.225.133.43
	https://rise.articulate.com/share/zO8B8EFq4bxdit8kVRcUzBOZMbkl1WSz#/lessons/2GyyR-D75sLlZcXDanN5dOaLxSSkgNvo	Get hash	malicious	HTMLPhisher	Browse	3.233.153.122
	https://sites.google.com/authorizewebcenter.com/565hu4?usp=sharing	Get hash	malicious	HTMLPhisher	Browse	34.224.151.55
	http://carajasnutricaoanimal.com	Get hash	malicious	Unknown	Browse	34.200.189.226
	phish_alert_sp2_2.0.0.0 - 2024-04-26T151509.287.eml	Get hash	malicious	HTMLPhisher	Browse	34.196.110.25
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTQxMDYyLCJtZXNzYWdlX2lkIjoiMGd5MHB6amd2a3hmeTlnN24wNzkzdzQ3IzIzYWUwMmFhLWVjMDQtNGYwMy1iODk3LWM4NjMyYzU3ZDIxMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1Njc3MDYyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMHNlYW4uZnVlbGxoYXJ0QGJhbmthdGNpdHkuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDBmMjcwMDVjM2U0ZWRkMzE4MTUyNDIxMWMwZmNiZDYifQ.HuxvS7w7UGVjl7M8LBH9yLcIGAIbx_lymrlb7oZbnQ4	Get hash	malicious	Captcha Phish	Browse	3.94.175.225
	https://www.flowcode.com/page/theferrucciolawfirm	Get hash	malicious	Unknown	Browse	3.233.147.180
	https://unilever3.demdex.net/firstevent?d_event=click&d_bu=317196&c_medium=display&c_destination=Retailer&c_country=BD&c_campaignname=L-LifebuoyHandsanitizerLaunchComm&c_prodcat=CH1097&c_brandcode=BH0300&d_adgroup=All_KV&c_contenttype=display&c_source=Dhaka%20Tribune&d_rd=https://campaign-statistics.com/link_click/PidJvkyg2S_O4JTm/159dfdb0ade49a7c5597d3c1d9bd3d8a	Get hash	malicious	Unknown	Browse	52.6.239.236
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTAxOTIyLCJtZXNzYWdlX2lkIjoiMGd4d3poYXc3czloeGZoZWNuNjNuYnFwIzg0YjRlN2VjLTdhZjUtNDU5Yi1hNTYxLWE1ZmVlMTE3NTllNiIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjM3OTIyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGphbWVzLmZheUBjb3VudHluYXRpb25hbGJhbmsuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDA4YWI4OGRlY2JmNDFjMjRhYTZhMDRlOWU1OWMzZDAifQ.i-tkK1Lnys-MM487ot1MrSYQb6ExLgZNRQbgsH8B2K0	Get hash	malicious	Captcha Phish	Browse	52.205.88.207
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTM3MzAwLCJtZXNzYWdlX2lkIjoiMGd5MGJnNjBqOTJwcmNuZjhhNHNxYWpwIzZjY2RmYjMyLWJiNzgtNGQwNC1hYWYwLTg3MjdkMTg4MjZlMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjczMzAwLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMGhiYXJ0aGxvd0BzZWN1cnVzdGVjaG5vbG9naWVzLmNvbSZwYXRocz1hYm92ZSZsaW5rPUZheF9PdXRsb29rIiwiaW5kaXZpZHVhbF9pZCI6IjQ0NDY4NzI5YzA1N2Q5ZDJjYzNiYjZlOTc3NDg3MzUyIn0.AryFGbNWOut6hGg1x_WBQ4QL5QU_wggDk6q2PUj7rNI	Get hash	malicious	Captcha Phish	Browse	3.94.175.225
AKAMAI-ASUS	https://sgusa3.sharepoint.com/:f:/s/ESSExternalPortal/Ep2vdkaY-f5IstEbB83tCgcBs_cKepSlCQGqJ92Z-gw5uQ?xsdata=MDV8MDJ8bW1leWVyc0BidXJuc21jZC5jb218OWZhZmYwM2M2MThiNGMzMmI4NjYwOGRjNjYyZjk3YWR8YmZiYjlhMmI2ZDk5NGU3OGIzYzc5NTAwNWQ1NTVjOGJ8MHwwfDYzODQ5NzYwMTc5ODA4MjQwNHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=bngyZ1FROWtWMzlEWlhCYjlhRkpvV0dHeHJKK2JGZG9MckVVMGFjcHpYYz0%3d	Get hash	malicious	HTMLPhisher	Browse	23.40.179.187
	file.exe	Get hash	malicious	Vidar	Browse	23.194.234.100
	https://gjyefv.degaris.com/	Get hash	malicious	HTMLPhisher	Browse	23.193.106.20
	file.exe	Get hash	malicious	Unknown	Browse	23.50.112.29
	file.exe	Get hash	malicious	Unknown	Browse	23.50.112.28
	factura - ztcpyqiqtfiewxjhesna.msi	Get hash	malicious	Unknown	Browse	23.44.94.139
	file.exe	Get hash	malicious	Vidar	Browse	23.194.234.100
	RemotePCHost.exe	Get hash	malicious	Unknown	Browse	184.31.62.93
	https://autode.sk/4bb5BeV	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.214.187.157
	aios3.exe	Get hash	malicious	Unknown	Browse	184.31.60.185

