Edit tour

Windows Analysis Report
Scan from Tulsa Xerox.pdf

Overview

General Information

Sample name:	Scan from Tulsa Xerox.pdf
Analysis ID:	1458483
MD5:	dd2ee2b35dbf6718cd9f4e1e00ae43d3
SHA1:	d207a950cb98f84f1f8a78989d9518a9438fe12a
SHA256:	bc9c620d675dae5bb8dc0b69ef32a5460e196d5efa2d83da92f1e9b5bf91efd0
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6052 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Scan from Tulsa Xerox.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2800 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7200 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1584,i,12053165181364855819,17864928773768800555,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Source: classification engine

Classification label: clean0.winPDF@14/45@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4320

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-17 12-12-06-248.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Scan from Tulsa Xerox.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1584,i,12053165181364855819,17864928773768800555,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1584,i,12053165181364855819,17864928773768800555,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Scan from Tulsa Xerox.pdf	Initial sample: PDF keyword /JS count = 0
Source: Scan from Tulsa Xerox.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Scan from Tulsa Xerox.pdf

Initial sample: PDF keyword /JBIG2Decode count = 1

Source: Scan from Tulsa Xerox.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1458483
Start date and time:	2024-06-17 18:11:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Scan from Tulsa Xerox.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/45@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.237.241.83, 54.224.241.105, 18.213.11.84, 50.16.47.176, 162.159.61.3, 172.64.41.3, 2.16.241.15, 2.16.241.13, 95.101.148.135, 93.184.221.240, 2.16.164.91, 2.16.164.114, 2.16.164.113, 2.16.164.121, 2.16.164.11
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, wu.azureedge.net, acroipm2.adobe.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, apps.identrust.com, wu-b-net.trafficmanager.net, fs.microsoft.com, identrust.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
VT rate limit hit for: Scan from Tulsa Xerox.pdf

Simulations

Behavior and APIs

Time	Type	Description
12:12:17	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Input	Output
URL: PDF Model: gpt-4o	```json { "riskscore": 1, "reasons": "The provided screenshot of the PDF document does not contain any visually prominent button or link that could mislead the user into clicking on a potentially harmful link. The text in the screenshot does not create a sense of urgency or interest typically associated with phishing attempts, such as 'Click here to view document' or 'Open the link to see your invoice.' Additionally, there is no impersonation of well-known brands that would suggest a phishing attempt. The document appears to be a standard wire transfer confirmation with detailed transaction information." }

Input

Output

URL: PDF Model: gpt-4o

```json
{
  "riskscore": 1,
  "reasons": "The provided screenshot of the PDF document does not contain any visually prominent button or link that could mislead the user into clicking on a potentially harmful link. The text in the screenshot does not create a sense of urgency or interest typically associated with phishing attempts, such as 'Click here to view document' or 'Open the link to see your invoice.' Additionally, there is no impersonation of well-known brands that would suggest a phishing attempt. The document appears to be a standard wire transfer confirmation with detailed transaction information."
