Edit tour

Windows Analysis Report
Carlton House Insurance 2024.pdf

Overview

General Information

Sample name:	Carlton House Insurance 2024.pdf
Analysis ID:	1455420
MD5:	5eb4094e2dbfc868f6cd4ca57b045246
SHA1:	993e2a7347f1eb431a2fd6041595cbb6d9bfe915
SHA256:	98523c7350b0fdd9079823bc1870341bc3e76826ba7ff730498f20908c019bcd

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

PDF has an OpenAction (likely to launch a dropper script)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 7024 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Carlton House Insurance 2024.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6456 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6568 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2224 --field-trial-handle=1592,i,18387352740843586625,9196825002832080474,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winPDF@16/52@0/50

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7112

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-11 14-14-05-341.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File read: C:\Windows\System32\DriverStore\FileRepository\prnms009.inf_amd64_b1142994fb10cf54\MPDW-manifest.ini

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Carlton House Insurance 2024.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2224 --field-trial-handle=1592,i,18387352740843586625,9196825002832080474,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 4C1072F75BF18063249BD0AF732802C2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2224 --field-trial-handle=1592,i,18387352740843586625,9196825002832080474,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Carlton House Insurance 2024.pdf

Initial sample: PDF keyword stream count = 44

Source: Carlton House Insurance 2024.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Carlton House Insurance 2024.pdf

Initial sample: PDF keyword obj count = 110

Source: Carlton House Insurance 2024.pdf

Initial sample: PDF keyword /OpenAction

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 File and Directory Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.22.254.206	unknown	United States	14618	AMAZON-AESUS	false
93.184.221.240	unknown	European Union	15133	EDGECASTUS	false
184.28.88.176	unknown	United States	16625	AKAMAI-ASUS	false
95.101.54.195	unknown	European Union	34164	AKAMAI-LONGB	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1455420
Start date and time:	2024-06-11 20:13:32 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	18
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Carlton House Insurance 2024.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@16/52@0/50
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 23.22.254.206, 52.202.204.11, 54.227.187.23, 52.5.13.197, 172.64.41.3, 162.159.61.3, 40.127.169.103, 20.166.126.56, 95.101.54.195, 2.16.202.123, 88.221.168.141, 93.184.221.240, 2.19.122.216, 2.19.122.199
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Carlton House Insurance 2024.pdf

LLM Input / Output

Input	Output
URL: PDF Model: gpt-4o	```json { "riskscore": 2, "reasons": "The document appears to be a legitimate insurance declaration page from Farmers Insurance. There are no visually prominent buttons or links that stand out as potentially harmful. The text does not create a sense of urgency or interest that is typical of phishing attempts, such as 'Click here to view document' or 'Open the link to see your invoice.' The only link present is to the official Farmers Insurance website (www.farmers.com), which is a well-known brand. There is no indication that the sense of urgency is connected to any prominent button or link. Overall, the document does not exhibit typical characteristics of a phishing attempt." }