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.197961476551234
Encrypted:	false
SSDEEP:	6:SN+q2Pwkn2nKuAl9OmbnIFUt8k/ZZmw+k/NVkwOwkn2nKuAl9OmbjLJ:SIvYfHAahFUt82Z/+2z5JfHAaSJ
MD5:	1C1BC6CFE890C57261B8C164E866A5B7
SHA1:	FC882DFB5D189300E2DD04C835E96568FC893A9B
SHA-256:	389301B5CB2946746F0B222CDC18C75F35CD31B1F3F227ED3EE22A3DBB791097
SHA-512:	D21B773CB45F2A9714D74EEBE3E422908BBE9A80485B8D13F59DC7FA6FF1D48D7680A76003C3B4A7EFB1720DE42D15623268152D2CC8D9F059C85CCD0AF11CD3
Malicious:	false
Reputation:	low
Preview:	2024/04/27-03:20:31.633 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/27-03:20:31.634 1cb8 Recovering log #3.2024/04/27-03:20:31.634 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.197961476551234
Encrypted:	false
SSDEEP:	6:SN+q2Pwkn2nKuAl9OmbnIFUt8k/ZZmw+k/NVkwOwkn2nKuAl9OmbjLJ:SIvYfHAahFUt82Z/+2z5JfHAaSJ
MD5:	1C1BC6CFE890C57261B8C164E866A5B7
SHA1:	FC882DFB5D189300E2DD04C835E96568FC893A9B
SHA-256:	389301B5CB2946746F0B222CDC18C75F35CD31B1F3F227ED3EE22A3DBB791097
SHA-512:	D21B773CB45F2A9714D74EEBE3E422908BBE9A80485B8D13F59DC7FA6FF1D48D7680A76003C3B4A7EFB1720DE42D15623268152D2CC8D9F059C85CCD0AF11CD3
Malicious:	false
Reputation:	low
Preview:	2024/04/27-03:20:31.633 1cb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/27-03:20:31.634 1cb8 Recovering log #3.2024/04/27-03:20:31.634 1cb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.197074358804107
Encrypted:	false
SSDEEP:	6:xw+q2Pwkn2nKuAl9Ombzo2jMGIFUt8aZZmw+hd3VkwOwkn2nKuAl9Ombzo2jMmLJ:x1vYfHAa8uFUt8O/+hT5JfHAa8RJ
MD5:	E7AA2A0F25A77D138B35E2994338B572
SHA1:	A5263E34558E9A126F142F0A4DE17A651061AC0A
SHA-256:	5F910CB066BC8E39FC05979FA662D671F66A50D990872982B57582D2771796F4
SHA-512:	3492F5F7A2EBF435A6EEF820ABD84E693032EF5C86B872DAEF7E9A27C16319E61CF53BF39D30EF4F2231A46BA34C9A8F7F67727073678DCF05021636AE9A25E5
Malicious:	false
Reputation:	low
Preview:	2024/04/27-03:20:31.662 1cf8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/27-03:20:31.663 1cf8 Recovering log #3.2024/04/27-03:20:31.664 1cf8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.197074358804107
Encrypted:	false
SSDEEP:	6:xw+q2Pwkn2nKuAl9Ombzo2jMGIFUt8aZZmw+hd3VkwOwkn2nKuAl9Ombzo2jMmLJ:x1vYfHAa8uFUt8O/+hT5JfHAa8RJ
MD5:	E7AA2A0F25A77D138B35E2994338B572
SHA1:	A5263E34558E9A126F142F0A4DE17A651061AC0A
SHA-256:	5F910CB066BC8E39FC05979FA662D671F66A50D990872982B57582D2771796F4
SHA-512:	3492F5F7A2EBF435A6EEF820ABD84E693032EF5C86B872DAEF7E9A27C16319E61CF53BF39D30EF4F2231A46BA34C9A8F7F67727073678DCF05021636AE9A25E5
Malicious:	false
Reputation:	low
Preview:	2024/04/27-03:20:31.662 1cf8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/27-03:20:31.663 1cf8 Recovering log #3.2024/04/27-03:20:31.664 1cf8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0adb0edd-c452-48ba-80ae-657430bfab77.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\22b650c7-1897-4b99-ac16-0027fd94b8ac.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	474
Entropy (8bit):	4.963189744724114
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZQm5sBdOg2HAcaq3QYiubInP7E4TX:Y2sRdsrjdMHr3QYhbG7n7
MD5:	B5E18B7B8BF4BFE4668690FFF2D82495
SHA1:	50C47FA782C4CE4B811A94C34D4B9BC6884FCE2E
SHA-256:	5326C5D9C23AC990770F590ECAF8137CEE89B5F2B9D3F0E065598702091D647F
SHA-512:	D92BED799E256BE8A9FC8E018419DFBA7FCA60345FF620E169221F2827BF501402F29A192C02C863CCE06D61362ED5DAD14C1B0711F1FA686113D25BD40E8979
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358740844502245","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":90023},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF635dfd.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.258396739695005
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7PzRZ7zMZZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goQ
MD5:	1CF78D31DEB2E748D2F93ABC60D4D1CD
SHA1:	9376D11235B0A48AAB64CE176C8D17391F646BC1
SHA-256:	5A9ABF8C6586E844BA38383AF8EDD9C69724DD6D733B61EE3DF3554664429D88
SHA-512:	A9FF08CF29EADB8912CE825F40B7BE408219D68F1F6A31480314E3D7AA05F9055AB33388439B37FDA7B50D4FF6027840642B8851208FFD63DDDC190BA95806E2
Malicious:	false
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.136539136697214
Encrypted:	false
SSDEEP:	6:m2J3+q2Pwkn2nKuAl9OmbzNMxIFUt8vQFZmw+vHNVkwOwkn2nKuAl9OmbzNMFLJ:ZJOvYfHAa8jFUt8i/+r5JfHAa84J
MD5:	D790BD969A1CA8D3D712682797C99129
SHA1:	A88BBF4143E0D231CA0495815BA48A474B33D709
SHA-256:	B35B38162F686BE10AC85588BCBF68AB6D23D07026A55C1AF57B43293E7B4046
SHA-512:	673D7F6AB778FD4625BCCFD2D7EA03A13FF06B1CE11ED5000487BD30F93C0592F3525E007F71A995081E8751B949FBCC082B320FECAF554DEE82007033101170
Malicious:	false
Preview:	2024/04/27-03:20:33.230 1cf8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/27-03:20:33.232 1cf8 Recovering log #3.2024/04/27-03:20:33.233 1cf8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.136539136697214
Encrypted:	false
SSDEEP:	6:m2J3+q2Pwkn2nKuAl9OmbzNMxIFUt8vQFZmw+vHNVkwOwkn2nKuAl9OmbzNMFLJ:ZJOvYfHAa8jFUt8i/+r5JfHAa84J
MD5:	D790BD969A1CA8D3D712682797C99129
SHA1:	A88BBF4143E0D231CA0495815BA48A474B33D709
SHA-256:	B35B38162F686BE10AC85588BCBF68AB6D23D07026A55C1AF57B43293E7B4046
SHA-512:	673D7F6AB778FD4625BCCFD2D7EA03A13FF06B1CE11ED5000487BD30F93C0592F3525E007F71A995081E8751B949FBCC082B320FECAF554DEE82007033101170
Malicious:	false
Preview:	2024/04/27-03:20:33.230 1cf8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/27-03:20:33.232 1cf8 Recovering log #3.2024/04/27-03:20:33.233 1cf8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240427012039Z-270.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.1393135063835316
Encrypted:	false
SSDEEP:	96:U7y9rKaa0qlY7Az45UQ+lvxMMWRHhnG3H9Hz51DubdugvI6a1agQmpZqSMxqkOjP:U7jhYAk5U3v0hGX9z241ag5kOL
MD5:	BF382857478FEDAB01C2180B0183B729
SHA1:	7CB965D68B3A5A1FD138BCD761569556F37B19BA
SHA-256:	D6DFA2C7914BE1446A74F48647DEFE1023A5B47C594A7AC40430D6AF81F2C0E1
SHA-512:	E31BDBC89391D2DFD15BD10DCA617215636AFC1214E8F751FCA0FE34CE7D24904D875DCD1717E71F21F8B1D12F8B98DC3DA044A1F69BB62696E0FDDF0A8BAC0A
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445086619516185
Encrypted:	false
SSDEEP:	384:yezci5toiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rPs3OazzU89UTTgUL
MD5:	CD2488F3E855D967ECBD1134A6169B7F
SHA1:	C314F785DF655A1C684A1457D7D836E33FE6D805
SHA-256:	E0A46FE73A5E9A880809A7D21D6AE818D78CD2A384063CE32E9F8FBE2F3BBED7
SHA-512:	79D5AEDD1AB332A041BBF6E9F04C499C1F72EDA5DAA7278C7B8155B919EC00FDF6936A8353E09CF39A38B995D0A12279D49C9EE39A127194646326B3A1222A53
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.775335325027983
Encrypted:	false
SSDEEP:	48:7MFp/E2ioyVKioy9oWoy1Cwoy1CKOioy1noy1AYoy1Wioy1hioybioygoy1noy15:7WpjuKFxXKQVUb9IVXEBodRBks
MD5:	3BAC380347F5AD79A67357118C3F18DA
SHA1:	0CA3DF28861693C19528AF8766181E56B0C0A43A
SHA-256:	C912993BB46039CC61CDF8F0797DC5BB748B56C2ED1EF134A152289D07FE7445
SHA-512:	0C1CC1DBD88F70D4EE515DC7BEC4E6A4D1ADD9845C57CC6E3FE0D864E1CD886E63DE107DC6B074082BF72390ABA87A7F8CE2C4A3AB7713AC6A39B9F879935641
Malicious:	false
Preview:	.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4500

