Edit tour

Windows Analysis Report
American-Equity 2025 Handbookupdate.pdf

Overview

General Information

Sample name:	American-Equity 2025 Handbookupdate.pdf
Analysis ID:	1665811
MD5:	77c8a45bd2d81ed537b10544650b80de
SHA1:	79e8059eec24e15e750262c129892b9f70743ffe
SHA256:	6e7efa3c669f8677131370157cee200b9a4bb9cf8e091d3693795f9da0736c1f
Infos:

Detection

Score:	2
Range:	0 - 100
Confidence:	80%

Signatures

IP address seen in connection with other malware

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 3900 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\American-Equity 2025 Handbookupdate.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7220 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7432 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1588,i,1752010807920482252,9347575554402704444,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: global traffic

TCP traffic: 192.168.2.6:49691 -> 23.55.253.31:80

Source: global traffic	TCP traffic: 192.168.2.6:49691 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.6:49691
Source: global traffic	TCP traffic: 192.168.2.6:49691 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 192.168.2.6:49691 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.6:49691
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.6:49691
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.6:49691
Source: global traffic	TCP traffic: 192.168.2.6:49691 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 192.168.2.6:49691 -> 23.55.253.31:80

Source: Joe Sandbox View

IP Address: 23.55.253.31 23.55.253.31

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.5.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.5.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean2.winPDF@15/48@1/1

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-15 15-26-49-883.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\American-Equity 2025 Handbookupdate.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1588,i,1752010807920482252,9347575554402704444,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1588,i,1752010807920482252,9347575554402704444,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: American-Equity 2025 Handbookupdate.pdf	Initial sample: PDF keyword /JS count = 0
Source: American-Equity 2025 Handbookupdate.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A91f0qipr_1g8tozq_2v8.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A91f0qipr_1g8tozq_2v8.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: American-Equity 2025 Handbookupdate.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: American-Equity 2025 Handbookupdate.pdf

Initial sample: PDF keyword obj count = 176

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
e8652.dscx.akamaiedge.net	23.55.253.31	true	false	high
x1.i.lencr.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.55.253.31	e8652.dscx.akamaiedge.net	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1665811
Start date and time:	2025-04-15 21:25:47 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 11s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	American-Equity 2025 Handbookupdate.pdf
Detection:	CLEAN
Classification:	clean2.winPDF@15/48@1/1
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.31.60.185, 172.64.41.3, 162.159.61.3, 3.233.129.217, 52.6.155.20, 52.22.41.97, 3.219.243.226, 199.232.214.172, 23.48.246.132, 23.48.246.137, 23.192.229.110, 23.192.229.104, 23.76.34.6, 20.12.23.50, 184.31.48.185, 23.201.214.29
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, c.pki.goog, wu-b-net.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
15:26:54	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.55.253.31	Workspace Update.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	x1.i.lencr.org/
	Fatura.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	pagamento8449.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	x1.i.lencr.org/
	ShareFile received.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	(No subject).eml	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	6LqQVR.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	66eff1749fcc1c59482cc595_1428835357.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	67206033746876a86fcf0b0e_61190934873.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/
	672327232a2b5a0da729714a_62573688605.pdf	Get hash	malicious	Unknown	Browse	x1.i.lencr.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
e8652.dscx.akamaiedge.net	Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf	Get hash	malicious	HTMLPhisher	Browse	23.55.253.31
	Workspace Update.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	23.55.253.31
	original.eml	Get hash	malicious	Gabagool	Browse	23.55.253.31
	Fatura.pdf	Get hash	malicious	Unknown	Browse	23.55.253.31
	Scanned Page(s).pdf	Get hash	malicious	Unknown	Browse	23.60.85.50
	NorthcareUpdatedContract.pdf	Get hash	malicious	Unknown	Browse	23.216.73.76
	http://assets.website-files.com/65f03c438efea1c906590ffe/65f2aaccae2d27695a9701de_96175503854.pdf	Get hash	malicious	Unknown	Browse	23.208.129.49
	R93FadYc2e.pdf	Get hash	malicious	Unknown	Browse	23.216.73.76
	original.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	23.207.49.54
	pagamento8449.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	23.55.253.31
bg.microsoft.map.fastly.net	Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	Workspace Update.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	199.232.214.172
	file.exe	Get hash	malicious	LummaC Stealer	Browse	199.232.214.172
	Agterdelen.vbs	Get hash	malicious	GuLoader	Browse	199.232.210.172
	original.eml	Get hash	malicious	Gabagool	Browse	199.232.214.172
	PURCHASE OKK.vbs	Get hash	malicious	FormBook	Browse	199.232.210.172
	nK8noQeiXl.exe	Get hash	malicious	HTMLPhisher, CryptOne, LummaC Stealer, Socks5Systemz, Tofsee	Browse	199.232.210.172
	SecuriteInfo.com.Win32.MalwareX-gen.14672.5040.exe	Get hash	malicious	FormBook	Browse	199.232.210.172
	https://degrgd.dailyenglish.it.com/ODIWCBlb	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	199.232.214.172
	Fatura.pdf	Get hash	malicious	Unknown	Browse	199.232.210.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	ATT97576.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	96.7.218.74
	https://aicreators2.com/Mountain-West/	Get hash	malicious	HTMLPhisher	Browse	23.55.63.48
	Invitation de proposition - #U00c9b#U00e9nisterie PTM.pdf	Get hash	malicious	HTMLPhisher	Browse	23.55.253.31
	Workspace Update.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	23.55.253.31
	https://apex.oracle.com/pls/apex/r/capsicure/file-document/file-document	Get hash	malicious	HTMLPhisher	Browse	23.1.33.15
	RESUMO DOS PRODUTOS DS_v2.xlsm	Get hash	malicious	Unknown	Browse	23.0.175.163
	[Certificate_Details]_[Microsoft_sarah]_Tue, 15 Apr 2025 07_31_02 -0700.htm	Get hash	malicious	HTMLPhisher	Browse	96.7.218.74
	random.exe	Get hash	malicious	Credential Flusher	Browse	23.47.204.64
	original.eml	Get hash	malicious	Gabagool	Browse	23.55.253.31
	random.exe	Get hash	malicious	Credential Flusher	Browse	23.47.204.51