Input

Output

URL: PDF Model: gpt-4o

```json
{
  "riskscore": 2,
  "reasons": "The document appears to be a legitimate insurance declaration page from Farmers Insurance. There are no visually prominent buttons or links that stand out as potentially harmful. The text does not create a sense of urgency or interest that is typical of phishing attempts, such as 'Click here to view document' or 'Open the link to see your invoice.' The only link present is to the official Farmers Insurance website (www.farmers.com), which is a well-known brand. There is no indication that the sense of urgency is connected to any prominent button or link. Overall, the document does not exhibit typical characteristics of a phishing attempt."
}

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.150821611291763
Encrypted:	false
SSDEEP:
MD5:	45BF8CC2D6F88732745C9C090B18A12E
SHA1:	7C29AA41733FD965137DAACB5620979CF48FCC9D
SHA-256:	066B99B85C098CA39AC8C2AA17D18D2CF92E202CCD74E0B54304F20B794BAF2C
SHA-512:	978C4CF733078EFED800AEFCECCB48E66089F6B16511FE1A99636BD5DFF882C877C4022F194E43D2FC92321057AB49B9B171A630187FE52A70D774FF350514AA
Malicious:	false
Reputation:	unknown
Preview:	2024/06/11-14:14:06.106 1984 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/11-14:14:06.112 1984 Recovering log #3.2024/06/11-14:14:06.112 1984 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.179596743779147
Encrypted:	false
SSDEEP:
MD5:	D31CABB951630C878DE77DEF49293B60
SHA1:	1F0C7FC9FDAFD5CEA777DD93F8063840E018E396
SHA-256:	E5108FC14744D59A3D33237422449586AF7906ACA07B84085EFF02B03216463A
SHA-512:	5BC095746E786F434269A9C9CE760B77975D6A6D6A09A8DFD3557F986CE875A9751B9E272E6823FC6D7F50E71D5289C92515FC1A0DEAA4B616C27D6575C7A109
Malicious:	false
Reputation:	unknown
Preview:	2024/06/11-14:14:05.991 198c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/11-14:14:05.994 198c Recovering log #3.2024/06/11-14:14:05.995 198c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\16aebb49-9ef5-4197-a7c9-834074afdfb1.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.953858338552356
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF640f6a.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e30df9d6-6c7d-4a33-a889-9779ef904da7.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	403
Entropy (8bit):	4.974799476668561
Encrypted:	false
SSDEEP:
MD5:	0966BEB4CC7A1EE073E63A8D8579075C
SHA1:	760E8596A8A1890D2158824E000F1A67612F951C
SHA-256:	62BEF414445BC8E10488167904831B7272B125B5089F01DFDBEBF7A398885929
SHA-512:	2F159E8F36BF8C49EF3160D299860B858838CA9AF756619EFEA8A95ACBD1934361C224AAE770B24BF6325FB196B52C46A184B281C2B4CBD268041C1245813007
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13362689651845872","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":228483},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.229120128645587
Encrypted:	false
SSDEEP:
MD5:	A507437B11671F9DD309136C3B529ECC
SHA1:	539617CAA66EA41C18A5F417E662C5D4A2A62C8E
SHA-256:	3F014097AFDBBD46D6ED1D5E9E9DD4846D7E662568C76269C00CCE1FFF15FB05
SHA-512:	A0285844DA68868A27C25613BAB70F2F35E897B7D7512A9C81CB37079428C1B545E2DDD3BFB0406498BC1B97E20E2794B1CC203B62E42BEF3AD1583B8873573E
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.183012252940999