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.376652361724892
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJM3g98kUwPeUkwRe9:YvXKXFOvu0H2Zc0vjGMbLUkee9
MD5:	31EBB2C68BD777990EA708A1D9F3B26C
SHA1:	DE3BF413AB10F8604FA31B86C25F2A2BF3FD6699
SHA-256:	75054878974D4A5BDE734E84D9ABC66AC6521B3F36626CD8A4D274CDA5EAA905
SHA-512:	65F18A432C2F825A02261D254E5C3E080CB36D48BB5795D62C6B27E752E050042D595271B219D4A6535182ABC72D97D0C31176A9AD1407F6651198B52FF8872A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.326693080019136
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfBoTfXpnrPeUkwRe9:YvXKXFOvu0H2Zc0vjGWTfXcUkee9
MD5:	8EA7855200AF7B296A56F9DA8294E53F
SHA1:	9B452FD2102F9703B8D0D69061BD48922D29D6A4
SHA-256:	4203F14ACA47C7BB055976164444F13B7188F42A4E20C2842FDA11A0A42AFB52
SHA-512:	20BCC1DBEA96B3BCD24D255922FAF1E5CC30A46215B730A929B97BF8DA7A53053E7099F1F069879C8C9CF624EE9E307B668F11A54747563B9E665CC619BB96D0
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.30524139654514
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfBD2G6UpnrPeUkwRe9:YvXKXFOvu0H2Zc0vjGR22cUkee9
MD5:	2DBD9919707792B1E5FBEDFAA27ECEEF
SHA1:	1BA02CB81F00FE54F13A0E6CE17EF18D677571EC
SHA-256:	C252B8A3217AAACF49A286A21603569451CADB7D25BD32C32E0D84E328C58A85
SHA-512:	75566BA23FF09147A43311DED618F3F15A8A111756CD27B7AE372BA15194DA0990BED4BB17CFB3C930EB079DBBDEFC2CE4DC91D8A684DB0D2E0FB2EE09C90965
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.364129147758918
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfPmwrPeUkwRe9:YvXKXFOvu0H2Zc0vjGH56Ukee9
MD5:	3379E3C74793B4EE32577F52A365A4E9
SHA1:	39CD9C9369877B6BD3609EEE81FDEC819BB5A81C
SHA-256:	5A255D58FDAC8FAFB4B8F652DD1D9ACFD38CA5412E7A6CFEE193F26F59D268DC
SHA-512:	40EB58D4B5026AF47BFBD13ADC9BC1E4D46147BADE3A6F574F103786E8BD246E19BE22CC743D7F01489D220C8C8203276C231B231657CEA8C0BCAF829733A0C4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.320776439473564
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfJWCtMdPeUkwRe9:YvXKXFOvu0H2Zc0vjGBS8Ukee9
MD5:	F2E45ACA523600A70B5A01C318DD1EF5
SHA1:	AD1F959B0066BC4BA6AE00E29812F6FC18FF7A9E
SHA-256:	7E06353DE9BBABB5338831C72D99A18A0A7ED0AFA718068E25C6DE287B54E1DE
SHA-512:	95845D5928618040EBD3F6367BA1EE59E0B2AC779E9C2C4C576797B41A2EBD4B0DE872D85217E4D80263D7200943C300222191DFBA11806B40CCAC7D1A269703
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.307774729920476
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJf8dPeUkwRe9:YvXKXFOvu0H2Zc0vjGU8Ukee9
MD5:	0D92902AA0F70916E08113DF13DAC52B
SHA1:	91EF91A4A7D0E437721598D471287F7464101312
SHA-256:	086680BFAC74412BCB88BC80FD4A604CC8043ED5D18BACF3C525DCE78D17E11B
SHA-512:	B841B9FEBE38EB2049ABCEC0C379DAE0E3B2669CD8DD71E5AE454AC10B55CFD4C2FC2EB1D139E5771F358CC88B8329685D3269A411E5A3117915EABF11336527
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.311286490801164
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfQ1rPeUkwRe9:YvXKXFOvu0H2Zc0vjGY16Ukee9
MD5:	39CBB9A2F953538F0FACFB44FB144FD2
SHA1:	C02C4D132A23961FF5B162F9D89111FF1E084054
SHA-256:	815E66675C003571276A240D376074C4383C2FDE8A4D565DEBB6E48AFB30B5B2
SHA-512:	7FE88FFF03E0FFFEE0FCDA0946F4FECE68470C8236D2F0CFC6719A872A8946FBE930E494D7B9623B144B80F78965E786AE2AE2B6506543B8D30AAAA9CF2A83C3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.31490068427861
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfFldPeUkwRe9:YvXKXFOvu0H2Zc0vjGz8Ukee9
MD5:	03CF473D9FC7D48E2D083F24E3099BE2
SHA1:	56157FD8DA7A2631A892A9D1A6249A2D6C37BD28
SHA-256:	E9611B8410AD7D50A5B345EE836B5B257D4A377D7E0306C44F829B1572B77D45
SHA-512:	2BA927E4A727B351A2CCABD7864195944B1340FBA8BA7875E2AAE7039D7CC4FBAE110A76B1B420035D9923AEA862DC5E962078C3D4EF020BCC04E0E531A82534
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.739349553753318
Encrypted:	false
SSDEEP:	24:Yv6XIG0H2zv7KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNHf:YvRGGujEgigrNt0wSJn+ns8cvFJxf
MD5:	47D341C5C3CE5AD46FA1D42EC64129A8
SHA1:	E71107343D51A10B1B212DE7A205BFB16749B2E3
SHA-256:	0AEF4578DD0B340738BF976282ED8105261489ADB7C57886D8E170C5045D7CD2
SHA-512:	899C137C248B66B65125A5FC4B3B89F827A5DAAA38377D293C2662D1E784071EB0D2FCF4264186AE3FF1BD879852C82B9875B66D8B6EA46EA081C148B7716548
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3140654107943455
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfYdPeUkwRe9:YvXKXFOvu0H2Zc0vjGg8Ukee9
MD5:	743E68CA25E3F88BE70E93FE6CE6EB80
SHA1:	87D62A0B56513CF743E9CCB310EB1A9F7A8DD3CC
SHA-256:	C8DF45F92EBB82DACF4DC5F50DFF2028F7AFF8DD825A23FC054CB46367B52DC3
SHA-512:	8503E09251D9B52EF945AD6BA60CFC431559D90F249D3FEFA6FECAB3B26CE2C9928933F4BD9153A83C5A281DD99CF9D79172F3C79CC4396E13EFAD94315C4F35
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.777775428137535