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	298
Entropy (8bit):	5.251960821547436
Encrypted:	false
SSDEEP:	6:iORPPDRcTzB4q2PN72nKuAl9OmbnIFUtDPPDRcMJZmw9PPDRcMDkwON72nKuAl91:7RjqSvVaHAahFUtDjqe/9jqS5OaHAaSJ
MD5:	286A38A83DDBC924BAC2D48A96F69DCA
SHA1:	3E854D818216DC25DC3316C89E0A5C221975AECA
SHA-256:	9CB8D6A02D0DA529050F1CF2F99544640F372B7AEB0F361306E083C26F7098FB
SHA-512:	A94576D9827CEB0D324F6CE2E42CF4738E8D8A23DCB3681FCD3E552D410B61DEE930FE80F0BA994954A33164AF428D1AB1335E06F46B94309E1145836AEC2CA0
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:26:48.769 1d04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/15-15:26:48.775 1d04 Recovering log #3.2025/04/15-15:26:48.775 1d04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	298
Entropy (8bit):	5.251960821547436
Encrypted:	false
SSDEEP:	6:iORPPDRcTzB4q2PN72nKuAl9OmbnIFUtDPPDRcMJZmw9PPDRcMDkwON72nKuAl91:7RjqSvVaHAahFUtDjqe/9jqS5OaHAaSJ
MD5:	286A38A83DDBC924BAC2D48A96F69DCA
SHA1:	3E854D818216DC25DC3316C89E0A5C221975AECA
SHA-256:	9CB8D6A02D0DA529050F1CF2F99544640F372B7AEB0F361306E083C26F7098FB
SHA-512:	A94576D9827CEB0D324F6CE2E42CF4738E8D8A23DCB3681FCD3E552D410B61DEE930FE80F0BA994954A33164AF428D1AB1335E06F46B94309E1145836AEC2CA0
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:26:48.769 1d04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/15-15:26:48.775 1d04 Recovering log #3.2025/04/15-15:26:48.775 1d04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.245666083147765
Encrypted:	false
SSDEEP:	6:iORPPDRR5Yn9+q2PN72nKuAl9Ombzo2jMGIFUtDPPDRRJXJZmw9PPDRRJX9VkwOn:7RjP5Yn4vVaHAa8uFUtDjPJXJ/9jPJXm
MD5:	132F575D4800A1452C438F9FDBFB60D0
SHA1:	96624A4023B587AB2A8A40BC3BA068BCBE003AEF
SHA-256:	4767C40679D1F61A4F66455B32EEDD202A08042764BC7786C915B4341139D84C
SHA-512:	9CD4665A46C5089062195027E83E130EE942A79660AB94D42CEB202ED657B07610E40449089E293F913ED8A8ECF4EB50A5D5B40B385350070065D0E7091DE42B
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:26:47.975 1d28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/15-15:26:47.978 1d28 Recovering log #3.2025/04/15-15:26:47.978 1d28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	342
Entropy (8bit):	5.245666083147765
Encrypted:	false
SSDEEP:	6:iORPPDRR5Yn9+q2PN72nKuAl9Ombzo2jMGIFUtDPPDRRJXJZmw9PPDRRJX9VkwOn:7RjP5Yn4vVaHAa8uFUtDjPJXJ/9jPJXm
MD5:	132F575D4800A1452C438F9FDBFB60D0
SHA1:	96624A4023B587AB2A8A40BC3BA068BCBE003AEF
SHA-256:	4767C40679D1F61A4F66455B32EEDD202A08042764BC7786C915B4341139D84C
SHA-512:	9CD4665A46C5089062195027E83E130EE942A79660AB94D42CEB202ED657B07610E40449089E293F913ED8A8ECF4EB50A5D5B40B385350070065D0E7091DE42B
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:26:47.975 1d28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/15-15:26:47.978 1d28 Recovering log #3.2025/04/15-15:26:47.978 1d28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\35a5fc1f-d47e-4903-b5dc-a5477be84e4f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.969760522051925
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqIsBdOg2HsAcaq3QYiubcP7E4T3y:Y2sRdsMdMH83QYhbA7nby
MD5:	33D5A043F5B0687BC2DDA62B391A08D9
SHA1:	08C66F8D0EEEA27D106340688334D2ED7E41456A
SHA-256:	5EF38589EAC7EE609EAB565A6CBED9B8459CCBA5918C51898B41B7FAF6D09EB4
SHA-512:	46E0CCAB5F8EEF2E56951E575B06A2A4FE31B521AC0D5E8BACE42FF73781F4EE0F9DA5028E7AF5FA38F11855DB0CEBAAEC2CB7E41E6296ED83FD91274FE72AB1
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389305219172758","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":113147},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969760522051925
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqIsBdOg2HsAcaq3QYiubcP7E4T3y:Y2sRdsMdMH83QYhbA7nby
MD5:	33D5A043F5B0687BC2DDA62B391A08D9
SHA1:	08C66F8D0EEEA27D106340688334D2ED7E41456A
SHA-256:	5EF38589EAC7EE609EAB565A6CBED9B8459CCBA5918C51898B41B7FAF6D09EB4
SHA-512:	46E0CCAB5F8EEF2E56951E575B06A2A4FE31B521AC0D5E8BACE42FF73781F4EE0F9DA5028E7AF5FA38F11855DB0CEBAAEC2CB7E41E6296ED83FD91274FE72AB1
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389305219172758","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":113147},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	5859
Entropy (8bit):	5.251401526811597
Encrypted:	false
SSDEEP:	96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7XpM+6:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhG
MD5:	23ADB60E17DED3AF0F0885F55976860D
SHA1:	388A0DC83D294F38D1D3FCD622BB260F3B411CBC
SHA-256:	AE082235DE5E3001E507FEDE6A632DE38410DA071D231CE6CFD2BC0255BFBED1
SHA-512:	585AEBF21B4862A493D05D761007FACD561BB04454F4A9C999FBEAAAF9A2F0A9420828C483CB07E5EFD6C0E92CD62AB6AC041CD0A92236652246B2762EB74D5C
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.226384781646469