}

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.172601934097282
Encrypted:	false
SSDEEP:	6:18SUpOq2P92nKuAl9OmbnIFUt8g8G4ZZmw+g8G4zkwO92nKuAl9OmbjLJ:18SUpOv4HAahFUt8g8Gk/+g8GE5LHAae
MD5:	90DF1AE631E9DF76E049A4C67EE675B0
SHA1:	366C50FF53E243FBAD0131C7819D75B988255528
SHA-256:	82D07DC52821AA097D5C18A1634BE7893A2D72BAE8B3F3DD4E34849F6CFF45C2
SHA-512:	64ED1D5E4484678829E42D4050C79FA6CDFBF0F225C160BC8F5449DD38E21DC06436081000035F768518EF7D3F7D989E01725C8721520FF70DB314D1421EE5B7
Malicious:	false
Reputation:	low
Preview:	2024/06/17-12:12:04.021 1970 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/17-12:12:04.025 1970 Recovering log #3.2024/06/17-12:12:04.025 1970 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.172601934097282
Encrypted:	false
SSDEEP:	6:18SUpOq2P92nKuAl9OmbnIFUt8g8G4ZZmw+g8G4zkwO92nKuAl9OmbjLJ:18SUpOv4HAahFUt8g8Gk/+g8GE5LHAae
MD5:	90DF1AE631E9DF76E049A4C67EE675B0
SHA1:	366C50FF53E243FBAD0131C7819D75B988255528
SHA-256:	82D07DC52821AA097D5C18A1634BE7893A2D72BAE8B3F3DD4E34849F6CFF45C2
SHA-512:	64ED1D5E4484678829E42D4050C79FA6CDFBF0F225C160BC8F5449DD38E21DC06436081000035F768518EF7D3F7D989E01725C8721520FF70DB314D1421EE5B7
Malicious:	false
Reputation:	low
Preview:	2024/06/17-12:12:04.021 1970 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/17-12:12:04.025 1970 Recovering log #3.2024/06/17-12:12:04.025 1970 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.158938391570545
Encrypted:	false
SSDEEP:	6:18kgcpyq2P92nKuAl9Ombzo2jMGIFUt8g8kQz1Zmw+g8kuRkwO92nKuAl9Ombzos:18kg8yv4HAa8uFUt8g8k8/+g8kuR5LHA
MD5:	E0B145D1733A84E8FB2D436E37E83F32
SHA1:	23B58460FB9679D2A492FAC5C313A45F2BD9D49B
SHA-256:	F3F0909F0760E406ACE28999E1BD48FA9F7960BF94134417AD34883CC64EB622
SHA-512:	39F0403B0BF808F5349659C5105FD4745BB00CE0162122E36480EFEDE3AB150F07B61DA9F6CB822254922E7480965087D034700C769228C3CA70E32EA8EFF242
Malicious:	false
Reputation:	low
Preview:	2024/06/17-12:12:04.176 1c74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/17-12:12:04.180 1c74 Recovering log #3.2024/06/17-12:12:04.186 1c74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.158938391570545
Encrypted:	false
SSDEEP:	6:18kgcpyq2P92nKuAl9Ombzo2jMGIFUt8g8kQz1Zmw+g8kuRkwO92nKuAl9Ombzos:18kg8yv4HAa8uFUt8g8k8/+g8kuR5LHA
MD5:	E0B145D1733A84E8FB2D436E37E83F32
SHA1:	23B58460FB9679D2A492FAC5C313A45F2BD9D49B
SHA-256:	F3F0909F0760E406ACE28999E1BD48FA9F7960BF94134417AD34883CC64EB622
SHA-512:	39F0403B0BF808F5349659C5105FD4745BB00CE0162122E36480EFEDE3AB150F07B61DA9F6CB822254922E7480965087D034700C769228C3CA70E32EA8EFF242
Malicious:	false
Reputation:	low
Preview:	2024/06/17-12:12:04.176 1c74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/17-12:12:04.180 1c74 Recovering log #3.2024/06/17-12:12:04.186 1c74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\30a539d1-88c9-474d-a932-16cf8bdf4cfd.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.062174698008251
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqgsBdOg2HRcaq3QYiubxnP7E4T3OF+:Y2sRdsUdMHo3QYhbxP7nbI+
MD5:	52E8F33D2162ED87ED283C22347ACCF1
SHA1:	BC0D922F9C843F6E80F7C7326C1B9D4F2EC68EA8
SHA-256:	448E17C3FAC03EB041473E8749B8EDB98B7C62535B1D34F78757801971E35BDC
SHA-512:	8DB9F6226D03CFE37883D665D27694C4F80E9419A840B7FCD8C4BB0B196CDAE4CE666FDAB93654EE1EFF83E15CBE8416E2D65BE21CD2F67BDD26A616D0DFB362
