Edit tour

Windows Analysis Report
Rear label Dieline 2_V1.pdf

Overview

General Information

Sample name:	Rear label Dieline 2_V1.pdf
Analysis ID:	1665809
MD5:	8606cfe426a2041891d0164a466d4ad7
SHA1:	4c4eb447163fa4579920e0ca40cc2289b022399c
SHA256:	c20e9c23b81394e33067be0a6c424d7235bd1ee7232292dc2e4b87158b88b4af
Infos:

Detection

Score:	2
Range:	0 - 100
Confidence:	80%

Signatures

IP address seen in connection with other malware

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 1480 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Rear label Dieline 2_V1.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7320 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7532 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2232 --field-trial-handle=1568,i,6353204785273642511,6675323965327543815,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: global traffic

TCP traffic: 192.168.2.4:49720 -> 23.55.253.31:80

Source: global traffic	TCP traffic: 192.168.2.4:49720 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.4:49720
Source: global traffic	TCP traffic: 192.168.2.4:49720 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 192.168.2.4:49720 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.4:49720
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.4:49720
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.4:49720
Source: global traffic	TCP traffic: 192.168.2.4:49720 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 192.168.2.4:49720 -> 23.55.253.31:80

Source: Joe Sandbox View

IP Address: 23.55.253.31 23.55.253.31

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Rear label Dieline 2_V1.pdf	String found in binary or memory: http://www.extensis.com/meta/FontSense/
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean2.winPDF@15/47@1/1

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1236

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-15 15-24-52-700.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Rear label Dieline 2_V1.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2232 --field-trial-handle=1568,i,6353204785273642511,6675323965327543815,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2232 --field-trial-handle=1568,i,6353204785273642511,6675323965327543815,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Rear label Dieline 2_V1.pdf	Initial sample: PDF keyword /JS count = 0
Source: Rear label Dieline 2_V1.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Rear label Dieline 2_V1.pdf

Initial sample: PDF keyword stream count = 28

Source: Rear label Dieline 2_V1.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Rear label Dieline 2_V1.pdf	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
e8652.dscx.akamaiedge.net	23.55.253.31	true	false	high
x1.i.lencr.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.extensis.com/meta/FontSense/	Rear label Dieline 2_V1.pdf	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.55.253.31	e8652.dscx.akamaiedge.net	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1665809
Start date and time:	2025-04-15 21:23:50 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 18s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Rear label Dieline 2_V1.pdf
Detection:	CLEAN
Classification:	clean2.winPDF@15/47@1/1
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.31.48.185, 184.51.42.70, 184.51.42.78, 172.64.41.3, 162.159.61.3, 18.213.11.84, 54.224.241.105, 34.237.241.83, 50.16.47.176, 199.232.210.172, 23.76.34.6, 23.201.212.159, 4.245.163.56, 184.31.62.96
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, c.pki.goog, wu-b-net.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
15:24:57	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.55.253.31	Workspace Update.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	x1.i.lencr.org/
	Fatura.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	pagamento8449.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	x1.i.lencr.org/
	ShareFile received.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	(No subject).eml	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	6LqQVR.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	66eff1749fcc1c59482cc595_1428835357.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	67206033746876a86fcf0b0e_61190934873.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	672327232a2b5a0da729714a_62573688605.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	Workspace Update.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	199.232.214.172
	file.exe	Get hash	malicious	LummaC Stealer	Browse	199.232.214.172
	Agterdelen.vbs	Get hash	malicious	GuLoader	Browse	199.232.210.172
	original.eml	Get hash	malicious	Gabagool	Browse	199.232.214.172
	PURCHASE OKK.vbs	Get hash	malicious	FormBook	Browse	199.232.210.172
	nK8noQeiXl.exe	Get hash	malicious	HTMLPhisher, CryptOne, LummaC Stealer, Socks5Systemz, Tofsee	Browse	199.232.210.172
	SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe	Get hash	malicious	FormBook	Browse	199.232.210.172
	https://degrgd.dailyenglish.it.com/ODIWCBlb	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	199.232.214.172
	Fatura.pdf	Get hash	malicious	Unknown	Browse	199.232.210.172
e8652.dscx.akamaiedge.net	Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf	Get hash	malicious	HTMLPhisher	Browse	23.55.253.31
	Workspace Update.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	23.55.253.31
	original.eml	Get hash	malicious	Gabagool	Browse	23.55.253.31
	Fatura.pdf	Get hash	malicious	Unknown	Browse	23.55.253.31
	Scanned Page(s).pdf	Get hash	malicious	Unknown	Browse	23.60.85.50
	NorthcareUpdatedContract.pdf	Get hash	malicious	Unknown	Browse	23.216.73.76
	http://assets.website-files.com/65f03c438efea1c906590ffe/65f2aaccae2d27695a9701de_96175503854.pdf	Get hash	malicious	Unknown	Browse	23.208.129.49
	R93FadYc2e.pdf	Get hash	malicious	Unknown	Browse	23.216.73.76
	original.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	23.207.49.54
	pagamento8449.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	23.55.253.31