Encrypted:	false
SSDEEP:	6:iORPPDRfN9+q2PN72nKuAl9OmbzNMxIFUtDPPDR/nJZmw9PPDRSVXx9VkwON72nv:7Rjv4vVaHAa8jFUtDjlJ/9jiD5OaHAab
MD5:	83CF7AFD4DC16B532B14B0086EC80A8A
SHA1:	EF1E023A744C98BC8EB8F01D8CE65CDEB28C901F
SHA-256:	850AAACD6830EF3AD88F22D51F4ECB180FBC6F7EBE2ED5765AC1C84169E6FC9A
SHA-512:	6E5F0905672299E95567548967744EB7DC51EA1C2095B545DF6C91746B51234ADCF2B8CB38B4315D359847B7202C24B4ED2FB1F34A88DF69A93D5B081D6BA506
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:26:48.870 1d28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/15-15:26:48.872 1d28 Recovering log #3.2025/04/15-15:26:48.903 1d28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.226384781646469
Encrypted:	false
SSDEEP:	6:iORPPDRfN9+q2PN72nKuAl9OmbzNMxIFUtDPPDR/nJZmw9PPDRSVXx9VkwON72nv:7Rjv4vVaHAa8jFUtDjlJ/9jiD5OaHAab
MD5:	83CF7AFD4DC16B532B14B0086EC80A8A
SHA1:	EF1E023A744C98BC8EB8F01D8CE65CDEB28C901F
SHA-256:	850AAACD6830EF3AD88F22D51F4ECB180FBC6F7EBE2ED5765AC1C84169E6FC9A
SHA-512:	6E5F0905672299E95567548967744EB7DC51EA1C2095B545DF6C91746B51234ADCF2B8CB38B4315D359847B7202C24B4ED2FB1F34A88DF69A93D5B081D6BA506
Malicious:	false
Reputation:	low
Preview:	2025/04/15-15:26:48.870 1d28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/15-15:26:48.872 1d28 Recovering log #3.2025/04/15-15:26:48.903 1d28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250415192651Z-173.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.6604391173359303
Encrypted:	false
SSDEEP:	48:6BTcu8LOCZhqOOIttFqOAO5UPhH9SsCwSYWXgJIbdO3hmVIIhitJabOAOQOQv13n:6BTWPlR8R7RyiRfGRt9JiP3WslNe7
MD5:	55C0D4C5C815F3D3FE0903DF5FA20358
SHA1:	8D70885DBE8AD293135250F3E237D37664295ABF
SHA-256:	FC5183AF520428CFAC39C049CEA3F48CCB429A593CB4495609EDB8B8A51D469F
SHA-512:	78C669183E7CDB63EDF75AD6B6F3431FA22CE2A9CDA28D886EED36BCD1F45198CFAEA23FCEC3EEFFAF74966819BA56A9068D6321CDBBD89D30448BAD8DE3D1BC
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445128460815493
Encrypted:	false
SSDEEP:	384:ye6ci5tNiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mms3OazzU89UTTgUL
MD5:	A4AEBF306F7D429BA3E7EE098E9B1808
SHA1:	78D2860BEF490845E88FB088488C7960B027B476
SHA-256:	880ABD2CAE30401A6D22B1CEBF4E2862F7BAB3204B1F03F89368D04BCCF90D3B
SHA-512:	A27ABA9DD0B3BBBBA5A90EEF77CD968C4A3D1C1C3843C71D4C5FC527478CB1F7B38FDCF91B309C73A362F31DEF325CF5DBDAC39005CB4E1374E0BE5D2D59D720
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7674704550803786
Encrypted:	false
SSDEEP:	48:7MpJioyVnioy/oy1C7oy16oy1pKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Ov:7yJunFwXjBiZb9IVXEBodRBke
MD5:	0F21EC0DEEFB27480F8444E4D2DE26D2
SHA1:	51706C4CF1D1ED6906FA3702780B6B147CAA8118
SHA-256:	74919E33249A77C33465958C2F5D47F16AA3828B9C77579410A4C3E402FA7B01
SHA-512:	1A3465B0629CF65BA066FBBDE338688206C2C02CB0BC16BB6D805BCFF3254A45B82F120D9B8C69AB19338DF274A95BEFBA56CBB8B5085019ACF74314758D788A
Malicious:	false
Preview:	.... .c.....,.3................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	73305
Entropy (8bit):	7.996028107841645
Encrypted:	true
SSDEEP:	1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
MD5:	83142242E97B8953C386F988AA694E4A
SHA1:	833ED12FC15B356136DCDD27C61A50F59C5C7D50
SHA-256:	D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
SHA-512:	BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
Malicious:	false
Preview:	MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH..M.KB."..rK.RQ..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j\|w...#.oU..Eq[..P..^..~.V...;..m...I\|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.\|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.746484906506307
Encrypted:	false
SSDEEP:	3:kkFkljQ89PvfllXlE/HT8k0MzvNNX8RolJuRdxLlGB9lQRYwpDdt:kK7sPQT8upNMa8RdWBwRd
MD5:	BF2BC9C6A896B2EDCC8E86FC27759F38
SHA1:	1527B43857DCDDF1D0806FFF5D5A306DCA40D3BB
SHA-256:	F162E57B1FA2CEA3F5F454F296AA9CE8FE6E09A87EB0FAE3005F2C264AEE2A0F
SHA-512:	CE645EF196007467EBDDB2DE91828C80449574C586C849EAC4CC12F6497121F0B70377D25D2C1D79B5FD06F8AC9CC4375E5004D7C38C2EAE0A0FE94BE28772C7
Malicious:	false
Preview:	p...... ........P..X<...(....................................................... ..........W.....i..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	3.2810756866948085
Encrypted:	false
SSDEEP:	6:kK5gmcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:amfZkPlE99SNxAhUeq8S
MD5:	41B0644ED15B3EF8FED242E33B84BCCE
SHA1:	F1AE81393B23686EB55019B5FA86DDD0CF5B87A2
SHA-256:	0141CE903A33A1A084C5B485701B9BAC1B96BC7E79C36CD9E22A49713ACDBFFB
SHA-512:	BA184231494F5EE15D9ACA7D050177CE4C2B6CDA6ED3633DFF2BD9518CE157764F2E68EC52CD3BD194B4132E4EEBF1CDCFC7D5BA96E7F0E38D5EB9DD9AE272F3
Malicious:	false
Preview:	p...... ...........j<...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3716