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13363200730091473","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":229154},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.062174698008251
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqgsBdOg2HRcaq3QYiubxnP7E4T3OF+:Y2sRdsUdMHo3QYhbxP7nbI+
MD5:	52E8F33D2162ED87ED283C22347ACCF1
SHA1:	BC0D922F9C843F6E80F7C7326C1B9D4F2EC68EA8
SHA-256:	448E17C3FAC03EB041473E8749B8EDB98B7C62535B1D34F78757801971E35BDC
SHA-512:	8DB9F6226D03CFE37883D665D27694C4F80E9419A840B7FCD8C4BB0B196CDAE4CE666FDAB93654EE1EFF83E15CBE8416E2D65BE21CD2F67BDD26A616D0DFB362
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13363200730091473","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":229154},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.238290192663074
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUkJzKTG5kbXlpzo:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLV
MD5:	5B78449F72E787BF72AC1E54E845F1DB
SHA1:	40C48887412166C3DD116BB39327BD7A1A0B3B86
SHA-256:	BAF6B775EB3E61E3367429A4AFCB75028D22DBA8C3E1CF69BE493FA917AB6E40
SHA-512:	2E4270D5B7CA244843BA0F1DE74EB0326C03C245E3D9DC7C59096FDFAE486C429633B61D41D4F2AA1E60CA5BCFF3BA62152A142F3049E879240A84A0BF487BBF
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.157856306563841
Encrypted:	false
SSDEEP:	6:18qyq2P92nKuAl9OmbzNMxIFUt8g8iz1Zmw+g8ERkwO92nKuAl9OmbzNMFLJ:18qyv4HAa8jFUt8g8iZ/+g8ER5LHAa8E
MD5:	E6BD67A2076137DB4124E34B6444ED7E
SHA1:	76E48D9339390AB2F6039A16A198B53847AD050D
SHA-256:	6808C725FE606865A625F3A2D38D53E874E565D079057ECA5A15CE0094CAA7A9
SHA-512:	54186440C78E5209F7322FAF0E541AF54B842C9960E2CE7B594B997F4C7E055C9047AD5F4229D09FD8C04F573E1177DDD847855C63E05378548E1B51A9526940
Malicious:	false
Reputation:	low
Preview:	2024/06/17-12:12:04.413 1c74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/17-12:12:04.417 1c74 Recovering log #3.2024/06/17-12:12:04.419 1c74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.157856306563841
Encrypted:	false
SSDEEP:	6:18qyq2P92nKuAl9OmbzNMxIFUt8g8iz1Zmw+g8ERkwO92nKuAl9OmbzNMFLJ:18qyv4HAa8jFUt8g8iZ/+g8ER5LHAa8E
MD5:	E6BD67A2076137DB4124E34B6444ED7E
SHA1:	76E48D9339390AB2F6039A16A198B53847AD050D
SHA-256:	6808C725FE606865A625F3A2D38D53E874E565D079057ECA5A15CE0094CAA7A9
SHA-512:	54186440C78E5209F7322FAF0E541AF54B842C9960E2CE7B594B997F4C7E055C9047AD5F4229D09FD8C04F573E1177DDD847855C63E05378548E1B51A9526940
Malicious:	false
Reputation:	low
Preview:	2024/06/17-12:12:04.413 1c74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/17-12:12:04.417 1c74 Recovering log #3.2024/06/17-12:12:04.419 1c74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240617161208Z-153.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.2492710191234881
Encrypted:	false
SSDEEP:	192:30rQIejLEWYXSM/4mKOkJAiA8ErHg4XcV0IaLswtkdQKjsiT7Ta:kiLEWYXSMdK1Af8WAWcV0TswtkdRgiba
MD5:	3941B544FB4C5F21CD4FDE1D2C1C0EA1
SHA1:	82B38A7876D03DC953E7A1FA8EB4856E8EEBC88E
SHA-256:	9DA883259C867F15E90605AF90A5063112A1969293F9FE6CF989F44B6858671B
SHA-512:	4695D84B14F262AC55B012BD8A1BCD25CCC5B4274F74813ADF33C4C5577958A0524BE831C1FB2FC5B5A30B23300F3413E689375A6E07E25239EEE3E7E98C95E6