Encrypted:	false
SSDEEP:	24:Yv6XIG0H2zvmrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNPf:YvRGGu+HgDv3W2aYQfgB5OUupHrQ9FJd
MD5:	FE330269A9232706562D530CC9D0A071
SHA1:	C547575708546E7DCA8229DC5A21CD0484676B64
SHA-256:	1DF47866C4E03471C5B3123B02934AEB8178217F8C89A5B4E29D4F90BDCB9B2E
SHA-512:	32EAD936A74811D84E7DC55F9E6CD0E7D9D9AEA6FC4C1DCABE571972761E650E92BEF9E8841ABD40CD688CE6D2CE686804CB5451D1B167C21D681A044FD778E6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.297515838978215
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfbPtdPeUkwRe9:YvXKXFOvu0H2Zc0vjGDV8Ukee9
MD5:	69AB3BF59D1C071E338A676573B8BC30
SHA1:	F15A01C85BC87923791DD1D9A9C53B40FB7C7D31
SHA-256:	702C4D95D787BADF14804EAA08674C2F2E82C67A016B3BE3FC87C0F261F047E8
SHA-512:	CA1726806A551EA1C78B9E4630EB5FF7D7B8F9B6760847F7EBED6E8124CF6BBFB15F311AEE1EE55C3772A0EC0EDFC760417326AE6C4D2176D9E816628A71B260
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.302047597293302
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJf21rPeUkwRe9:YvXKXFOvu0H2Zc0vjG+16Ukee9
MD5:	F3D155A9ABEAC0313EB03B2CC27EC8E9
SHA1:	C53C1ADBCC0DDF1E7BB83EEF11A34D0B78DDF914
SHA-256:	DAFE659C5C4A1C243115DA51973305714E8D63D516A82BED8F6ABAC64B962F77
SHA-512:	3E5C882B567D2912499DD52FC52BD488370BB83FCA47DDBF284CA22E43B5123812C671AF9FF16595149FACB4817FC79D1C552A1F848FC498A55EB9A085BE04E3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.320900539552493
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfbpatdPeUkwRe9:YvXKXFOvu0H2Zc0vjGVat8Ukee9
MD5:	E032F149F434C2BC18D200F689F74749
SHA1:	DCB4E60F318A4F8FB2FD2517B78F46802B9BFCE3
SHA-256:	41384E7B59B7EA039A7056AB0E3C111A3121C35D59708177BBF7455C47ABABA7
SHA-512:	B9E94B45E5376C21D4B5488FAA6A8C909F182AE9F45BAEE0CC501856CDCD62D14A65D79BF493CFE3901EA99AEA997B41ACDDCFEA959D5763626A8808EBB911C5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.275852879634933
Encrypted:	false
SSDEEP:	6:YEQXJ2HXFOv5sR04KHVoZcg1vRcR0YdxoAvJfshHHrPeUkwRe9:YvXKXFOvu0H2Zc0vjGUUUkee9
MD5:	D80D2416752416BDE76D26B7BDDCEC79
SHA1:	C14EE96105CFFBD460D44FF802D5FF4EBC2F2F7F
SHA-256:	27B318B135424E2250A2722213CFE107BF5C22855E2E516EEEBAF3A9F79A6333
SHA-512:	55E067D2B9911C0608AFF7254DAF3670E1220C61568D1E40F475365C2BE7585958786D7280FED0E19160D6C1ECC7D5FBF17DE81F27FD157CE2C495490AA28250
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.370548055865708
Encrypted:	false
SSDEEP:	12:YvXKXFOvu0H2Zc0vjGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWjf:Yv6XIG0H2zvz168CgEXX5kcIfANhIf
MD5:	2F6C90A147462146D3DFA9E1B5770C8C
SHA1:	D583432D2659071A36EFF51658433DFA888110F5
SHA-256:	FF20A258D08ECD12F949C6CF2613248C1BDC5EC4A0F04ED8DB30CDE84F1A97A3
SHA-512:	FBF17C2512F47CD5CD0025A24AFF3FD9DD800DB356EE4CA9CCA5C01B080374B03425A45E8190B1243A8B61EDBCF72EC6A21A1FAC33751B01182DA9B58619BC66
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"26dc292d-f5d9-4d76-882e-882beb0d8c0a","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1714355998161,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714180843195}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.1229853356155015
Encrypted:	false
SSDEEP:	48:YzDhJ9+o3f7tTvZSX1UobGSvgTkmO2VF9J0fwJA934ob:SDhJvTtzZSX1UobGSvgTB3H9J0fOe34e
MD5:	F95B660BF230D70AB424D1D56F04267B
SHA1:	F2A0185A714B4B7F81C3FD94A21C71407D539963
SHA-256:	28880670C6DF20A687CDED00D01F387A4502D58A425334A0DA65F6FE184A224B
SHA-512:	98BDE8D639D03784778F4A7E546FF4A476635A222F5FF1FDD8A11685587E25F58E30392DDA977AC02BD7BA34434EA0686D0A2AA4AE5AF1120870C85339F5AD96
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"a5f2e8080b79835fd5ca79e89ea852c6","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714180842000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"dc4ee09095f88ff23e52c5870974d7c5","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714180842000},{"id":"Edit_InApp_Aug2020","info":{"dg":"67808f7caa80f15ff0ea0a18c627459f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714180842000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"000f7d67b45b88fbfcb8191999efb283","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714180842000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"c41d1aa43507e6e3aab432a644195cea","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714180842000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"4599f5760eba421ec762eb859148577d","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714180842000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1871931814582968
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUvgsOSvR9H9vxFGiDIAEkGVvp7gsI:lNVmswUUUUUUUUvgB+FGSItvgl
MD5:	83D2C43AFD738C6F68DB0C227DFF100D
SHA1:	D1E98B1B58B694F5DAC951241DEEF25E6C0AF7AD
SHA-256:	7A0D369072514CBA448CB1084648063BBAA53C3DBCF491A0AC8F8133984D9040