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
MD5:	265E3E1166312A864FB63291EA661C6A
SHA1:	80DFF3187FF929596EB22E1DB9021BAD6F97178C
SHA-256:	C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
SHA-512:	48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.36858904549709
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJM3g98kUwPeUkwRe9:YvXKXYPZHi0cNoGMbLUkee9
MD5:	E29B7CD869FC48AB61DC89289013A729
SHA1:	58187F7F3C1A604684018013529E5879E63B73E4
SHA-256:	6F3B75BD549670C4A2C9F5D1ED53F8AA62E120B8DB587EDF614C090E53F63F40
SHA-512:	1765270192E73EEFC871F00663EFEEAC7134AC33AD76A28D0568996D1C1FCE21557516C8D29DF016A4982075B61C7744D8968418F6EF51CDE192571E48537044
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.320521165916735
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJfBoTfXpnrPeUkwRe9:YvXKXYPZHi0cNoGWTfXcUkee9
MD5:	6A2B413FCD63F45E8CD66208340C9F66
SHA1:	E8BA0C0145D7AF8360CA1DD24BBF12859CCADADA
SHA-256:	1FD0381A62A003707B26D8C5436422D57D4DEEEB52149B123EA73C293F2C5306
SHA-512:	C3D6AAD4A0EFBD0253B065CC192EE9B07C74CE100757D2F06CB444E270B41ADBE112D213727C9F49D50D6910CBF25FBA3BECEFB6629111BA40B0197F939BE99B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.299516201311811
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJfBD2G6UpnrPeUkwRe9:YvXKXYPZHi0cNoGR22cUkee9
MD5:	8BFB356158DA017320458FB6A79B6A5B
SHA1:	5CEED93D127A5A89EC28D4340C8F31CC96174569
SHA-256:	78B8BCE8EFB8828234EFCB74A8524DB7942BA4C036030A333CEB9E722DD1CB95
SHA-512:	45235B73DF4C0A741AA84A6720DE688D78F16C8E978B8D78950B00B8F75A2B9D09B3B4A1A441FF662FE0705195B3283F5195FAEA7940AFD1C3DA3A0FD026F43E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.348794977623479
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJfPmwrPeUkwRe9:YvXKXYPZHi0cNoGH56Ukee9
MD5:	C6A0C145494A457DB83B79C6A01019C9
SHA1:	B9C3CEC33F6E76E8AF382F56840A55EFFCE1E752
SHA-256:	683817D8C2E1073EA6B1E4D83E6C98873C623B8E5A65C8D30B95752A0489AD46
SHA-512:	3BAC25191CC43312541758DDA44B5746B4F5B4C9B0D615892CBE00BA71D959F1689D8185092E0B0E2CAFEFA5E1D911DA07C68FF4CFFAB10E686F24A0BFA43A10
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.84686963652875
Encrypted:	false
SSDEEP:	24:Yv6XgCZHpLgEGycjycR84b0nNFmerISIedJGWQxiEDtbpEsrAr3IAHlO25FEEDix:YvGhgly48zFm/TWCt8KOP/nDi/V3
MD5:	9E3447258D9078788B69EDB55BD75A89
SHA1:	5A9597AE70C48E22A3D7BA53FBE397EAC3FF23F8
SHA-256:	2D8E7A895397EA2103D940582FE08D547A45A70380132F3DC94F29ABB698A372
SHA-512:	D2DC4DAECEF5C48D027B0F85A82BF43390A9822F7C9CF61CF115395F135D793E3253E02F820FE3D935FA85C6E76ECE0FB4256D4511B2F6B135606D74BB8CB1E9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.295054654615349
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJf8dPeUkwRe9:YvXKXYPZHi0cNoGU8Ukee9
MD5:	D183D137F27B5BAC9FCF9FFE8E589C61
SHA1:	DEB5118907C0B304584AC304DB9364A123A07FE0
SHA-256:	20D09C366FAC89581AB6372500B0704D482EE9A5075269EA6B9D52278DA2A452
SHA-512:	EC55536DCE775141882E805732CEDF0A4EF24822E23B6564BC154DFA1D5A168061F31C621DABEF00400012D3DF892C2B592C5EF09E86AABF55659A805339E5BF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.298048514496546
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJfQ1rPeUkwRe9:YvXKXYPZHi0cNoGY16Ukee9
MD5:	9E5336829B51EBBE8880B49C5E63EB40
SHA1:	17F187C1AF6B22CB36FC63453524616985233B90
SHA-256:	EF0BD0BEB837074D64691163404785A2EA5020FF73F792E027939A1160EB3491
SHA-512:	416E0740D204B90DBAB64E18671339812DAC3745BAA565DF6613D4FC3EF08AEF9627DDEA143F3C0720305716D7EFE9D814C950EE4A225761935CDB055DAA197B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2160
Entropy (8bit):	5.832537312902575
Encrypted:	false
SSDEEP:	24:Yv6XgCZa2LgEDyc8NcR84b1/dOQerISIoiyLVFgKy1NvEsrArlb+h+8qYMfi+oYC:YvVogbN48uOQ/GiyL4TwKOkQJi+ohJ3
MD5:	0C1181FEAEFEEBDCF6805C2484FD9AE9
SHA1:	898E20C2CB16CE3692E98230DD99065B772DDB02
SHA-256:	541F53A642F3266539FBC45B6997373256B42C10613AD4950B90DB9F30831B42
SHA-512:	6A970E34530CEBD93CA017FE76F85941A2B9C50AED2440CE8D79DEC2AE755AA5A068D642016CD6403C1CF5768DB0711F8398B83248EEB174F8E9496A20A4E191
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.321070103340988
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJfzdPeUkwRe9:YvXKXYPZHi0cNoGb8Ukee9
MD5:	21ECCBCCB9EB12C5865CAF6F6BA17D05
SHA1:	844EA7BCDF24FD17BE69BC04B61EA47A00589E05
SHA-256:	95605A34A903DF61517382C047ADE367705983791F13DFB872E7569527FCFAED
SHA-512:	DF6146CFF35A89C0309B13D877387AFB9FB88DFA505F469D8BCC03D401FC55268E325F296B71AF96199D074780F0A2C4421D7565B98EA407EE6E15B54EF0C170
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.30202675234061
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJfYdPeUkwRe9:YvXKXYPZHi0cNoGg8Ukee9
MD5:	8DB89161F519CFCF918C1837B87EAD81
SHA1:	0681353D34D87612E6F64CEC3EA5111C2B36FFF4
SHA-256:	DA13436BF073F2995FCBA707C0F1F68A6BFECE3CB2F4F3E6C707835517DF610E
SHA-512:	5841C7D1BEC13B4FD4F932BB02E594088FB86C52FD9D023ED61DD9DDD7A9F42EB7DFD695DFEB441D9D90ECCDA727669DCDF1623E20DC6990694E82A930A0CD03
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.288411798350642
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJf+dPeUkwRe9:YvXKXYPZHi0cNoG28Ukee9
MD5:	A39959E096213A5CE22BB425D458534E
SHA1:	EFD5B785B608A83C92B1253012E930FB6622FB9D
SHA-256:	C682767101749D0B2FA61DA97E07C6E556967B4D788515BB72B863CCE3A55120
SHA-512:	20D3BD34489FCB59FC2BC75B20EA7B72985F584801C689CE25558BF8DE873948BF868DD7FA801217AD3A2DB8C26173EB8540A78B25938D71F4DB9FB859EB3C15