Encrypted:	false
SSDEEP:
MD5:	3E46FE6504D1A55FB25C2C29CBEFD65B
SHA1:	888F3D8E9B79B3B0D8DC863937692B2336F658C9
SHA-256:	6165CCC95AC2E3D2F2D842D488FA931B92503E90542AAF375CD250B9A1CFCD29
SHA-512:	12038BEA6FF12D21C033DADE7992CD618A03FAEE36EF7A3063C4256709FA5A1627DEE20723B9EED16941885C3E4F9166D7445BD9D3472AA87590D78C56951B99
Malicious:	false
Reputation:	unknown
Preview:	2024/06/11-14:14:06.159 198c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/11-14:14:06.162 198c Recovering log #3.2024/06/11-14:14:06.165 198c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240611181407Z-210.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.7233175063981676
Encrypted:	false
SSDEEP:
MD5:	25DF2EE7A20C0FD6C7ACFF7350C76D81
SHA1:	64F742971D014A901BBE8205EB525102CFEC9791
SHA-256:	7AEE7AF93264066594DB9216BC93636A4D7B4418E2D0C15D0BEFDC996F1D7FB8
SHA-512:	02540EC0736C1179CB369456E40FCB00888CFA749CC5607D4E1655EB10211DAFF7EC0F691B83F43398D74E7AC10800B6BC8F703526335DE09E3B31A5C639A71A
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.2145462275216448
Encrypted:	false
SSDEEP:
MD5:	3891EADEF88E0F772F2F868B8DDA8298
SHA1:	C8E8731C3CAB83D0D3BA7E5E8C54592B57D3B79C
SHA-256:	31846706D65CB52FEDB4484DB6924D83A699E3CE5ADA2E0752FA2C5DE2533AD4
SHA-512:	2E06B77C376B1034199690F7E608B38239319DDFBB8FF33368D9E8DACD2799CA5BF3117F6568781FB6942AAA756B66FF238B03D3D3A67DC03074D0224A7C12A6
Malicious:	false
Reputation:	unknown
Preview:	.... .c.......N.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Reputation:	unknown
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1280954022511493
Encrypted:	false
SSDEEP:
MD5:	393F7D4361B0B7615AC31C068E4F8C50
SHA1:	A9D5FE1FB074400B792DD14589022E14263DBC8C
SHA-256:	CEE0463ACF85FE93D5BCF828CEF71EA8201B4B7F7F2E6A17FDA43EA506791731
SHA-512:	847811DABE48589E4A03FD204BA2237019B7F2B2E1A441CB01B8CBDC81D82ABCA569FD63BAB1470C649FFAA2773C7CDA809319DD01E420087F09B04CD428C5B5
Malicious:	false
Reputation:	unknown
Preview:	p...... .........n.>+...(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.026467887142631
Encrypted:	false
SSDEEP:
MD5:	0705FE32A5016C45A88396C1319A330F
SHA1:	3658FD4D803363037132614BA2C3A484AD64AB0F
SHA-256:	5DC09743B11DE386B80CD264EBE29069C2072DF3158110E5F07C83AB087CA12D
SHA-512:	318F88451830B67B8499975636C857FB2780740815D6431B2A576797EE274BC6EC01034CADE83CF94F6566A14985772DA595537B4701AC4C41F0C2E539B14D8E
Malicious:	false
Reputation:	unknown
Preview:	p...... ....`......++...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7112

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	229108
Entropy (8bit):	3.3940996892089097
Encrypted:	false
SSDEEP:
MD5:	FE852323455F908766C83850A12160B0
SHA1:	8E4043ACD55DDFA11ABF8B490DEC4A3C5F452A19
SHA-256:	185F5A265A1EF49281D9B5E4E50A5CA8C6EEFB4B7E281393291E2580B2D855F7
SHA-512:	B804808D5B649B88B0ACF97B6876F332F276D736B4F9D883C950DE15EAF4445775C2D0EF4699A2E7EF9C789A2B0CCD9E6794A97F3171FA415BDB6FBD618053D8
Malicious:	false
Reputation:	unknown
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.374508896939788
Encrypted:	false
SSDEEP:
MD5:	AC9D65A5B2F808E157C4FE9BA9B07A71
SHA1:	3CF2AE0412CE6108F38A930D9A426348B241BD47