SHA-512:	6B73A5A2CA3AB5796B246529E18DD9FACC200C2356A2A77868566CFF65061CC32E5987E24957F71D27D4E4CAA4DA81519100C5D47662C37B06E14BD797089F0F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6038229068074241
Encrypted:	false
SSDEEP:	48:7MBKUUUUUUUUUUvgscvR9H9vxFGiDIAEkGVvdqFl2GL7msJ:7rUUUUUUUUUUvgtFGSItPKVmsJ
MD5:	5042E4CA169A1EFCC1EB5CD2164AE637
SHA1:	E633747758D38E6CF83488BD08CD48A5E7A50312
SHA-256:	E09089585B9BB1B99E8123BCF702EC5F8AF9EA02CE318E843F7AE46AF6190B66
SHA-512:	AD8E3A4655E55C4BB92CA18A6E8ADB45DDD4903543C3CD0427F616092CD11ACF6F7368A5144DB6F4B55E7998B0313FEE7A674222EEC3510386D86FD388FBD0E5
Malicious:	false
Preview:	.... .c......M........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI2ad69.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.501595078528367
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88g0YH:Qw946cPbiOxDlbYnuRK60YH
MD5:	82E2EA14600DF66666DA51899211E499
SHA1:	601C46122B32C674F311AAB08B7E1B67374301FC
SHA-256:	FD30F9AED1AE75810E5A171F736D85537F65E7D4E2884082ECA5EAB9D88049CC
SHA-512:	C45BDB8B05BF3266736D42C736D69C5764D1DB2FCC1BE8D12967D3BD17B6D108EFADBD74E921F16D01F8911137A4CFE4167390FACFCE0B66D9F9E6EA8608974A
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.4./.2.0.2.4. . .0.3.:.2.0.:.4.0. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9skb9_nxo82l_3h0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.029725146344355
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOrmQQfQQ+MTCSyAAO:IngVMre9T0HQIDmy9g06JXyQQYQ+MTlX
MD5:	9093A4A4E32D32CDB09B9D30AAC4C8C7
SHA1:	3F29ECD85DA46243CD8976C2667748EE81538AE0
SHA-256:	918CAFF40F1C10B74BFF90FE806315D96BD1BC5E543DEB97BC55C70D682B2AE6
SHA-512:	88EBB4EB979222C3F24CADEA4F3B915A1844D51F8010F5397933ABB9D7D2930321631EDBFA9EFE63A85B4B1494C4D0E4B6FC34A76EFCC9881162D6ECF5C02828
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<FFEC43967B7A0C4FA63046D3AB4C3A6A><FFEC43967B7A0C4FA63046D3AB4C3A6A>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-27 03-20-34-600.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.3491775292792365
Encrypted:	false
SSDEEP:	384:UZIN4IpsVGe4+WUerdPlaXHM/giDYcOwTyO0Q0FFCGas2WwGXGiezeT2fBOQxZtS:W5X
MD5:	3B442D4738024710C2D0D1507FFD049C
SHA1:	A94676CBD33BA184600D42F899B7B42918A310E7
SHA-256:	A93D133D0EB03E69AAAD2F01C5F534AE195FC17B9224AB9AA9EE8119D3B0E2A1
SHA-512:	EE441C153992A52C8C43875693B082E825A12AA7964F6172B75D3D0648C9E9AF36BE07FDEE5C455EB0B7E8A0152DD6CD97E3727061DA7D6D8D03C114AD453C60
Malicious:	false
Preview:	SessionID=15c7ad88-1dae-423f-8320-f6c603ac36ac.1714180834611 Timestamp=2024-04-27T03:20:34:611+0200 ThreadID=7172 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=15c7ad88-1dae-423f-8320-f6c603ac36ac.1714180834611 Timestamp=2024-04-27T03:20:34:612+0200 ThreadID=7172 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=15c7ad88-1dae-423f-8320-f6c603ac36ac.1714180834611 Timestamp=2024-04-27T03:20:34:613+0200 ThreadID=7172 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=15c7ad88-1dae-423f-8320-f6c603ac36ac.1714180834611 Timestamp=2024-04-27T03:20:34:613+0200 ThreadID=7172 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=15c7ad88-1dae-423f-8320-f6c603ac36ac.1714180834611 Timestamp=2024-04-27T03:20:34:613+0200 ThreadID=7172 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.385125989912619
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rb:H
MD5:	D1C6B1CA434BDF2689BD22A61F876778
SHA1:	3D45A70FE02385331CFD4880EE887D1992A027E1
SHA-256:	556AF9A4BD95CD30578EEDFE2C29D5255FEDA3560A2316030EFEE537D3654D4C
SHA-512:	D9972BCBEA644799B9705D6B5583E09602E3AA6597D64FD5264A10A443734DE6C4AB823203BB02F867A348674C9EA6D80D3FBA50EBEEB3341815893202AED8C0
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\10afed75-b974-4b01-b24d-dfe517735db1.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\319e3de3-e50a-4298-8123-287950c37541.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\7f4f0031-edda-4a8b-8eb2-1523c2f2f52c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:GqA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:5VwWLkwZGuGZn3mlind9i4ufFXpAXkru
MD5:	F51616785803EE6E460DABFE7DEF339C
SHA1:	1CB166E973F34BB8F95FFAEE8339F042B6B45A4E
SHA-256:	C52B372A19A913D8F2E936209E41C296DDD8342041D4075AB2C324DD7CEDF38C
SHA-512:	66546829C2CBBE23E7E1904502232DA82D4605DD3710CA71ACA9409C705BCD71D589F713A8922C3F764D385C40420A966230FBC43E82863E10EE4B7C24526561
Malicious:	false
Preview:	...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.\|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..\|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...\|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U\|}../xS}.q..B\|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