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.285559920445121
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJfbPtdPeUkwRe9:YvXKXYPZHi0cNoGDV8Ukee9
MD5:	8E4A799C6900AEF28BA23552A3AFCC1D
SHA1:	6BC75471CA6D9C7FB227A9F86CC3D5A438A5D19B
SHA-256:	D37AB7B4004DD97346E94D2E7E7084E98EBC59BBFAC6ECAD89525766EC914963
SHA-512:	DE5664AD6B0D91FFBFCD11C88185E50B2167DC3B48E69BEA5E61C1DE5CECD917F4BCF4FC415AB2154CCC39C6912D69E3ED1A8D3AAC6EFFA949FBD4C9B5C32742
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.289265159624674
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJf21rPeUkwRe9:YvXKXYPZHi0cNoG+16Ukee9
MD5:	24CA86ADC7A3F49935AB6ADDDE07865F
SHA1:	68E9CAC6A855BAE63DB1DFECAD79F06DB8D7EC28
SHA-256:	CD472B7ADFC39922503A5F22C24AF9FE9F0C31C82A5E381BBBC77F1D5A03CD1F
SHA-512:	C67D8F1B8AEE46080EF3140565EDF1AFA5664D5DBD0C264306C8CC5C43E34071138260F6DD72A9510583D18CD7E4872A79EA54836137C5F7F5C70B8A4DEE9061
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2112
Entropy (8bit):	5.850004363209555
Encrypted:	false
SSDEEP:	24:Yv6XgCZ/amXayLgEdycgNaLcR84brvXJkoerISIQ1iyLVFgKy1N8IAHlOBJEEDYj:YvUBgBG48kJko/SiyL4T0AFDA/V3
MD5:	ECA81796B761F2C6EDB345F61DDBAD25
SHA1:	4E6AC4195E6D6EB0498A67611C853A764EFAF293
SHA-256:	13286966D3A551F9D26C242A97B452924F35909E93D0799ADB29D605DD975D96
SHA-512:	41592CD7AB9D77FF8AF025DAA0104E90A6B4F942E0A0464877EBB5C9D5E03EA048C312EE4F705755835132FD25FD9E7ECBC1DC9CBEC947496415566FCBB8D939
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.263687941547068
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJfshHHrPeUkwRe9:YvXKXYPZHi0cNoGUUUkee9
MD5:	B272F536DC54052157CFDD470E42A3C2
SHA1:	D27B497B37580187194CB1ECA0F6310851A59854
SHA-256:	5249541582D3A4E215D7C0A702878C711D1ED203C1CBDDD666FC8BC0260CFF5C
SHA-512:	74C75E3126E807E601786EB995AE3A85CA2FDDBB78EE61C7CC7FBE32148D7501E11469F069976E060E55001F3D4D2A23FD73D738A711CB143F769EDA10FD4223
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.273160579785874
Encrypted:	false
SSDEEP:	6:YEQXJ2HXYPZHi0nZiQ0YQc4oAvJTqgFCrPeUkwRe9:YvXKXYPZHi0cNoGTq16Ukee9
MD5:	94103D72D03398F5686172D9BE51D3FF
SHA1:	2E9CBB361213357EE95A3B61EFFFF126F3FC0386
SHA-256:	3ED517D05FDBDB30B376BEDFC4804CC8A549D5E053B0D707BE607E3DF3B04626
SHA-512:	2D05C50A2E1C17492CE05DD87E3EAC6FD58B2DC6579C0AE6BBDC6C9160E531C49F257989318BF1B7217052601F0D823D7E55CBE75A6655D1EDAE7FEFD037B5EA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"dbd6ba13-148f-4eb2-8d1d-da8a56560ecf","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1744924572075,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.138807502463667
Encrypted:	false
SSDEEP:	24:YjlhW2aiayJR6JGUQXWEiiHAdBPljjB2j0S8xs2/2LStCHUR4yJbY5qh9KPumFOG:Yj7zR6Bz4AdBxjOvWnEUHJcW9KJ
MD5:	3365E30BD05CC2CB73B6DA3AA6C7C9EB
SHA1:	2D7478269C94F979CCAB02AF0CEFBFA19A20ED54
SHA-256:	63E67C5D81F3847CFC07EE4E0DBACA074EDCAE49F53A802DDE359842C03E94AE
SHA-512:	095957F61AFAC2DFF6C4CBCCA3BC49BDBF0838C274E395C4F2EA3BF3F833256A0B97053B14AF253921F8F29C9D17B73769112EEED53597F8DEF339725175AD3B
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"211b725bdd987bfabb09b4080d47bb8b","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1744745216000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"7d39b5b762bf9a19b8a5bec6cd34e20e","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1744745216000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c8c753df1c282a53180aa16e60fdafab","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1744745216000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b19fac12d8387b453d924693ef4f0f85","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1744745216000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"59088e1514a25a33921d86b71f46bc16","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":286,"ts":1744745216000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"5111f3c49a9d0bf3f30e86813c50ab6c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1472814656905612
Encrypted:	false
SSDEEP:	24:TLhx/XYKQvGJF7ursiRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHh:TFl2GL7ms8Xc+XcGNFlRYIX2v3kh
MD5:	237A2ED69FFCF3E498A5E94A0829AFF1
SHA1:	002AAB8FFA93A0812EC818C450DDB35F48572F49
SHA-256:	0C86C3F8FABADA89D8CB94EF41A1F766BB4FD54F64ECC93179428B67C2ED90D6
SHA-512:	FD474A53B44750C800C4F3720113777181FA92028053CFD16A90B82D8521505AB348458965ED2F311D3BEA9CFC599BDC84F4A8A83C62DCA77FE0F9DC9EF1C05C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.5505745550477659
Encrypted:	false
SSDEEP:	24:7+t8UXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLux6qLxx/XYKQo:7MxXc+XcGNFlRYIX2vzqVl2GL7msSK
MD5:	74C31C887CFD817A29E4AE3F7D256D63
SHA1:	48626CFCC59DEF9657F1E8842784EB051039478F
SHA-256:	B02D171AFEA92F3F72FC9482243532BD640CC498799156D0D9B10CCD7493DA68
SHA-512:	665AF20184225D78D4D35433E13D3593750BC86EDFCBB9DB822F65C1080652F4A2721BB7470A630637A6BC5B524AB396413BD0F4601A053300DC3A44D1509231
Malicious:	false
Preview:	.... .c.......U...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSId698e.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5258803161342094
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+kClEWpw:Qw946cPbiOxDlbYnuRK4Wpw
MD5:	913A079212910C631B787B96387BB519
SHA1:	A497729A164B9544E3191389B14F4E90FA39FDB8
SHA-256:	6AE51B2046C18B950D07C93198BFAB320DC51F32342C35195035447315FC1D68