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1230603886706514
Encrypted:	false
SSDEEP:	6:kKqX9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:ymDnLNkPlE99SNxAhUe/3
MD5:	F5B5D111ECD07B63F75606C88D32EAB7
SHA1:	80FCD8B4B541C47EBAC355D7D0892B6B706CB4B2
SHA-256:	B103BFF586F74B1556430DFBDCD7EE1A5856ECDF062C3A372D52BBA11F2EF969
SHA-512:	4ABAC84686D2E3017B5B22AAC220D0A0F387699E8E50286D9038E47235CF513C2EFED51D4587D7C82C1037BC64FB2D15295ED0D2FF63E021CA6BCB7DD5B57E1E
Malicious:	false
Preview:	p...... .........o.2....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.034404395079139
Encrypted:	false
SSDEEP:	3:kkFklM2lk31fllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kKr8k31xliBAIdQZV7I7kc3
MD5:	5C19118A6AD45589170549242CD1B3A5
SHA1:	49B61E8DD0F4FD3C85C523B4E1CBFE65B16ECD91
SHA-256:	9F1A2967599574CC3084FE71D0DC7081A151208426E3FB73450B10386CA36A79
SHA-512:	29D59C74E8D93D1AF5A9E83CE839F34915752C1D3DE860063010F5534F30774920082574A688CED54DD0CA9BEAD54F9CA62FD0E1B77439B45017F6A78894B681
Malicious:	false
Preview:	p...... ....`..._*......(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4320

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.322590609042056
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJM3g98kUwPeUkwRe9:YvXKXmiMXYpW7Eh4GMbLUkee9
MD5:	68E04FE9F244C4542EE19CA636719380
SHA1:	2E9F3768392BF48CCA6D0FC2FA7B77229CABE1DA
SHA-256:	DC945BA0659B9050B7A1E660D4F6922C567DF04A067289F293AB2CC2F19D14A3
SHA-512:	0D92BBCA8BA8662553CDB70D2BD7AD6051C4C0EF43DCC87C76A13D40EA1BFCED24848DE8AE150520DB8D7362784D6CBC3A968A3F248778FEF03413880D63148C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.261626059832559
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJfBoTfXpnrPeUkwRe9:YvXKXmiMXYpW7Eh4GWTfXcUkee9
MD5:	A958995651F912FF010B7AD93D3CC133
SHA1:	FF40B0E08E49AD6FA9082F9B3A0FE411C3F555E6
SHA-256:	6B20718B1024FBB93D2389A38E51617195A9DBC379FE771D709CB34460AE564C
SHA-512:	3FE1AF4433A00DC5BA524451C9610DED5DF4CE157E7D99CF61373D8F18C4667A377679D035B98FED5AD8715DDA4DFF565960208EC3CD55279D8154150ED23691
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.240332274059437
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJfBD2G6UpnrPeUkwRe9:YvXKXmiMXYpW7Eh4GR22cUkee9
MD5:	DA4E0FC022807BBF0DCAF0BC1240D2D2
SHA1:	697BD40CC273611FD2C82E0FEE2C532CEA857C5F
SHA-256:	8D7CE17925A126109A8B5B953C464226BA4C23C00CFE4923C233CD63E4200EFF
SHA-512:	306A6246CAA7061C2AB645943BC30E8D38536E28A31D16DA90E23528F812F8E6281144E88B244645D3D381AA20D01C7A8A18868C9067AAD86A87D10D596A074B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.300052862931951
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJfPmwrPeUkwRe9:YvXKXmiMXYpW7Eh4GH56Ukee9
MD5:	1A7B653D3F27B2736277B8F47B32218D
SHA1:	EB462C6CB13DF22122B4C2328417638C56297C64
SHA-256:	F0534CCDBA0300FA3BBEC4D667E6AF6BABE029F072ED33656CCF3B5078E8128F
SHA-512:	547F10DC89E6AAD6258731176B32DFB854D6F113411F8819282EA3C7C6991C5CD429C21CFD88EA676A309018DB584964A7A3116F77C2FD5ED17D006EBF1A5692
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.257804533836104
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJfJWCtMdPeUkwRe9:YvXKXmiMXYpW7Eh4GBS8Ukee9
MD5:	0A89CBAB681CFB67AB9A697489106E15
SHA1:	019E01D02A735BAA94A0C0A2EC3AC62B2300507C