SHA-256:	7B61FCA9C73C5BB4085C632A8115B7190CE951A699888DE743E260D03D7880EF
SHA-512:	2544E9FD168372B08CB085CCD2C172EF4D502CAB16E4EB482D364D1D608A78FB36A29984355F364ABE6B21ED7197FE2C8A8FAAC904FB9BF9ADF53967450C8253
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.326098166382273
Encrypted:	false
SSDEEP:
MD5:	EFD522CAF71C5E2D67480DB52ED43415
SHA1:	6455797DA29BF6AE32BF428DEF8439F238176D72
SHA-256:	295622237C5BEA0EE7899512CE34264585809338037FEA7FCE31336B7FAE7DAA
SHA-512:	06B8C43E1596605A3188B2CE2300608522C180AA1641624CB2DA5C4E19B603F8E595407D92576D89F422A489A4287AD9A9A1528FB81E4E18AB836DC27DF0FA94
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.303641364600896
Encrypted:	false
SSDEEP:
MD5:	6B26545FA0C8D7CC6C52AB628DE34174
SHA1:	23E6806302157A5DF959EA228B1CA2408E32892C
SHA-256:	E7E5B4DFA3E7B528E57A603EF90E51581B77AEC5A7B7C0244FA6851615BBFE37
SHA-512:	94CE9624B2D031E478B9B73D862F06FF5F4BA0E771CA0176F582B57FA04F85DEBD09F63EDC3DCDB74DD245A042DF4F0DB968B603FD2200E49FBE6A148E57AAD6
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.363280156228945
Encrypted:	false
SSDEEP:
MD5:	3454075DE9FFE8B7219AC302A8526F0F
SHA1:	08076611AF909D6A6C35D3B204EB302EADEBE379
SHA-256:	B5056109DA286B6CEDCDAA4BC294C417D878CBBFBCBB282A72A0D5288F37CCD6
SHA-512:	3786A7A6B46AE4AB0EE7DC588931B977FFCF43FFE880C4DA3F2DDB6E88139FB97F2F4B95E6D4D49AEDBE191DB8EB2C9342129C5D24043986DD21D0039019FD75
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.324148215491734
Encrypted:	false
SSDEEP:
MD5:	AEA6E12C8A974D90A7691A1984CC2A21
SHA1:	7FC19B035212533BC63020456942467188446A0A
SHA-256:	0E8EAC6CF85FE749728C809D1492ADF2C4DA4C433D2899817811C11520600400
SHA-512:	355BDAF72306B3F00FFB2F79380552C47E59ADB0FA274E5FE71C7061B015281837C0DCEB39A1CA21A9E3FE9FAED54DB7BFB56FA7F7ACB532D705024A51BB3187
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.310121036463609
Encrypted:	false
SSDEEP:
MD5:	6A9ED213B185C18C5BE74F82F42C65BD
SHA1:	C378A863A6A2848E5FB69A1AE06CB2B842D3D97C
SHA-256:	4009365C19BC2AEB261CFD169D974D87251544EFC075AE3C492B26F6479EA51B
SHA-512:	59B8244C24E93F5EDA65761981F55B102398A7013DB3BBE0115859673E992A69C352DEDD50E1E2B29DA14F19E81B9D8C05FA96B79E1952D026182FB1A6F0BA41
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.313559901527302
Encrypted:	false
SSDEEP:
MD5:	7D75EE41C8A876B4F4315A3A07AA24FA
SHA1:	CB3548913460007381D63514266452A33AAAB7AD
SHA-256:	D5BCB2B6640D77CC3DA008DB336E1ED817D2F2CF57E8AB8E42636EE1F16A65D5
SHA-512:	1F5E7D986ED73DDE4BFA13A8EA39E86F826E6CE94F9A30D86E5C76D9D8C4390B4410A1AC88FAE5D675922B13F1223A6D201D5EACC43AF1B25E976C7FCD0299FE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.319042668712441
Encrypted:	false
SSDEEP:
MD5:	91157DD67DEC8A9E273C947B896B391B
SHA1:	682CFB51758F5A652919622952199D27B4ECE869
SHA-256:	4F57576EE27802B9930647E6773007496B84F39467BE837309C321449C78E0F6
SHA-512:	26FC7110E8DF814C4FB6D29368AA9CCC4C8F8B3D9F716C6F5DF84985E855CF5FEE07CA97A40CE579DFB91ABE4CA1C7CC47FB66CFA19C96957A2E683325F14A61
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.736419106046531
Encrypted:	false
SSDEEP:
MD5:	6360D1D8B3A5769C086E3687DF699211
SHA1:	2787886ECB2ABE48F251472051107B0462D42D1E
SHA-256:	196F8149F4CD3261CFED1816F850927F4C7B6ED9515F0B02321FF386F94DF14F