C:\Users\user\AppData\Local\Temp\acrocef_low\8dc283ce-f7e2-4f76-b930-8d1f9685b4dc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:NFdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oXGZIZwYIGNPJF:P3mlind9i4ufFXpAXkrfUs0qWLxXGZIF
MD5:	DE3FBE7CDF2D98BC9374D18B5AA61F8D
SHA1:	6E067082A48A8ABA07CB7131A6762E4EEB1807DF
SHA-256:	13099604A80B39BE30ED03CA5CF294741D29929C880782866E2B803108478E4A
SHA-512:	9BDD74F6FDB0739359152E7384A831DF415455A1BC8A979815A0004560B1747223583E596B41631B3484C2776A2657016A34A288AC5F7A0E4ECDBDEAB63D3CE3
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.4, 9 pages
Entropy (8bit):	7.732747369956663
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	CERT-1416920247.pdf
File size:	674'278 bytes
MD5:	05f30d9cb8f7b79c65256dca2447549a
SHA1:	3a00a290c43fa03f3312237074d0395b52d8ea94
SHA256:	0f14c0cb3b105175dee0032ac24b96d071aef81fe5329cccffa18f3663058985
SHA512:	d3c536cc19ee48585821a7165199be6ded65e8747a0cff8f3fe9081af085014109b9f9bcacadfc1a6d2cb37eea05a5fbd6c069704e31025b194ecf6c22221fc9
SSDEEP:	12288:SGz7whPHflxVO5YGXGvvHoVpGRPl+dHMVFvw5H:Nz7M7GWHepGRPk5H
TLSH:	95E46B081AE63BECD9F30E6EB253F35270DA743AB5CF106585A37948EE9130DC4D6299
File Content Preview:	%PDF-1.4.%........1 0 obj.<</Length 1093/Type/Metadata/Subtype/XML>>stream..<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rd