SHA-256:	784D64CFF556A64B1516657B4B7FE7B9323BC963183A94E999305C4BB66A52CB
SHA-512:	4E57B558C14199625C5AFD5FA049E4F8DC502A638C9DE6BC1847B213F7F69FC20F41CBBFE66559F41B01FF7911EA8EC8984B8747E0CE1EB1BD91B26969AEC52D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.243679033711374
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJf8dPeUkwRe9:YvXKXmiMXYpW7Eh4GU8Ukee9
MD5:	D41DEF5AB7CF0719BEF6758B26DA6BDD
SHA1:	F66C990F542CB29234D2618BEE63253AEFB3328C
SHA-256:	2C6FCD00A5673F67E0292F3B7C78FC6449C8C546DE9D578D31EC94DB82107F5F
SHA-512:	B8B9FD51A713761BF7790806CD01556616FA4E062C24EA2F604279415878DAA89A402FE165EFC0BD3FF046362183DFB49FAABC23248AA229523760F3166F2810
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.245812671984657
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJfQ1rPeUkwRe9:YvXKXmiMXYpW7Eh4GY16Ukee9
MD5:	E2246649B03EF8B64BEFFE540B8A00B4
SHA1:	45D30FD02D11237E6FDBFCF2DE4E80E79B572488
SHA-256:	FA640E42727DED1C781F79C6F0BCD2DFF9903BEAB448FA50856FFA7FB083455D
SHA-512:	72335E8298EEF19E4964751FDB920E5BDFA74DBBBF62D35DF7C71D047BA044F57D4EE7339C6D82354FD077585A62E322077860A2FA2DE2899090A68AA6DDBEB9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.262144563709106
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJfFldPeUkwRe9:YvXKXmiMXYpW7Eh4Gz8Ukee9
MD5:	E6F9AFE69A99AC50EC0B02F8412236F1
SHA1:	E72B2E512E77D3677C1632F7B316B8345670A29D
SHA-256:	920556004C42AB1DA08D0F7163DAE8FE68DCEFA56F6B557CA73CEB9254AC82F3
SHA-512:	61A1EDA24390BCCBBE7AC77D15C8F3A230BE98EF8674FB2158BBABEC89CAF649E336547D9CAFD4C6BBEAF11F3D895B98AA73B417F758A86015A0B2B80F3FCDBD
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.736862527707656
Encrypted:	false
SSDEEP:	24:Yv6XmUiEhgKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNK:Yv7rEhgEgigrNt0wSJn+ns8cvFJs
MD5:	F9083672800D1D6A4D18D465D58C0292
SHA1:	60B9AE0EA78D598F50EA2CB40FD78FD656FBFC3F
SHA-256:	210FA509B3877CE83CC18388C8FCA01F2904122C062F26C2D2E5EDF8DC053181
SHA-512:	AF2B6335CE40D7FA780077F12E314287D31FEF829081DF4C5B035583D521FB875A844CFA305428D746E7DDBC9342D0AA1E403B5DE843C26BC71295148FB42C89
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.251444987297169
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJfYdPeUkwRe9:YvXKXmiMXYpW7Eh4Gg8Ukee9
MD5:	5198803E30EB7C8153E0DEA5F9CE8C29
SHA1:	E23E4523B10AC4EE8CC04D5A5FF4E1D1AB601D26
SHA-256:	AFBC3E32A21E03C4E55D6EA13A5987850C52F4B217297A85236151A0F724F685
SHA-512:	9E4069576CC050F120FD86FCF98DB16E9A22CC29639F1D9B23F35539852B5C0924E498D5AD15010C2EBBC5E163D467F1E60E1E2018316A01BABE9C6804FA9A81
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.7745269563355475
Encrypted:	false
SSDEEP:	24:Yv6XmUiEhvrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNi:Yv7rEhvHgDv3W2aYQfgB5OUupHrQ9FJQ
MD5:	1FD9B1DC5E68127C8D70EF24891F4CED
SHA1:	03EB59DA452EA756D934716BCF57D8509DE1A056
SHA-256:	212012AA56B0F280188946018F77D31462D90CDB848B60891DF88BE16DC88939
SHA-512:	958757FED2CE815EAA650C78CA227CD2217BBDE9AC05E11AE178173EC27AC53DBE968ED824D190F49E0A382DEF8A77E36E113360C8626640F4D2F8F114B44213
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.235325796398543
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJfbPtdPeUkwRe9:YvXKXmiMXYpW7Eh4GDV8Ukee9
MD5:	48BEC9ED7A43F9DB29B6505B20A1F73F