SHA-512:	0DEBEFAA77283CF8636F386CDFC50DFB1DFC87FEFB90C4D98D4FCF24313CFDAFC7AA13EC80912E20984F9978E9F2F2CDFC8F0BC3E86BDE1C99D378CDDBC10885
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.317472187947653
Encrypted:	false
SSDEEP:
MD5:	3737E80E95EF4F415D49150CAB80B088
SHA1:	5D6C28B68AEBA84449C73299BAFE38030349A8A0
SHA-256:	8D11C084DDB43C00CCE21DDDFDFABC8F7EEA65F0DEE628386E0A7A73DC7BC792
SHA-512:	D4D057B6399149D8BFFE1D99213880E14C3CE9FAE9B33323CDC0391E28BFBA14A5B27EC95EA6CF67CE03A6900436F08A634A836A4E0F37520768B284F88DBB94
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.769977517244195
Encrypted:	false
SSDEEP:
MD5:	8A93D8FAA723123A32E61F6F44F4E137
SHA1:	1AEB9746CADD77F418376F0BE667BD0724995AB3
SHA-256:	65D8F77C15A33053150EA5328C0563087133151E27C40E48BE447A1CED196EE0
SHA-512:	E16F09DF2287F7B1B2D0416AD57100769E9ECAE9BE50075B1601CA2CA59F5190110BDF148BA622D57E7A5F5CA31672FE74F901D6D965F006F50492249FEC099A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.300899201855554
Encrypted:	false
SSDEEP:
MD5:	9FC81FAA2192BB1A0039963ED1BB377C
SHA1:	BAADBA49CE9936C8E0A4377AFE80A25D5ECEA326
SHA-256:	074B2E9A6166B052B04F331A109CD1A861E555577E3A90974879DBFACA83F3E6
SHA-512:	B210BC8DC8B78DE15D6875565A1690FEB3BA48DDC7049BEB5666759B92B7F253791B608C67D05CD36344F25B9E1CC56F82AFF3754EDD65C42EC4D02FFEB48E5D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.304818228929328
Encrypted:	false
SSDEEP:
MD5:	9015374E6C173DA12A120193F410B1DA
SHA1:	B15201EAED771D68E2D317DD0951936C4FEBA4DC
SHA-256:	9CD21EB254111909588039C6C277ED742CC47221B96565A372D5548B67029733
SHA-512:	B5949880185E7123FACB36C2F9064D2685856CC3A6188619F5742F4F31FE3C83A682B240708527391B7B48DAA52F3AE24178A213AC14F69D10E5C76BF7762D7F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.323701293664854
Encrypted:	false
SSDEEP:
MD5:	4AFEC53307C2289CA1DB029FF2E34F17
SHA1:	FF9E62E8C611D3D1BD65B077EB77715A87724D88
SHA-256:	2292358F9BD05F39F4D0741DEFF091DD1D4AFFBB2D84615F4F336AC54E40201E
SHA-512:	471CE0A86F1FA2D5733A06D70FC935E57F43B66E2C8D10E89E2E19B36E801BB49DFBF77562F72EB8E3839957BD18C5A1BD77149333E3129347097A3650C7ED36
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.278763738113172
Encrypted:	false
SSDEEP:
MD5:	EC6A4170CAC15DB67A34CFD662F8BD80
SHA1:	03113EEFAC6FFAAAC71D72C2DD1EED4F627EB68E
SHA-256:	0B1E706AF13938149966BC107FF7A72B63270E7B153527355892AE8187E05D43
SHA-512:	675586C5FF943597EE7073D85724E205311B2BA1FBDF6110110754DC3E2DDF21556E0034A623AD7A0B2269D3E90DD71760A52758ECCCC959E82B99E21C0AEAC4
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.367354854950669
Encrypted:	false
SSDEEP:
MD5:	2924D00E3340DD970E6841ADA3DE83E5
SHA1:	5943219ECFBB8B447DC6AFA9D627E5117D17B959
SHA-256:	850F1653408BDC94142A1B36ACFE04E5EBBA7222EBF21A9C2E638974830F480B
SHA-512:	F8F14A514AA915E307070A1C4E82F0B9744425703B5D0D458232D558F4E56F99CA9AB2C7C6F960E4CD6935342FD8CDE69C2787E98F96B5C42FD8FBBEECC414BE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"11bdb9d9-29cc-46ba-a7d3-4900b7c0520a","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1718304746334,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1718129651372}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.1271176559289655
Encrypted:	false
SSDEEP:
MD5:	35BFC3F1AF75974988EDF2CE8A88303C