SHA-512:	D89ECE2BDDFB28237D42FECA4E76B61EC562E3421D8171FCB099B86D7F9A2C41BA979D4DE69B6E23AB9281CC00E526D2E98AAFC989F4F9738E1158E7625A334E
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.5./.0.4./.2.0.2.5. . .1.5.:.2.6.:.5.8. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91f0qipr_1g8tozq_2v8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.03286891293118
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOrki7Ugki7UbCSyAAO:IngVMre9T0HQIDmy9g06JXgiOiYlX
MD5:	309CCDABE30649DF9D33AFB9CF722897
SHA1:	71AFA190198C9F0490F1909B4AB237E0AE296F3C
SHA-256:	E35F1E5E6603053697265BF3A92F96B0A02A8B6D02E4A424267FDD0773944B62
SHA-512:	93CD22C1BD4AAB5E8F993198DF44993DDC3B4ACC5C2ECF540CB3643F38F8292A1154174928C6282EE10F3BAB2E6CFD0C8A6338BBEEF723E03851ACDAFC0BB741
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<4A48A1B19A9AD348A1FFEA40ABB46F06><4A48A1B19A9AD348A1FFEA40ABB46F06>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-15 15-26-49-883.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.338264912747007
Encrypted:	false
SSDEEP:	384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
MD5:	128A51060103D95314048C2F32A15C66
SHA1:	EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
SHA-256:	601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
SHA-512:	55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
Malicious:	false
Preview:	SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.342966572742435
Encrypted:	false
SSDEEP:	384:cjB9Sc7fAm3VECXu5y6XxXAB1KLLp/H6zYv97ztr9z2l3hjpz6e37Wwl44+LUDD/:MY8x
MD5:	245997FEB5694334D16BB60E515F948A
SHA1:	445CA7D0E7E649A75D44506E20F31978CB31322E
SHA-256:	722A341ECF05B41B4A9ABC64612E655891D02E21AC1D8D3082048EBB1F09AAA2
SHA-512:	1B95FAE96570351EB5FDE9856242B9C3C645E78939D9D3EB8FF600E7791CB7D1BC4F74F69CA7C2BC2D1664C35BC653427FB77691E3396BF31BB28E1A457218F9
Malicious:	false
Preview:	SessionID=983a6c60-e03a-49bd-a7fa-308b5b57332e.1744745210085 Timestamp=2025-04-15T15:26:50:085-0400 ThreadID=7940 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=983a6c60-e03a-49bd-a7fa-308b5b57332e.1744745210085 Timestamp=2025-04-15T15:26:50:087-0400 ThreadID=7940 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=983a6c60-e03a-49bd-a7fa-308b5b57332e.1744745210085 Timestamp=2025-04-15T15:26:50:087-0400 ThreadID=7940 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=983a6c60-e03a-49bd-a7fa-308b5b57332e.1744745210085 Timestamp=2025-04-15T15:26:50:088-0400 ThreadID=7940 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=983a6c60-e03a-49bd-a7fa-308b5b57332e.1744745210085 Timestamp=2025-04-15T15:26:50:088-0400 ThreadID=7940 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.398747606243377
Encrypted:	false
SSDEEP:	192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcb8cbYInBcbZ:V3fOCIdJDehng
MD5:	A7D9103C1D5156AD1D3DDD226D10327A
SHA1:	AD7865ED85F70C899F88B87C9C0F5A66F9F101A3
SHA-256:	36CED5EC050C1AAE8A85BDFE703B99A4D5908A15A166D0B921F08876C025EB4A
SHA-512:	8B7D7964E0032A96FF6A27BF20447B7261FB5F72D6C88B7A19CCEC4FBAB8722E53D6306703484910277C5FF10E7609D6F20B1A99A5B23D15FBE8306A7E64F055
Malicious:	false
Preview:	05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\444a34e8-f3f9-4646-8bf2-fb76927861eb.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\63a7abf1-67d9-4f39-bc42-52e8b8f7f52e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/RkwYIGNP4bdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WL07oBGZd:CwZG6b3mlind9i4ufFXpAXkrfUs0jWLa
MD5:	5B97D1E5AC0AACF309B684B011BDCCD6
SHA1:	F3853B1822E143022463AF1369244DC20ED4F959
SHA-256:	C507A47EDBFEC4064962822516D24C81B8ED82B610183360D2E11C03323E3C84
SHA-512:	A724C257456EDC784127351602B0E4A4B2C37028A76125158E73C26A7E1F6D5735E9C54D29B6C56FA9F7F4929109D628B9B9146B1E4993BA4AC7EB5F0E2AEF3B
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\9b7a16d9-86bd-4409-ba7d-628ff12948fb.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\dbfc4b67-d289-408a-9256-00b03268f9e0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:6DaWL07oXGZGwYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:caWLxXGZGwZGh3mlind9i4ufFXpAXkru
MD5:	7867DAFF192926A49EB7516D226D452F
SHA1:	BD0B185B12DB865CEA23060A9789C6B2D814B62E
SHA-256:	C7586BA81615BBAA63DA0D81CE18C0D087D1237500C99C35239A4D3CAEED2934
SHA-512:	B556042E82056983EA6A69AEE0DAB370641437EF6239FD04676FC26EC9472C6E5EF6194885C165E3987E8019321DCD9B4A574EA7A6253AC3C9468434AEAA0C21
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.4, 4 pages
Entropy (8bit):	7.786660544150653
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	American-Equity 2025 Handbookupdate.pdf
File size:	133'489 bytes
MD5:	77c8a45bd2d81ed537b10544650b80de
SHA1:	79e8059eec24e15e750262c129892b9f70743ffe
SHA256:	6e7efa3c669f8677131370157cee200b9a4bb9cf8e091d3693795f9da0736c1f
SHA512:	4e4498d4cd6310fcfd78e0f85db0bdda75974a6d9ae13a7b7c2a7e4967553bd5e524ec9587dbc20c41cdbabea515d52b240664978a052feb807ccaeaadfcbf4b
SSDEEP:	3072:OryRo1q22LrpQWp2em4/0gxpjMgjIBpf2ulOs22aNyCstiS1l8sfSz9:OuRo4TXm/aMg4fXf6+lzi
TLSH:	18D39D60F98A8CECE887EB0E85F9348E0F5DB45B75CE788400694A15F543DD6BB93287
File Content Preview:	%PDF-1.4.%.....1 0 obj.<</Title (Employee Handbook - American Equity)./Creator (Chromium)./Producer (Skia/PDF m127)./CreationDate (D:20250408131710+00'00')./ModDate (D:20250408131710+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.6 0 obj.<</N 3./Fi