SHA1:	1D8ED6AD5F94853DFE387E18E8C2646BF0F0A75B
SHA-256:	2E176EC5970624967685F605BE867F3D567C2BAB5448DB60DF0CBA319D237E40
SHA-512:	34D3AA65B78D5F2C185B1046EE9463D8A81172D6E59AB70FF6528CFD65ACA55221B7C5BD5A895EB37EE7D0B04298773E086DBAAEEE26545671B8100AB61058FE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.236622807383464
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJf21rPeUkwRe9:YvXKXmiMXYpW7Eh4G+16Ukee9
MD5:	0DE27CDAA2D12CB7EB42C4ACCC4ACA04
SHA1:	A7A3A1C56442FB0ED17B3EC7029F6FD0B3873F1D
SHA-256:	1622988F1ABD3BD7067E4E2DD308AC8F748401926CEE7BFA7AEDBFF983F90A6B
SHA-512:	B06F17B96217D207647268A1FA3B7C47E051E364470B41A58A6092802F68DB7E3436D9771A7BBD1A761DECFC1B5D00DAFFE5753F9FA27B2363B9FD43DA1AD94C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.257986297981094
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJfbpatdPeUkwRe9:YvXKXmiMXYpW7Eh4GVat8Ukee9
MD5:	60BCEF32CA9223D5E93BBD961474BA6C
SHA1:	B319081AE6E8E418F1835D236AB91E1780FD99CA
SHA-256:	8DFD4677C1247BBDC74792199A127D746ED12D75DD1667D5EE899F9F84103588
SHA-512:	396F70B5F3A49383B7CA903887E403460A476687941C144248166E68D18FC0E58BEC728C87338C03A6311B9C5E0E52BE55CA96D998E178038D317A21D35DA874
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.208906539164734
Encrypted:	false
SSDEEP:	6:YEQXJ2HXmiE7nM2Y+FIbRI6XVW7+0YRLNXoAvJfshHHrPeUkwRe9:YvXKXmiMXYpW7Eh4GUUUkee9
MD5:	313DBBB47903E70F45A310104247261B
SHA1:	35F2F96988C979036D5AB99D15F11F4E94E9EB92
SHA-256:	645AF07F5CEA8D9E0E8546C43542F185A5539CA2CEA8CCCD98F85ECD550EAEF6
SHA-512:	BDA30CB5C6D247D3B444DB75455194880E13B4664D8270B829A53CE1EA18843E2008FDDFF09C545EAA63D29D8E2AD5BA75E4C993A16537EC057EA25088F95896
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.359669541264502
Encrypted:	false
SSDEEP:	12:YvXKXmiMXYpW7Eh4GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWO:Yv6XmUiEhe168CgEXX5kcIfANhD
MD5:	5D3D7CC69847BB9ABB4230CD4ACAADAB
SHA1:	8CE76F3ACF320F10B6A7DD9AF9397CC7E0EF5A6F
SHA-256:	4C2D6C1C5FB1FB7DEE502EBFCDC057866B8586A468BB91824B5D500247267AB1
SHA-512:	E49F3E0157B79DF9DE9693933EABA9D112FD5A7EC32F19E187A5F5B757B2CA75B5442430E07ABF6091D36F9EB35F61DD27834C915BB34ECAB5726DAC2120D569
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7f087187-f8d1-4966-bae1-dda2bc7b1dba","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1718817280168,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1718640730198}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.130148712202793
Encrypted:	false
SSDEEP:	24:YvoqtCA2WaBcBhWzgrWpXZGaxayZGiO1CQZP5KPj4esj0SwfdXNC2kav2LSw5yUi:YQSJ2xcCMrWp8ipqQB+pZGsyR63q79p
MD5:	AF5E737A018619C970FE7F410950D396
SHA1:	5195BCD4ADB1EB35A154542E4A4519F4FA3F49D9
SHA-256:	C8592D3B60C83FB7514DCBE0E6E15B7E1A1987C2DEE293439E8BC0B65482FE90
SHA-512:	A53CCC33B7E3A31799FBF0E384625B8680BC8D8862EC906ADD436D860C4F5C212216689F8BA8C39FF88DF9979CEB257426C6DE685C2AFF5A71713A969084FB24