SHA1:	E050FBC7E359E7E3103379B24E28DB2CAED8CEC4
SHA-256:	99807BCE6978094E95BA99AAED063AD91E8BA35C9ED11707815C80B98F71EB06
SHA-512:	1AC3D3F8118E925D375348D88CFB4CF89E1EDBEDA2B3C0818B579AC2E270A30C29EC6E6C95C09C77706DC0A46B4E0A5D2A3DF7197E07818D766D01AF1CDD440B
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"0ecbe0d297ed76aaba0420930785f3e9","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1718129650000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"166665efa1221dd34daa207af125a702","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1718129650000},{"id":"Edit_InApp_Aug2020","info":{"dg":"32b66ffc932a01e24e82a352df4f56a5","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1718129650000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"2abe4c0ad39ab0202ab6c4f0be690649","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1718129650000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"e5681acd8035b337becaaa6fe5ec2c24","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1718129650000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"fe8f9fa3851a25416dc0c8c0b144c11e","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1718129650000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 20, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 20
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9916616130520027
Encrypted:	false
SSDEEP:
MD5:	FFE357EA863399FB37A7D7F4DEB25FDF
SHA1:	5597B9609B97B05055E17785BA2EEDEDFB9202B6
SHA-256:	7D9D8299D6AD2A840ACFE84DD36235A0EC275995BEC27047E8A28A5B9F4915D9
SHA-512:	3B677F81C7957968969C9C73E4D14C7D51A0591BF18C88C4741C821E83232D7809485A8EC47A9696D69A676E5A44EEDD079BDFC369630BF322A2D6659558D2CF
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3483641924227254
Encrypted:	false
SSDEEP:
MD5:	C7E0AAF969CE275409F9C46BBF1C1543
SHA1:	867334B4079D02E561BB1A44E91FD0CE63FA6D02
SHA-256:	2691C9A04C65601922AD1ADB3AC2DEB0D1EE7D2DF1C5E2291260005C6FE45E62
SHA-512:	E15C554A2F62291D31BA5698875984B36DDE626AFBF31132E6720F8D90E81D8C03632910C1B236E61785EC9A3251642C371AE5BE56BE9C1BC7348AB6EBDBD2CF
Malicious:	false
Reputation:	unknown
Preview:	.... .c........1......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#...#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI3e453.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.4872226941654008
Encrypted:	false
SSDEEP:
MD5:	E6108DBC6B5D71EB587C3B919C365AB4
SHA1:	D7EDCCFCB35C2DE96594EB21E45914D260B3C536
SHA-256:	B8EC16D3EFE790D29BEED6E43EEEF9A041BFCBF644A4DDBC478B4CE61064B23F
SHA-512:	E807E95CC58303B95F72921134FDEC8DDFC7BB094AE973A62794C5006E2D1ADF07FD1336C1EBD7BAAA2E378C9EC3883EC990C974126AAE5B17D3CECC5E26C532
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.1./.0.6./.2.0.2.4. . .1.4.:.1.4.:.1.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91y5eixc_1o01wyb_5hk.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.056882880925341
Encrypted:	false
SSDEEP:
MD5:	95657690669AF135714C1C0091B63E92
SHA1:	4FEE43B659A0B6B0B02E5533D79F7DFEE2832613
SHA-256:	CA78771DF2F3041C8A92072ED4F28F61E63C6DA254A11EEB75026FBC58F261F6
SHA-512:	559047A25033A69DF6F64A4D1BE12C2CC2C522F388B4709FDCD671713711EBB9B41B55A42A4FDD71B6C22942D76E848B73CB24FA8CFDCA028EC264911BF4791A