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	https://aicreators2.com/Mountain-West/	Get hash	malicious	HTMLPhisher	Browse	23.55.63.48
	Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf	Get hash	malicious	HTMLPhisher	Browse	23.55.253.31
	Workspace Update.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	23.55.253.31
	https://apex.oracle.com/pls/apex/r/capsicure/file-document/file-document	Get hash	malicious	HTMLPhisher	Browse	23.1.33.15
	RESUMO DOS PRODUTOS DS_v2.xlsm	Get hash	malicious	Unknown	Browse	23.0.175.163
	[Certificate_Details]_[Microsoft_sarah]_Tue, 15 Apr 2025 07_31_02 -0700.htm	Get hash	malicious	HTMLPhisher	Browse	96.7.218.74
	random.exe	Get hash	malicious	Credential Flusher	Browse	23.47.204.64
	original.eml	Get hash	malicious	Gabagool	Browse	23.55.253.31
	random.exe	Get hash	malicious	Credential Flusher	Browse	23.47.204.51
	https://compliancetracking.cfainstitute.org/amc-form?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImU5OGFkMTQzLWM0YzEtNDIwYi05OWQ4LTRlODM2ZmFiNjQ4NyIsIm5iZiI6MTc0NDY2NTI5OSwiZXhwIjoxNzQ1MjcwMDk5LCJpYXQiOjE3NDQ2NjUyOTksImlzcyI6Imh0dHBzOi8vc3RhbmRhcmRzY29tcGxpYW5jZXRyYWNraW5nYXBpLmNmYWluc3RpdHV0ZS5vcmcvIn0.l4SBJnn8huVpuJVgzl7oq2riSJ7NbE6i7-Sgdch3E3s	Get hash	malicious	Unknown	Browse	23.0.175.163