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.732747
Total Bytes:	674278
Stream Entropy:	7.772988
Stream Bytes:	615206
Entropy outside Streams:	5.252526
Bytes outside Streams:	59072
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	281
endobj	281
stream	198
endstream	198
xref	1
trailer	1
startxref	1
/Page	9
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
14	2349184757294c3b	a0e42dfc9b14c4be1dc59c9b48c0d20f
141	0763e66b67753536	6fcbf6026bd0bb8c580857076de68633
152	2349184757294c3b	a0e42dfc9b14c4be1dc59c9b48c0d20f
213	9201010101010100	bc29e27608b1da4a32744ff485f7bfe6
214	f2c2801030b2d2f2	214b58333a845d4b7d6dc379739cf71a

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 27, 2024 03:20:41.060463905 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:41.060504913 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:41.060573101 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:41.060754061 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:41.060779095 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.618161917 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.618438005 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.618455887 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.619640112 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.619699955 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.619705915 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.619740009 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.626013041 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.626080990 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.626285076 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.626312971 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.671777010 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.798477888 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.798629045 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.798700094 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.800379038 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.800394058 CEST	443	49739	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.800404072 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.800434113 CEST	49739	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.802191973 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.802272081 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.802443027 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.802604914 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.802654028 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.996315956 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.996576071 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.996634007 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.998075962 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.998152018 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.998186111 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.998284101 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.998634100 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.998718023 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:42.998845100 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:42.998872042 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:43.046796083 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:43.246669054 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:43.246726036 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:43.246797085 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:43.246855021 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:43.246889114 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:43.246918917 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:43.246948004 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:43.247922897 CEST	49741	443	192.168.2.4	107.22.247.231
Apr 27, 2024 03:20:43.247948885 CEST	443	49741	107.22.247.231	192.168.2.4
Apr 27, 2024 03:20:45.166374922 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:45.166454077 CEST	443	49742	96.17.64.189	192.168.2.4
Apr 27, 2024 03:20:45.166529894 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:45.167736053 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:45.167771101 CEST	443	49742	96.17.64.189	192.168.2.4
Apr 27, 2024 03:20:45.665512085 CEST	443	49742	96.17.64.189	192.168.2.4
Apr 27, 2024 03:20:45.707227945 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:45.990353107 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:45.990403891 CEST	443	49742	96.17.64.189	192.168.2.4
Apr 27, 2024 03:20:45.994271994 CEST	443	49742	96.17.64.189	192.168.2.4
Apr 27, 2024 03:20:45.994364977 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:46.574558020 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:46.574732065 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:46.574744940 CEST	443	49742	96.17.64.189	192.168.2.4
Apr 27, 2024 03:20:46.574911118 CEST	443	49742	96.17.64.189	192.168.2.4
Apr 27, 2024 03:20:46.628273964 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:46.628285885 CEST	443	49742	96.17.64.189	192.168.2.4
Apr 27, 2024 03:20:46.675126076 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:46.740375996 CEST	443	49742	96.17.64.189	192.168.2.4
Apr 27, 2024 03:20:46.740542889 CEST	443	49742	96.17.64.189	192.168.2.4
Apr 27, 2024 03:20:46.740608931 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:48.057780027 CEST	49742	443	192.168.2.4	96.17.64.189
Apr 27, 2024 03:20:48.057809114 CEST	443	49742	96.17.64.189	192.168.2.4