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<8406685B3D1981428AC14B7B7904DDF3><8406685B3D1981428AC14B7B7904DDF3>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-11 14-14-05-341.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16581
Entropy (8bit):	5.351145151599008
Encrypted:	false
SSDEEP:
MD5:	54E67273676C647FCAAF81635111BC97
SHA1:	0197F6C55DA06EC05E77CC7541C5E01C12D18454
SHA-256:	C1138F9C1A9C03220150D5BA62A94AEA513803AA4E1E5E9AFD277F787ACBF1A3
SHA-512:	8656CFD736168756D381E901A53281C848C5A79D930493C1D01D7AAB5040A6563621C61FEAD83ECF22B503C816D269F0471BBFB8062B03E07F56740816C33471
Malicious:	false
Reputation:	unknown
Preview:	SessionID=0844ff9c-679d-4e1d-ad43-96fcad942458.1718129645355 Timestamp=2024-06-11T14:14:05:355-0400 ThreadID=980 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=0844ff9c-679d-4e1d-ad43-96fcad942458.1718129645355 Timestamp=2024-06-11T14:14:05:356-0400 ThreadID=980 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=0844ff9c-679d-4e1d-ad43-96fcad942458.1718129645355 Timestamp=2024-06-11T14:14:05:356-0400 ThreadID=980 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=0844ff9c-679d-4e1d-ad43-96fcad942458.1718129645355 Timestamp=2024-06-11T14:14:05:356-0400 ThreadID=980 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=0844ff9c-679d-4e1d-ad43-96fcad942458.1718129645355 Timestamp=2024-06-11T14:14:05:357-0400 ThreadID=980 Component=ngl-lib_NglAppLib Description="SetConfig: N

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.415391122382154
Encrypted:	false
SSDEEP:
MD5:	7CA100E5ED2CD95F055C78398F1EDF3E
SHA1:	E7C082035FB25DC67259F22189832E4B96B60A0A
SHA-256:	3AF740574DE7F612FF2FC33B4DEC3717C23DB9C83BEAB5EFBF23492108240A43
SHA-512:	09E5BF9B1D7625BCE9337D16F3A8A61DDEA082D6AA5F7D24EC620FE64EB7C7CDBD998A45C09CD20F83265CFACA44671F57DC3FC8BAE6A8437EFA85BB683C14F2
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\04f4d674-f0ca-439b-b431-8963982d8d6c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	AAAAB43627E96B02BC54A78F0EE8E32C
SHA1:	03808205C51BA031BF69F0DF07C9C80835098104
SHA-256:	B9ED5860C1528CAE5717E553381762D9C4ED093E546F7500F55B6B18B5C20CEA
SHA-512:	A476038C2BC9573AFA12D831678C0D2A6EFF0C1E065F7D214A0D5684E79AA7F02710DF30524DE0E6EC90CB660E581531DFA57F038EE1BC285B9BC3DAE17D133D
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\344bc31d-88e3-4f19-a8cc-7a029459317b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\67e0c551-849e-4e86-8dc9-981823b5c077.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\81e9c91f-04e1-479c-bac7-8566969613e4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	22
Entropy (8bit):	3.4594316186372964
Encrypted:	false
SSDEEP:
MD5:	4AC65FD0505524C840E4B8ED9352125F
SHA1:	F914B6F0DF85ED7B5AA059AFDBD993E18748493F
SHA-256:	913EF675AA4754FBB1A0B07E73B75D515B05C2058CB1144BC115E0430A90CC11
SHA-512:	9E8913B2E71CA3C0D422A2ED1CA6E2BEE3C7C7F493A0F79573CA4E0341946FFB1D38F669521190B1303B4F3F6F392E20B7694ED25A177301C93816BB8B073438
Malicious:	false
Reputation:	unknown
Preview:	<</global [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Reputation:	unknown
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	36
Entropy (8bit):	4.294653473544341