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.18625265848729
Encrypted:	false
SSDEEP:	6:iORPPpNJDQ+q2Pwkn2nKuAl9OmbnIFUtDPPpJgZmw9PPpJQVkwOwkn2nKuAl9Omt:7RNc+vYfHAahFUtDs/9sV5JfHAaSJ
MD5:	1DFDCDDF23E491C805FB6BDC5E2E32EC
SHA1:	2D295406E4ABD4E7EEDC1A429C459AE60A59D27B
SHA-256:	57CCA20BB7396A543BDEC7B7B47512735A6AC048840A63D21CBBF8E70686280F
SHA-512:	F3D9717BDFDB725F253056D43D5FE34800024A5D89342F8355FE46CBE1542AEB4EFB64A1BC6D26DF601A35FC06A5134F6BC57487C4487ECD9E76EDB89470620C
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:24:51.459 1cdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/15-15:24:51.462 1cdc Recovering log #3.2025/04/15-15:24:51.462 1cdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.18625265848729
Encrypted:	false
SSDEEP:	6:iORPPpNJDQ+q2Pwkn2nKuAl9OmbnIFUtDPPpJgZmw9PPpJQVkwOwkn2nKuAl9Omt:7RNc+vYfHAahFUtDs/9sV5JfHAaSJ
MD5:	1DFDCDDF23E491C805FB6BDC5E2E32EC
SHA1:	2D295406E4ABD4E7EEDC1A429C459AE60A59D27B
SHA-256:	57CCA20BB7396A543BDEC7B7B47512735A6AC048840A63D21CBBF8E70686280F
SHA-512:	F3D9717BDFDB725F253056D43D5FE34800024A5D89342F8355FE46CBE1542AEB4EFB64A1BC6D26DF601A35FC06A5134F6BC57487C4487ECD9E76EDB89470620C
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:24:51.459 1cdc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/15-15:24:51.462 1cdc Recovering log #3.2025/04/15-15:24:51.462 1cdc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.189694759220162
Encrypted:	false
SSDEEP:	6:iORPPpE9+q2Pwkn2nKuAl9Ombzo2jMGIFUtDPPpJDJZmw9PPpm9VkwOwkn2nKuAv:7R1vYfHAa8uFUtDrF/9e5JfHAa8RJ
MD5:	FA30DF061EDDC720980CE0DD63EF645E
SHA1:	EC7F091E90BF3E4BC6EE4E260205AF204D6FD5F1
SHA-256:	8A2B6F40DD79683092353B935C9E3E81C50742A1B875207314530D338C2487C3
SHA-512:	DAA3AA2EE9C7E9ED06A25FD0A433F5AF3A5C08ACA0DEDC2A6A46E7BF0F32BC759ED199A1D2484C022053A566BC2C3AE7625A7CEC2EC59486429C9A064BAB98B0
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:24:51.318 1d88 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/15-15:24:51.322 1d88 Recovering log #3.2025/04/15-15:24:51.323 1d88 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.189694759220162
Encrypted:	false
SSDEEP:	6:iORPPpE9+q2Pwkn2nKuAl9Ombzo2jMGIFUtDPPpJDJZmw9PPpm9VkwOwkn2nKuAv:7R1vYfHAa8uFUtDrF/9e5JfHAa8RJ
MD5:	FA30DF061EDDC720980CE0DD63EF645E
SHA1:	EC7F091E90BF3E4BC6EE4E260205AF204D6FD5F1
SHA-256:	8A2B6F40DD79683092353B935C9E3E81C50742A1B875207314530D338C2487C3
SHA-512:	DAA3AA2EE9C7E9ED06A25FD0A433F5AF3A5C08ACA0DEDC2A6A46E7BF0F32BC759ED199A1D2484C022053A566BC2C3AE7625A7CEC2EC59486429C9A064BAB98B0
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:24:51.318 1d88 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/15-15:24:51.322 1d88 Recovering log #3.2025/04/15-15:24:51.323 1d88 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.970195903305652
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqPsBdOg2Ho2caq3QYiubInP7E4T3y:Y2sRdsxdMHoJ3QYhbG7nby
MD5:	A0C584A2D0382D1D699CAC93EBA9E774
SHA1:	F9D2ECC0F1D41BA4AC124729D979A5E91970C1B9
SHA-256:	CD9E4C4A65D94DA1732A7CBB8505A7CE8AB9E686D223A120110A5944533243ED
SHA-512:	C0F3CAD6696A6901E9844D4DF4CA1F49FBBE3C1F5A6F06AB6D12047E4F82A3662A4C8A8A67C79A5A69B77D5611B1A854EB04E796064D70212DAFFC86FBE2555F
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389305102121365","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":109739},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d7b0a116-cfbf-4db7-9fc4-2b872e7403c6.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.970195903305652
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqPsBdOg2Ho2caq3QYiubInP7E4T3y:Y2sRdsxdMHoJ3QYhbG7nby
MD5:	A0C584A2D0382D1D699CAC93EBA9E774
SHA1:	F9D2ECC0F1D41BA4AC124729D979A5E91970C1B9
SHA-256:	CD9E4C4A65D94DA1732A7CBB8505A7CE8AB9E686D223A120110A5944533243ED
SHA-512:	C0F3CAD6696A6901E9844D4DF4CA1F49FBBE3C1F5A6F06AB6D12047E4F82A3662A4C8A8A67C79A5A69B77D5611B1A854EB04E796064D70212DAFFC86FBE2555F
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389305102121365","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":109739},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.261907334374647
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7EMjSj/VZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gow
MD5:	56B830961DF7ADFA5E5BB1FFBC441D39
SHA1:	CDDB0ECC8D2FD6C0DFF25119782AE758A7768434
SHA-256:	82E30FEEB71C668BC209D720C2F93F60C97046A4E3806964A982F4102118A444
SHA-512:	5DB384B280B3CDFFB4C1DE953A0E83296910DA11F76A9DD8F83C5C7C7D812B96D51E2DE19E4ABF1B0369CE0C439067180B5D71DB0883D611565A3BCBFF5C6E44
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1679615893906385
Encrypted:	false
SSDEEP:	6:iORPPpwa9+q2Pwkn2nKuAl9OmbzNMxIFUtDPPp8ONJZmw9PPp+M9VkwOwkn2nKuP:7Rq5vYfHAa8jFUtD9/98S5JfHAa84J
MD5:	A8D9CE024F9EB1C2CC0CE000738DF071
SHA1:	1A5A7C343186444DE8280BB012B958A17C1AD96C
SHA-256:	63FEA926BA4B5BFD28795F59E04E655CD7BFA36243DAC49EF25D2A341CA96890
SHA-512:	FA3DC24D0320A18AF249B01E1FB387DF692EAE1A9EC37398554F953014F46C6EBE2894DA33351CAF201E6C719D3E562958D1AD417EFB2AF90202CB0D3B695EB8
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:24:51.515 1d88 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/15-15:24:51.520 1d88 Recovering log #3.2025/04/15-15:24:51.522 1d88 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.1679615893906385
Encrypted:	false
SSDEEP:	6:iORPPpwa9+q2Pwkn2nKuAl9OmbzNMxIFUtDPPp8ONJZmw9PPp+M9VkwOwkn2nKuP:7Rq5vYfHAa8jFUtD9/98S5JfHAa84J
MD5:	A8D9CE024F9EB1C2CC0CE000738DF071
SHA1:	1A5A7C343186444DE8280BB012B958A17C1AD96C
SHA-256:	63FEA926BA4B5BFD28795F59E04E655CD7BFA36243DAC49EF25D2A341CA96890
SHA-512:	FA3DC24D0320A18AF249B01E1FB387DF692EAE1A9EC37398554F953014F46C6EBE2894DA33351CAF201E6C719D3E562958D1AD417EFB2AF90202CB0D3B695EB8
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:24:51.515 1d88 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/15-15:24:51.520 1d88 Recovering log #3.2025/04/15-15:24:51.522 1d88 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250415192455Z-201.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	0.6123615240659341
Encrypted:	false
SSDEEP:	96:9po17XyZ2l8b6vbmUMHR6mHANE/HwEiHw6uNHiGTEdHwEWDnHVCLlB:zm7XyElqQmgm/Di5uNCGgdDWzVCj
MD5:	06F30F5F6B2171B75FC1BCBBCE8F2E4C
SHA1:	C57BE821C0CBAC8E1050FF8C4E80BE2007EDFC6B
SHA-256:	4BBD8C21227E5EE88CF6694F3B0C906CFC45B9B9A263158B8E5DF78D24C8834A
SHA-512:	1FAE99A10FBE28E42B020BCEC5700C4044D6D34865171E217DE55B4D68FFA81EC4F750D1386EB063B9A65659AD3E945565C4B9E7CB65FC92DF18F4C0F9A21F9E
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445076918752322
Encrypted:	false
SSDEEP:	384:yezci5tYiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r/s3OazzU89UTTgUL
MD5:	1E880482DD53CA0D0FC5C48D2B5B87AB
SHA1:	E4D36F2ADD93AA9A7E9DE589B2FFA2587204F13E
SHA-256:	5461600A44F4D053429CBEF8A1D8055361C0DDE5AC30B1DCC5A23BE6B9C7DC5C
SHA-512:	3026DC934120B3C5261290C3396ECB432B0A677A4307D704608249D2DEA7DDB7E9663741F2720EF72789CE149DFC48BEC38FCBF83B8BAC4F4C4B3BE052DD03BD
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.773240145611031
Encrypted:	false
SSDEEP:	48:7Mcp/E2ioyVcioy9oWoy1Cwoy1wKOioy1noy1AYoy1Wioy1hioybioyeoy1noy1O:7DpjucFLXKQ/ib9IVXEBodRBkt
MD5:	0F98336D257FFA5F42B9C455B69F21CD
SHA1:	126E6BC192D06707C2131C3F75340E916155E09A
SHA-256:	62C3830289F34FCFAC540F9DB853CD45DFA5214164D5BE9F388A698582FA70DB
SHA-512:	0CCDD266DAF3BAB5F4EE9B9ADB67224121F3019E313E0EC4F9F84FFA44522664607AE64130CED5406C182CC182E2E1BFF9147D10EC941C25126E772D1BA2FD0A
Malicious:	false
Preview:	.... .c......xR...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	73305
Entropy (8bit):	7.996028107841645
Encrypted:	true
SSDEEP:	1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
MD5:	83142242E97B8953C386F988AA694E4A
SHA1:	833ED12FC15B356136DCDD27C61A50F59C5C7D50
SHA-256:	D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
SHA-512:	BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
Malicious:	false
Preview:	MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH..M.KB."..rK.RQ..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j\|w...#.oU..Eq[..P..^..~.V...;..m...I\|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.\|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7673182398396405
Encrypted:	false
SSDEEP:	3:kkFklrbN1hfllXlE/HT8kidhvNNX8RolJuRdxLlGB9lQRYwpDdt:kKBT83VNMa8RdWBwRd
MD5:	20C907CBAC6A71BDF9079C873C4152A8
SHA1:	30855BED2830EEDC387A4EC0A56BF9347113E1E3
SHA-256:	F6A5F31DD37F368D3423CAD130FFDE34E7936BB6ABEB7AD97E7F45AFE336369F
SHA-512:	64FC8166CA9FE3C8C11B79592E02F28E77128A2D9DF0AC3751A6D67BEFA8A896F37B069BF1FD1BD9E783A4D977FD6F7DD0F79E4A3BB32B03682F7DD7FF238B50
Malicious:	false
Preview:	p...... .........>..<...(....................................................... ..........W.....j..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	3.267898366859667
Encrypted:	false
SSDEEP:	6:kKXkAdgmcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:fkAdgmfZkPlE99SNxAhUeq8S
MD5:	BD89F0826870595700234A27C8F0340E
SHA1:	781232745F7B4422CE63B73A3E3FAA691A112727
SHA-256:	48B0E645934B8B017DD2648861BE86B74065A8711ED825F01719FA03400BCD50
SHA-512:	14E81EF0D0CC1FF529C1E4F7E7207E523EDC3E31B1EDDC0CA935D70EB30F3507E8C608C7FDC8DD9F53F3EB6409F1E8203CCAE52D89D95E62B5F45AF68ACCD7DE
Malicious:	false
Preview:	p...... ........K..%<...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1236