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.786661
Total Bytes:	133489
Stream Entropy:	7.995635
Stream Bytes:	104864
Entropy outside Streams:	5.024414
Bytes outside Streams:	28625
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	176
endobj	176
stream	16
endstream	16
xref	1
trailer	1
startxref	1
/Page	4
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
4	0000000000000000	7294388f4517da59d57881ad1202f7fb
5	20801662d6c88021	ecab5eddc005709120783e21f3e60c43
17	0000000000000000	7014794e849bda9e8e09d382ee4c0836

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 21:26:56.125560999 CEST	49691	80	192.168.2.6	23.55.253.31
Apr 15, 2025 21:26:56.231105089 CEST	80	49691	23.55.253.31	192.168.2.6
Apr 15, 2025 21:26:56.231209040 CEST	49691	80	192.168.2.6	23.55.253.31
Apr 15, 2025 21:26:56.231391907 CEST	49691	80	192.168.2.6	23.55.253.31
Apr 15, 2025 21:26:56.336828947 CEST	80	49691	23.55.253.31	192.168.2.6
Apr 15, 2025 21:26:56.337882042 CEST	80	49691	23.55.253.31	192.168.2.6
Apr 15, 2025 21:26:56.337897062 CEST	80	49691	23.55.253.31	192.168.2.6
Apr 15, 2025 21:26:56.337958097 CEST	49691	80	192.168.2.6	23.55.253.31
Apr 15, 2025 21:27:17.100723028 CEST	49691	80	192.168.2.6	23.55.253.31