Encrypted:	false
SSDEEP:
MD5:	5C6B932A79952B4B27833691305E61DB
SHA1:	09804DB0986A989C2C49CDCEA563567FB4C7B1A0
SHA-256:	DEE5A5925227B125F4AC6D9B70A277E6EC8494FFC73D1CCE9E08CC7A78D6208A
SHA-512:	4FAA9585BB10156D5DEA3B62D3A3A1BFA92430BA6E1E3381FC4C76C3071C85E53D5CBCE0016DBA1D1F9EA1B7AF37B4A4EFBAF4F3106B7D958B6E2E90AA0DF059
Malicious:	false
Reputation:	unknown
Preview:	%PDFTrustManagerDocsData 1.0........

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	54
Entropy (8bit):	3.7119196645733785
Encrypted:	false
SSDEEP:
MD5:	6A614A7743B0C781AAECA60448E861D6
SHA1:	67B7DF5EBEB4527E4C31F3F9B7E52A0581DC4B6D
SHA-256:	9703120DC62C2C3F843BAD5B1E77594682CA7820F0345AE0BBD73021C1427146
SHA-512:	3A45B27ED6F3AAA8C2113FBB21637675CC91D1239754447A7032D1A86CB1E7381575B28F992E5FFC9986354C2B9C173C614F1F703CA4C2BEE63AB3BC6ED909A6
Malicious:	false
Reputation:	unknown
Preview:	%PDFTrustManagerGroupPerms 1.0........................

Static File Info

General

File type:	PDF document, version 1.7, 3 pages
Entropy (8bit):	7.595375402043738
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Carlton House Insurance 2024.pdf
File size:	117'469 bytes
MD5:	5eb4094e2dbfc868f6cd4ca57b045246
SHA1:	993e2a7347f1eb431a2fd6041595cbb6d9bfe915
SHA256:	98523c7350b0fdd9079823bc1870341bc3e76826ba7ff730498f20908c019bcd
SHA512:	a988fd994b832b19c33ce47a9804a00462c0d97c0c00d84ac80d30f55060db53c7c00841edd5efa02db3860d6f6e2619e11b5e3646e2ca9cfe7515aec644b14d
SSDEEP:	3072:Xviobp+tBiic8XMW/4Uof0HpanxfWmaf6yKAFW5a:/Bph8XR4UC0JEfs6yrW5a
TLSH:	2AB39D5CDA99E04CC8B2CBD62762F4E3471EF33372C8146A2CAE0FC542A6D99F963551
File Content Preview:	%PDF-1.7.%.....1 0 obj.<<./Pages 2 0 R./Type /Catalog./OpenAction 3 0 R./Names 4 0 R.>>.endobj.5 0 obj.<<./CreationDate (D:20240604131605)./Creator (PDFium)./Producer (PDFium).>>.endobj.2 0 obj.<<./Count 3./Kids [6 0 R 7 0 R 8 0 R]./Type /Pages.>>.endobj.

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.595375
Total Bytes:	117469
Stream Entropy:	7.996522
Stream Bytes:	82205
Entropy outside Streams:	4.866308
Bytes outside Streams:	35264
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	110
endobj	110
stream	44
endstream	44
xref	1
trailer	1
startxref	1
/Page	3
/Encrypt	0
/ObjStm	0
/URI	0
/JS	1
/JavaScript	2
/AA	0
/OpenAction	1
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
51	60eec5d4b483ca4d	f15cec50e6ec5136ca96004c33a46343
54	74e7d11c4d969f45	f4092a6ec0341a2b716f7c964a47fefe

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Carlton House Insurance 2024.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\16aebb49-9ef5-4197-a7c9-834074afdfb1.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF640f6a.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\e30df9d6-6c7d-4a33-a889-9779ef904da7.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240611181407Z-210.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7112

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI3e453.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91y5eixc_1o01wyb_5hk.tmp

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-11 14-14-05-341.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Windows Analysis Report
Carlton House Insurance 2024.pdf