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	244539
Entropy (8bit):	3.342177162450572
Encrypted:	false
SSDEEP:	1536:vKPC/iyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPC1J/3AYvYwghFo+RQn
MD5:	9CFF5082D9BEC7AF71778D14632FD2B8
SHA1:	D4F0A949320E982EBC6C243B2F6188C0E7B34CEB
SHA-256:	E4D8B387A2EBD7442D71B12C6D2F76C17A32E01184F33F65EACCD8FF34E59E92
SHA-512:	65A443F65DFFE29D54DE9B4AF6C9E3FB99FA7130FC48069C993A1A4EEEF904B058D24E1F3E6B3FB930AB94EF22B6C7BDF067B59928DB705CEE41EE87466DB25B
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.345168803838258
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJM3g98kUwPeUkwRe9:YvXKXhNk12Zc0vB4OGMbLUkee9
MD5:	237D4DC6676A70E9D8F8656E3ACB7C2D
SHA1:	F438FD812B91C07E93B9B46CABBCE729101C60BC
SHA-256:	A15AF040100ABF44A0A17F840E9BF0185E40EC10888E1E037108E44AF3CCA205
SHA-512:	94A84E3B9511E11461FAC4163CDDD54A0859A5CFAF22810D46A48F73E2550284D4D9AA5490361ADDA473CC45F0BDD1482CD08E129BDCE360F800A7550FC61D0C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.292591116152788
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJfBoTfXpnrPeUkwRe9:YvXKXhNk12Zc0vB4OGWTfXcUkee9
MD5:	9067646DA53EA175A239CDD5AEC3818C
SHA1:	DFBA414B9D3478CDFA502B934B0B87D5C47F6EE1
SHA-256:	3DFFAAE1A0743FDDD4CA9344006D600A57EF267425DCCF0A4110FAC50A8F1F6F
SHA-512:	F7A5255586DF511799C9277033B8786D9E56F5625A25C80D38C6242EA18B5FE0FBC8EB02A6A241FDDBCE3AA4FBE91DE92E76483CF0ACF18075F72D78A3EB7AE0
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.271412191198387
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJfBD2G6UpnrPeUkwRe9:YvXKXhNk12Zc0vB4OGR22cUkee9
MD5:	E09BE5B39638D1E05E91D434A08818DF
SHA1:	F44EC4D712C741BCD6561EDA0F018EF17069E2D1
SHA-256:	5D70731067732EB421F6B3342CBD40BF7E0F47656E9BE08A54E78AD9306ECD43
SHA-512:	8CCCFE63B67FE3BDBAA95B17216DE42726FB3AE2FA919D3E627F848A73376F946F3CA1BEBB51F7FF296886C1AED40555335A1D1A919D406CEFBA648565C74AE6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.331540903630648
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJfPmwrPeUkwRe9:YvXKXhNk12Zc0vB4OGH56Ukee9
MD5:	4FEF44AB9694D52C863607519BAD178E
SHA1:	49205DD4A6779C9CDB28F9570A8D4179C23B0633
SHA-256:	0F7C971CD11BA6D2154D0593250BF280C7684A24C6FB0575D1FEB1EB87B5F1B5
SHA-512:	6445B18EB520670335F7AD51A3CAC7F2AAB2EE2636241610ECCDCF6CBFDF36436CF7A60BC464EA13FFF6FC39D166AEB9B90A02C4BF23E7663055F10506B43C7E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.849858808150432
Encrypted:	false
SSDEEP:	24:Yv6Xbk12zv6pLgEGycjycR84b0nNFmerISIedJGWQxiEDtbpEsrAr3IAHlO25FEK:YvxQyhgly48zFm/TWCt8KOP/nDi/V8
MD5:	0536EE2C4E65B372BC7BD22ACB6AB028
SHA1:	D68B09D615EF678E433DBF8E633CE6BB1E036616
SHA-256:	8D867A0FEA1921F9A62ECEE6C5A19A2CE18A59E991DD849E117E999260B08E6A
SHA-512:	244F687BC3D747CC4F6262FEF0333C149E1B139DF01E31BA910F05C3E569BF186FE38BBBE9716B5116554A9A362C1D5DE5BC0359A15171D967FB87CC27A0383C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.276609870125611
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJf8dPeUkwRe9:YvXKXhNk12Zc0vB4OGU8Ukee9
MD5:	ECA895F0D1D3CEFF4BD75F1355CF895E
SHA1:	AB033BF97359EBB539CCAF7BEDC0FC05D6197C80
SHA-256:	73281E82BA16EC75EED8A6428971BCA6E0340249F5FF4030591224005AD84944
SHA-512:	AF4F8CE9A0EBC826E2F64F6A818DDA88D181A611F4E6A01879857B8BC1BC9E6001C2C26DF8F9E4CC223249E8E4E77895AAAF564128FFA0E3CE006DDC39D6019F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.280476188574818
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJfQ1rPeUkwRe9:YvXKXhNk12Zc0vB4OGY16Ukee9
MD5:	DEC9925137827636CAF00C799F84AA85
SHA1:	19F31F198034C3081E6E51FAD4FD75F84634A4C2
SHA-256:	7115A79CB3BCC9792AE46F349AB17FFD6549B3DAAB2A77F4C705A3CF9C9B01CA
SHA-512:	C19775B9E4AEE3AFD0C2A8E7D73629C5E2D7F161729FC59B608644AFE322766FC81746DA830E2D4B698AEFBA03E83853A40E279779BE3820C4B5335FAD6BC411
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2160
Entropy (8bit):	5.837382750018033
Encrypted:	false
SSDEEP:	48:YvxQZogbN48uOQ/GiyL4TwKOkQJi+ohJ8:GTg54nf/IQOkQJiFk
MD5:	A6DBED3CECC28E8842CCEA0109A15EA9
SHA1:	B439101FC02A4BF1E0FECF19285276AC646BCC7F
SHA-256:	0488C05963F6B07EF5A6A5741251260D97B2EC2487FA9F2A3BDD0830BC646A49
SHA-512:	FE9DDEFA9BEC92AED2717CC305DC3505610B3B108D8BE744C70896BEA2098548363C8D620B47A9F95D1F625B5185C0B25DFCEECBC466E6E48B1D5E6BAC904997
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.302332909484764
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJfzdPeUkwRe9:YvXKXhNk12Zc0vB4OGb8Ukee9
MD5:	506D8CE3F51EF96A4DD3072E0DB3774A
SHA1:	E3F0FCC0E37B4F89CD99BE15C034EEBB7657185E
SHA-256:	9E083A18B506ACC5FC2BA95C761557104FE9B11007C3075B2F77259DF9020C8B
SHA-512:	A0DC32A1ED518D4FAC4722962518722DBC19C6D78246615E6706ADF8D53F976611A26E604A90484D67C4467C15B886623D9D445AB2245C0412A68C4A1E96BDC1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.282623073474357
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJfYdPeUkwRe9:YvXKXhNk12Zc0vB4OGg8Ukee9
MD5:	AA5E65F95B31D7693388F05D90728D14
SHA1:	A3B1C9BA160EB68E276B5B14F5FB10C99C3E16A5
SHA-256:	5177CB8E5129A7EF62D513A806303E63C49357D5A5A5C377DBAB267B7A9B74D2