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"dfd8aff8bd226a8ebe063608a6b96f5a","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1718640730000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f6405d2e2696e61d089098b0ff1bcf6e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1718640730000},{"id":"Edit_InApp_Aug2020","info":{"dg":"6be2d60de722b2163aa31752aea17a1e","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1718640730000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"529b80ee6325ea9aa146c2d68d8e84d3","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1718640730000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"cd0e8ce2c8f371c16cca96f53a2947b8","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1718640730000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"06970539fa149db47b7f427242bf6213","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1718640729000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9841033570063976
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpUx4zJwtNBwtNbRZ6bRZ4dxF:TVl2GL7ms6ggOVpNzutYtp6Pc
MD5:	6C7C23BF51975CC26EE486025F6D1E38
SHA1:	416EC80C3A127770229B7FD3B5AD0FA3E22399C1
SHA-256:	6D33F62E21F8A51D0A78E5B5B528DA6D53F509E2DDC94CE6555944D4B6B5EE6C
SHA-512:	2A2E9EBCDFA65D5BCC79901703FA25D8992FC2BDE11231546B385514DF0DADB95755F254B27848553F65ACA530EF26D909149AE42EF36177CFAEA452FC1C4423
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.338871610605912
Encrypted:	false
SSDEEP:	24:7+tqAD1RZKHs/Ds/SpUxPzJwtNBwtNbRZ6bRZWf1RZKyqLBx/XYKQvGJF7ursZ:7MqGgOVpWzutYtp6PMjqll2GL7msZ
MD5:	B8AC5C5DDCA72729CE560DFFEC1D61E4
SHA1:	E9438A4542ABFEF2F1AB2185D3B9971E2BA321F2
SHA-256:	FB96701079A73ADBCF45B3807D1AAE8E091CCCADADF8AC887830E9163A82C7BE
SHA-512:	639FCE0EDDBBAE89BECDE67AD0299FB7180DE8ACEFDE514A8D6E8087F17E24D3079E37C089ED31C0072FF549DD197BA8F2FE72F899AB90806D6DA9DE14A2CB56
Malicious:	false
Preview:	.... .c..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIdb7df.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.488233466829981
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dq3GlslMH:Qw946cPbiOxDlbYnuRKCYGlsl6
MD5:	3C11EA1E467490E104C77D8B1D814B44
SHA1:	83ACCF8FB0F41ABC30EFA6246599985077F12D5E
SHA-256:	A161892AE50FBCFB03BCF692E6BD285DF125969A4C3F6888FEB6FBCA15E745BF
SHA-512:	4E84C0F082DAEA2DF77928F044AE041744ED48EFC7A0C8EC193858E22DD6E427275BE180B97D6A3FCFC374E23AE6A6EC72E5E54A03786B118B91256BC70B2FB7
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.7./.0.6./.2.0.2.4. . .1.2.:.1.2.:.1.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-17 12-12-06-248.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.3305630717243275
Encrypted:	false
SSDEEP:	384:0qc3UatpIlsSVH7bzkAVKcwMIryFB2uN8naeQ4ol9bSGEd9SdAQ3d0dA5jZpvuuA:awtg
MD5:	BDF68E2AE0C898CCA03D4E4150CF948C
SHA1:	287E779483B4CD7B8B62AA97C18E976A910E0A1C
SHA-256:	0E1F871AD8AAAD8B0F4E7C0A02F2559643A1DE059E1236B150D91F29C25FE759
SHA-512:	B55015BDB7E53793B5857A27714EDAF774FB54B9066BA72D23D8ADD863C1B9A675219C7E19D311705E619B88FBEB508B9C462706CF68BB1DCCFB6DD13F4F91FF
Malicious:	false
Preview:	SessionID=f57dbc1e-abf8-4c77-b797-fc5afe410b84.1718640726260 Timestamp=2024-06-17T12:12:06:260-0400 ThreadID=7740 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=f57dbc1e-abf8-4c77-b797-fc5afe410b84.1718640726260 Timestamp=2024-06-17T12:12:06:261-0400 ThreadID=7740 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=f57dbc1e-abf8-4c77-b797-fc5afe410b84.1718640726260 Timestamp=2024-06-17T12:12:06:261-0400 ThreadID=7740 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=f57dbc1e-abf8-4c77-b797-fc5afe410b84.1718640726260 Timestamp=2024-06-17T12:12:06:261-0400 ThreadID=7740 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=f57dbc1e-abf8-4c77-b797-fc5afe410b84.1718640726260 Timestamp=2024-06-17T12:12:06:261-0400 ThreadID=7740 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.402353772794626