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 21:26:56.013765097 CEST	62809	53	192.168.2.6	1.1.1.1
Apr 15, 2025 21:26:56.121341944 CEST	53	62809	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 15, 2025 21:26:56.013765097 CEST	192.168.2.6	1.1.1.1	0x3ac	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 15, 2025 21:26:56.121341944 CEST	1.1.1.1	192.168.2.6	0x3ac	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 21:26:56.121341944 CEST	1.1.1.1	192.168.2.6	0x3ac	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 21:26:56.121341944 CEST	1.1.1.1	192.168.2.6	0x3ac	No error (0)	e8652.dscx.akamaiedge.net		23.55.253.31	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:26:56.490534067 CEST	1.1.1.1	192.168.2.6	0x9f54	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 15, 2025 21:26:56.490534067 CEST	1.1.1.1	192.168.2.6	0x9f54	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

x1.i.lencr.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49691	23.55.253.31	80	7220	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2025 21:26:56.231391907 CEST	115	OUT	GET / HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/10.0 Host: x1.i.lencr.org
Apr 15, 2025 21:26:56.337882042 CEST	1358	IN	HTTP/1.1 200 OK Server: nginx Content-Type: application/pkix-cert Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT ETag: "64cd6654-56f" Content-Disposition: attachment; filename="ISRG Root X1.der" Cache-Control: max-age=27025 Expires: Wed, 16 Apr 2025 02:57:21 GMT Date: Tue, 15 Apr 2025 19:26:56 GMT Content-Length: 1391 Connection: keep-alive Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED] Data Ascii: 0k0S@YDcc0H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G\|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urIAv5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP\|Ctt0[q600\H;}`)A\|;FHvvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!~Lq`9!VPYYbEf\|o;'}~"+"
Apr 15, 2025 21:26:56.337897062 CEST	387	IN	Data Raw: 0e 8f f2 8a 34 5b 58 d8 fc 01 c9 54 b9 b8 26 cc 8a 88 33 89 4c 2d 84 3c 82 df ee 96 57 05 ba 2c bb f7 c4 b7 c7 4e 3b 82 be 31 c8 22 73 73 92 d1 c2 80 a4 39 39 10 33 23 82 4c 3c 9f 86 b2 55 98 1d be 29 86 8c 22 9b 9e e2 6b 3b 57 3a 82 70 4d dc 09 Data Ascii: 4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{^FS\|7B*HL9GR+3S}MmBo@'5\(3#PylFn~:R-?[$

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 3900, Parent PID: 496

General

Target ID:	0
Start time:	15:26:44
Start date:	15/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\American-Equity 2025 Handbookupdate.pdf"
Imagebase:	0x7ff7b5bf0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7220, Parent PID: 3900

General

Target ID:	5
Start time:	15:26:47
Start date:	15/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6c71a0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7432, Parent PID: 7220

General

Target ID:	7
Start time:	15:26:47
Start date:	15/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1588,i,1752010807920482252,9347575554402704444,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6c71a0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report American-Equity 2025 Handbookupdate.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\35a5fc1f-d47e-4903-b5dc-a5477be84e4f.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250415192651Z-173.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3716

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Windows Analysis Report
American-Equity 2025 Handbookupdate.pdf