SHA-512:	465916EF43E3BCCECC674A4E03D4E582246517E929C2DF88B086C239EA13D015DDB3776A33E1B48F11FCF727C32862FD06E7FF30B5CD1D2E7C4DFB5B90ADB96B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.268948868112663
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJf+dPeUkwRe9:YvXKXhNk12Zc0vB4OG28Ukee9
MD5:	83E3A363E894DA4EEB56947D3AD90D95
SHA1:	CD6FE41CE2CF8FEDD54AF7448ED40F9018A54D0C
SHA-256:	B91E83A3A8CD9BBE9163AF145651F13BDCF7B6809C59FC61E60A88FD0100EC18
SHA-512:	5AE0B6313E2113E83A1AAC98E7075470224D0FEEC6FB59BC590ADA3758B5ACC50B98A6B784FECE7F39644DDEE580ED0841D9597C19F812DC9CD0AE7F9AAC82C5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.266289600196507
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJfbPtdPeUkwRe9:YvXKXhNk12Zc0vB4OGDV8Ukee9
MD5:	3486B704F2B382635BDFDA64B38277B2
SHA1:	DE5E025C7BCF5FD09233737F1B39AE52C3890570
SHA-256:	2D532AFDA0996C4A43957AD591ADDCC3AD58B03A3D86B3FBC6F0D525A7B21D7D
SHA-512:	4F95C421CC21988469171D295BF4EBD832C8436B4B87F6A802686086B6A422DD60998F0D90655DC85755ED7378B1ACED53596F15A53C1B824FBB6A0182B711F8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.270700530219807
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJf21rPeUkwRe9:YvXKXhNk12Zc0vB4OG+16Ukee9
MD5:	9CE78DE2F12A9CE5D1591860D1FCCABD
SHA1:	77108D53A42709D56A5AECDDA2AFBDC2235F4957
SHA-256:	B55D30A2935B1628AEFF7DA52F09995E20D3066841C85B487929B3A30D37EDAA
SHA-512:	2FF56726B9A5B5D59465185707B843EB26CE54B1DFA851CC4696BFB936D3D11753875C5D04F95F95512E287986D85D26F105DC851EA653526071A3AE4F39498D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2112
Entropy (8bit):	5.8541123225094935
Encrypted:	false
SSDEEP:	24:Yv6Xbk12zvmamXayLgEdycgNaLcR84brvXJkoerISIQ1iyLVFgKy1N8IAHlOBJEg:YvxQwBgBG48kJko/SiyL4T0AFDA/V8
MD5:	380873CF644B42AAE7D92A128AF5D695
SHA1:	E30DD4E6A5D2684B4D770C50D7027B59F92259F4
SHA-256:	D9142A625D9B9B528FF286684F7A86CF85A2A5FB04BBF43E0D093ACA1D2BC83D
SHA-512:	E7EC57EE960FF53D6CA13AB7BFBD73362A8C8E7D336D51C18DD2955F89B625820807156BEFFC917823A43F9A832E1B3D9FD346C9979B05000C546C72B2A26A44
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.246561082440438
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJfshHHrPeUkwRe9:YvXKXhNk12Zc0vB4OGUUUkee9
MD5:	4EE956B7F4C69A9ECED2BCD28BBC3C0B
SHA1:	0BE4E32ACDA7AB63C5F84BCC5E546B58FC726355
SHA-256:	9AC88E4D4D4AAD311AC486740AF51CB4C0FFBD9262ED4D11FD87110395AA1CCF
SHA-512:	21F728E84161A981CCEE299877EFE53AFC354BC7767E7B2850843E7C1910A34DDDE014C0FCE7EBF6409562E5DD8106B76308FC159C5BD1FB15C127C2E502DC10
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.257880219127672
Encrypted:	false
SSDEEP:	6:YEQXJ2HXhNkFE0JdVoZcg1vRcR0YQkWIxoAvJTqgFCrPeUkwRe9:YvXKXhNk12Zc0vB4OGTq16Ukee9
MD5:	917C53ED987DB216CFB27AA7F828A7B1
SHA1:	877453C0D922E4488AD6D4D9B3F54400D63DB9A0
SHA-256:	3D7B51B6F3251DBBE950CC75485232AA2E4EFD380AEE357F86B2370BE81426DA
SHA-512:	7B4F32390A9700E04A2F2C23AD9A1C2DE69A7129BD6478A58610298B79C153A0C492779999B22FF95648536B62C16875BE752E1F36EF634A47792D62A4A38D4C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cd18e60c-9836-4d07-b4ef-fa4e987692a7","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744924604735,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.13882015773361
Encrypted:	false
SSDEEP:	24:YFaEJTa9BNayUfChT6SDThrpBBH5wjrwjqsj0S0ASk2+2LSGCfUx/NsdTf5vR9/i:Y0EvyDThrv2rwjq+dbstx/Qj39/i
MD5:	A6DE2E3A3F6421F34CFBB0E8AC55C919
SHA1:	8C30D36943256CA1EA16CAC736F6F214B8F26CD1
SHA-256:	3B64CEEC5311860B326B9B7588988C440E1F3DE8DECE9D66D52C2AD2568F3329
SHA-512:	D57E714005DD38BDB5525792CE7F4B73037D70A4069104044050F7D0623BF158D81DBF396B9B01A2B62D02E2A80ECC3115BF44F23424B214215C41527A0F8611
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"94a33cd550fac129b3fa4d010b38440b","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1744745098000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"dda101e54aa0c7c0a57c084d09bbc385","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1744745098000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ebd2ac6ab508043f9cbd43d63586a242","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1744745098000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"ee113dda3d8af5758e9bd11e589b6e0f","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1744745098000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"ef2bdccb3b6e275a9020235c571889e6","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1744745098000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"e2d6c8572caf19e43379578889f7b338","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1886626871078931
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUC4SvR9H9vxFGiDIAEkGVvpW2:lNVmswUUUUUUUUt+FGSItZ
MD5:	B297DC4425F1A3BE5B19B353E39465F9
SHA1:	5351A2473DF77E0EEF1F67855E43BB5A1CA49D9E
SHA-256:	951198369C6151CA3D78B1B468F3F8EF9C3CEEAB540489EE6093F3ADA8BF406F
SHA-512:	7BC8B27BF5AD73FDD46A500CCC66757E67454541B19A9567B725306A7ECAE0400EB69DF49D69033EEEFA1A887EB903B6AB2229468D924B8FB933846D34FD3383
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6064475217606895
Encrypted:	false
SSDEEP:	48:7MObKUUUUUUUUUUCavR9H9vxFGiDIAEkGVvDqFl2GL7msw:7/uUUUUUUUUUURFGSItJKVmsw