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbC:m
MD5:	8B7D96A771A7EEFB87C8F7A3B939CCFB
SHA1:	6C93CDB4AB3048E7F0F7DE621D86012FFE64F9C4
SHA-256:	EFB1B2A23D078D51EE66BF43EE300D99CF705B87B28763F9632A27814ECF3450
SHA-512:	E5A228EE7E249A673FCE9CF90165755CBFD1E1FC148D3358945E09B1450A9DEBCF5E0CFBBD646A7E7AF79CB46AA5C2B754E68E130E59ADD1DA9F6BB5332978A1
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\2f24e70f-68e6-4942-87a6-bff53f623f42.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\5552066b-f724-476e-abca-48a85fbc8d59.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\700cf559-2b01-4187-a80f-6562fa480255.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\7ee5c1e2-ac7c-429c-9238-235fd85832f6.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.951459937909266
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Scan from Tulsa Xerox.pdf
File size:	18'326 bytes
MD5:	dd2ee2b35dbf6718cd9f4e1e00ae43d3
SHA1:	d207a950cb98f84f1f8a78989d9518a9438fe12a
SHA256:	bc9c620d675dae5bb8dc0b69ef32a5460e196d5efa2d83da92f1e9b5bf91efd0
SHA512:	65ae0d6410ebf1ce9383d66b9cd2038518a208a65e5b0dd0b20b60d9a7f9baa48b06b2f9476ace80cd1ff869d5b1bbcdcdad6bd9d6bc4a05edb1b63827add789
SSDEEP:	384:ODWT/dvm1YRNZ19dXSh9iDQHycoesOvycPtKYYt:Qc/U1YvZ9a9mIys7PtKYI
TLSH:	B582C03CE4CAADAFD552A0A7EA143BA94DBC3C0347DD1E051D1EC0725A019F9A857747
File Content Preview:	%PDF-1.4.%......1 0 obj.<< /Type /Catalog./Pages 2 0 R.>>.endobj..2 0 obj.<< /Type /Pages./Kids [4 0 R]./Count 1.>>.endobj..3 0 obj.<< /ProcSet [/PDF /Text /ImageB /ImageC /ImageI]./XObject << /XIPLAYER0 6 0 R./XIPLAYER_CM1 8 0 R.>>..>>.endobj..4 0 obj.<<

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.951460
Total Bytes:	18326
Stream Entropy:	7.986730
Stream Bytes:	16892
Entropy outside Streams:	5.113567
Bytes outside Streams:	1434
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	10
endobj	10
stream	4
endstream	4
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	1
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6052, Parent PID: 1028

General

Target ID:	0
Start time:	12:12:03
Start date:	17/06/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Scan from Tulsa Xerox.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 2800, Parent PID: 6052

General

Target ID:	2
Start time:	12:12:03
Start date:	17/06/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7200, Parent PID: 2800

General

Target ID:	4
Start time:	12:12:04
Start date:	17/06/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1584,i,12053165181364855819,17864928773768800555,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Scan from Tulsa Xerox.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\30a539d1-88c9-474d-a932-16cf8bdf4cfd.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240617161208Z-153.bmp

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4320

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Windows Analysis Report
Scan from Tulsa Xerox.pdf