HTTP Request Dependency Graph

https:

p13n.adobe.io

armmf.adobe.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	107.22.247.231	443	7376	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-27 01:20:42 UTC	1353	OUT	OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-key Origin: https://rna-resource.acrobat.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-27 01:20:42 UTC	508	IN	HTTP/1.1 204 No Content Server: openresty Date: Sat, 27 Apr 2024 01:20:42 GMT Content-Type: text/plain Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id X-Request-Id: qyWXeOVv5O8MydIx3JorfxI5SL6EdjzX

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	107.22.247.231	443	7376	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-27 01:20:42 UTC	1473	OUT	GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive sec-ch-ua: "Chromium";v="105" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 x-adobe-uuid: a4ecfc44-3976-4051-8c45-0a7e26b55a37 x-adobe-uuid-type: visitorId x-api-key: AdobeReader9 sec-ch-ua-platform: "Windows" Origin: https://rna-resource.acrobat.com Accept-Language: en-US,en;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br
2024-04-27 01:20:43 UTC	544	IN	HTTP/1.1 200 Server: openresty Date: Sat, 27 Apr 2024 01:20:43 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 3120 Connection: close x-request-id: 3bwPj0GnV5AMyZGZJ4e0mGYeIwle7UBP vary: accept-encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id
2024-04-27 01:20:43 UTC	3120	IN	Data Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30 Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	96.17.64.189	443	7376	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-27 01:20:46 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-04-27 01:20:46 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Sat, 27 Apr 2024 01:20:46 GMT Connection: close

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6684, Parent PID: 2580

General

Target ID:	0
Start time:	03:20:30
Start date:	27/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CERT-1416920247.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7180, Parent PID: 6684

General

Target ID:	1
Start time:	03:20:31
Start date:	27/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7376, Parent PID: 7180

General

Target ID:	3
Start time:	03:20:31
Start date:	27/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1592,i,11691557971963258939,14076181574158468208,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report CERT-1416920247.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0adb0edd-c452-48ba-80ae-657430bfab77.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\22b650c7-1897-4b99-ac16-0027fd94b8ac.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF635dfd.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240427012039Z-270.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4500

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Windows Analysis Report
CERT-1416920247.pdf