MD5:	420142EA1F05198F36F8DEE3DB16088E
SHA1:	EFA839F42E74F10D7FAF61D2D6BDD736658FD25B
SHA-256:	BED38C282004361372521FDCADA2EEC00CE3B31B2712A1D4ACB5951FCA8745D4
SHA-512:	7BAF295FC91E4DCE52E4012A192796372CBB71FB15ACEE09BC9E5965E1C283084055014628567CADCA15C0DC7CBCB5530E2867916E459690204E900CE03410B5
Malicious:	false
Preview:	.... .c......Q18......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI92f1f.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5177502348333967
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+kClEW7w:Qw946cPbiOxDlbYnuRK4W7w
MD5:	31FE68F97377837D6A900CC7DCD4E3DD
SHA1:	BDE7672FDC61B25AFDE8DB61A360BBAE23726A2A
SHA-256:	8B3A3B1533557F1DFEBC184AEA136870A7430810E35B80C0677EB9F2C5FA1D05
SHA-512:	7A142EFB9DA1B3C665E5326607160FE5E4CA62D7C895C97707157D2FFA9E0DF7D07BF936CF3C2994909D82630B91BB4BD9BD254636272467D3B8F3FAB81684DF
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.5./.0.4./.2.0.2.5. . .1.5.:.2.4.:.5.8. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-15 15-24-52-700.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (392), with CRLF line terminators
Category:	dropped
Size (bytes):	16575
Entropy (8bit):	5.3602146924727245
Encrypted:	false
SSDEEP:	384:C4g841441X41I4I44Iz4j4t4jP4ja4jC4jZ4jP42qI42h4xcf4xcA4JZ4JX4ax4X:C4L4C4t4a4T4m4kt474+4u4N4b4FI4uj
MD5:	AE6189CA888E9C5E5EE7092F94CB7896
SHA1:	7A69973BF351B1B1209134FB3B3EC8B84909D688
SHA-256:	A9EF1EFFBAE510FD735A0E0A5F1A2BAEB9166E7E249FF55DA37D81B3C2DC89D4
SHA-512:	0C83751AE961B3283280D60D3FF4CA2DE77B018FEBFCEAE09BB8242DA1065F69E9C71A678C1ABC4853AA08802B694EC672011BDC5E269548F81C151E2965DC6C
Malicious:	false
Preview:	SessionID=40bfcd28-9018-4bda-a960-e0aff33b98ad.1744745092746 Timestamp=2025-04-15T15:24:52:746-0400 ThreadID=8032 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=40bfcd28-9018-4bda-a960-e0aff33b98ad.1744745092746 Timestamp=2025-04-15T15:24:52:776-0400 ThreadID=8032 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=40bfcd28-9018-4bda-a960-e0aff33b98ad.1744745092746 Timestamp=2025-04-15T15:24:52:776-0400 ThreadID=8032 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=40bfcd28-9018-4bda-a960-e0aff33b98ad.1744745092746 Timestamp=2025-04-15T15:24:52:776-0400 ThreadID=8032 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=40bfcd28-9018-4bda-a960-e0aff33b98ad.1744745092746 Timestamp=2025-04-15T15:24:52:777-0400 ThreadID=8032 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.385108869233044
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rI:8
MD5:	5B7E271A8219E1FB612AC08473F21791
SHA1:	4D9488EBD036BEB27D92D5E07F6CBD5451FD2EF4
SHA-256:	C3550FD85A9FB4B22F37D4753A096F4255627DDE8ACF54361BFED77F690EF6EB
SHA-512:	62C53ADAEF31824C7E09B2C8F66281B125752DA33F7E2502F1642179E15C7A35F0537D4CA6A72F904F1F32B35BB0C23EB02F6405600DAC4E5A02D151C04C5B17
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\05a0568b-6b3d-4949-9848-4ff4d892853d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:6qWL07oXGZIZwYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:ZWLxXGZIZwZGh3mlind9i4ufFXpAXkru
MD5:	E726B36897E958CA051FEA78BCF29204
SHA1:	1123642FB646996FEB2FD7DDCD8FE4F3C50A5949
SHA-256:	CD35E76A516E66EE1994048C33D954CA73B4EC4542D15309F7923193B8ED1C39
SHA-512:	0D425C0B56E1F0700124660CA9B252CAEA17A69C618E51759CC7926F09D8FF1B55F38D967C8D27D88DCAA7051B29AEF7C23083B3C460F4B822AE0D80A9440773
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\1a65bf5f-a824-405b-8e08-fce1c5a10179.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\41fe0c5a-398e-4d04-8fbb-ad88abfa25f3.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\5f4fdbbd-d6af-4585-9f53-fa4b376982fa.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1111944
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121D1ybxrr/IxkB1mabFhOXZ/fEa+fDERXTJJJJv+9UZwY0SWB4:O3Pjegf121DMNB1DofjEiJJJJm94GS84
MD5:	FA6978A9EA472E8ACFF72AFE8CC7CC81
SHA1:	D58155446B67ACF4DA331A977B8EC7BA105C2C4F
SHA-256:	3D0DF2B14FC632520705424D2DA394922D3EDD8C977950656B736352CD5A37E2
SHA-512:	6B16382E6A4B9EECB8E8FB82189C2741511E8CF99C83B3FA52B062165B3B366EE0C11A7F60CE4B08D881B2418234097FA13CCAA9C90B1D7D37BD4D9A56EBA96C
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.5 (zip deflate encoded)
Entropy (8bit):	7.84366449119317
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Rear label Dieline 2_V1.pdf
File size:	416'705 bytes
MD5:	8606cfe426a2041891d0164a466d4ad7
SHA1:	4c4eb447163fa4579920e0ca40cc2289b022399c
SHA256:	c20e9c23b81394e33067be0a6c424d7235bd1ee7232292dc2e4b87158b88b4af
SHA512:	813855741e88fdf32035e72f7d013c1923fa274016b7aeecf90ae33b6a0bb2fc238e642070b138ba69f56702c67afca5ddd17cbcb1d701b597050efdc9cd13a2
SSDEEP:	6144:6mS8Q+oHXcYl8yUDhZggWddXQceUj7WC/A0IzFpx5OzsBAtgdOb4C:dWXK3DhZggWdB3eUn+5I9U3C
TLSH:	2B94EF772FF91865C1ADD2A10380389978C332DFE0F82E47F6DE2D81DF58945149B69A
File Content Preview:	%PDF-1.5.%......11 0 obj.<</Linearized 1/L 416705/O 13/E 360890/N 1/T 416399/H [ 498 198]>>.endobj. ..33 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<181E4E17F7144D65AA2FD95954BCE568><B39B751FC9571A4BB534BF840D1D25D

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	7.843664
Total Bytes:	416705
Stream Entropy:	7.847390
Stream Bytes:	413524
Entropy outside Streams:	5.261168
Bytes outside Streams:	3181
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	31
endobj	31
stream	28
endstream	28
xref	0
trailer	0
startxref	2
/Page	1
/Encrypt	0
/ObjStm	4
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 21:24:58.698779106 CEST	49720	80	192.168.2.4	23.55.253.31
Apr 15, 2025 21:24:58.804821014 CEST	80	49720	23.55.253.31	192.168.2.4
Apr 15, 2025 21:24:58.804903030 CEST	49720	80	192.168.2.4	23.55.253.31
Apr 15, 2025 21:24:58.805602074 CEST	49720	80	192.168.2.4	23.55.253.31
Apr 15, 2025 21:24:58.911844015 CEST	80	49720	23.55.253.31	192.168.2.4
Apr 15, 2025 21:24:58.914531946 CEST	80	49720	23.55.253.31	192.168.2.4
Apr 15, 2025 21:24:58.914555073 CEST	80	49720	23.55.253.31	192.168.2.4
Apr 15, 2025 21:24:58.914746046 CEST	49720	80	192.168.2.4	23.55.253.31
Apr 15, 2025 21:25:16.141813040 CEST	49720	80	192.168.2.4	23.55.253.31

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 21:24:58.583479881 CEST	58858	53	192.168.2.4	1.1.1.1
Apr 15, 2025 21:24:58.693025112 CEST	53	58858	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 15, 2025 21:24:58.583479881 CEST	192.168.2.4	1.1.1.1	0xc56d	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 15, 2025 21:24:58.693025112 CEST	1.1.1.1	192.168.2.4	0xc56d	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 21:24:58.693025112 CEST	1.1.1.1	192.168.2.4	0xc56d	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 21:24:58.693025112 CEST	1.1.1.1	192.168.2.4	0xc56d	No error (0)	e8652.dscx.akamaiedge.net		23.55.253.31	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:24:59.074249029 CEST	1.1.1.1	192.168.2.4	0x86bb	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:24:59.074249029 CEST	1.1.1.1	192.168.2.4	0x86bb	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

x1.i.lencr.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49720	23.55.253.31	80	7320	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2025 21:24:58.805602074 CEST	115	OUT	GET / HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/10.0 Host: x1.i.lencr.org
Apr 15, 2025 21:24:58.914531946 CEST	1358	IN	HTTP/1.1 200 OK Server: nginx Content-Type: application/pkix-cert Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT ETag: "64cd6654-56f" Content-Disposition: attachment; filename="ISRG Root X1.der" Cache-Control: max-age=27143 Expires: Wed, 16 Apr 2025 02:57:21 GMT Date: Tue, 15 Apr 2025 19:24:58 GMT Content-Length: 1391 Connection: keep-alive Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED] Data Ascii: 0k0S@YDcc0H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G\|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urIAv5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP\|Ctt0[q600\H;}`)A\|;FHvvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!~Lq`9!VPYYbEf\|o;'}~"+"
Apr 15, 2025 21:24:58.914555073 CEST	387	IN	Data Raw: 0e 8f f2 8a 34 5b 58 d8 fc 01 c9 54 b9 b8 26 cc 8a 88 33 89 4c 2d 84 3c 82 df ee 96 57 05 ba 2c bb f7 c4 b7 c7 4e 3b 82 be 31 c8 22 73 73 92 d1 c2 80 a4 39 39 10 33 23 82 4c 3c 9f 86 b2 55 98 1d be 29 86 8c 22 9b 9e e2 6b 3b 57 3a 82 70 4d dc 09 Data Ascii: 4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{^FS\|7B*HL9GR+3S}MmBo@'5\(3#PylFn~:R-?[$

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 1480, Parent PID: 3964

General

Target ID:	0
Start time:	15:24:48
Start date:	15/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Rear label Dieline 2_V1.pdf"
Imagebase:	0x7ff6fa3d0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7320, Parent PID: 1480

General

Target ID:	2
Start time:	15:24:50
Start date:	15/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff7f19b0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7532, Parent PID: 7320

General

Target ID:	3
Start time:	15:24:51
Start date:	15/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2232 --field-trial-handle=1568,i,6353204785273642511,6675323965327543815,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff7f19b0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Rear label Dieline 2_V1.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d7b0a116-cfbf-4db7-9fc4-2b872e7403c6.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250415192455Z-201.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1236

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Windows Analysis Report
Rear label Dieline 2_V1.pdf