Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Security Guards of America Proposal.pdf

Overview

General Information

Sample name:Security Guards of America Proposal.pdf
Analysis ID:1458487
MD5:3b0e1fc1c45235d3363a88eeb0e5bd32
SHA1:c7954f3bc149924bd300a83d608d1e48af89e90c
SHA256:1299384429fbe823fadacecedc6ca38a5072bef1a04822c3fef01fbb72bb01a1
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 5216 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Security Guards of America Proposal.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3504 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3120 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1644,i,2323614241662355698,2891551153677106926,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: classification engineClassification label: clean0.winPDF@14/45@0/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6784Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-17 12-15-39-341.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Security Guards of America Proposal.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1644,i,2323614241662355698,2891551153677106926,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1644,i,2323614241662355698,2891551153677106926,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Security Guards of America Proposal.pdfStatic file information: File size 9526728 > 6291456
Source: Security Guards of America Proposal.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Security Guards of America Proposal.pdfInitial sample: PDF keyword /Page count = 165
Source: Security Guards of America Proposal.pdfInitial sample: PDF keyword startxref count = 128
Source: Security Guards of America Proposal.pdfInitial sample: PDF keyword stream count = 1055
Source: Security Guards of America Proposal.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Security Guards of America Proposal.pdfInitial sample: PDF keyword /ObjStm count = 149
Source: Security Guards of America Proposal.pdfInitial sample: PDF keyword endobj count = 1852
Source: Security Guards of America Proposal.pdfInitial sample: PDF keyword endstream count = 1055
Source: Security Guards of America Proposal.pdfInitial sample: PDF eof value = 128
Source: Security Guards of America Proposal.pdfInitial sample: PDF keyword obj count = 1852
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1458487 Sample: Security Guards of America ... Startdate: 17/06/2024 Architecture: WINDOWS Score: 0 6 Acrobat.exe 20 63 2->6         started        process3 8 AcroCEF.exe 108 6->8         started        process4 10 AcroCEF.exe 4 8->10         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1458487
Start date and time:2024-06-17 18:14:27 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 1s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:14
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Security Guards of America Proposal.pdf
Detection:CLEAN
Classification:clean0.winPDF@14/45@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.6.155.20, 3.219.243.226, 3.233.129.217, 52.22.41.97, 172.64.41.3, 162.159.61.3, 93.184.221.240, 2.16.202.123, 95.101.54.195, 95.101.148.135, 2.19.126.143, 2.19.126.149, 95.101.54.113, 95.101.54.105
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, a767.dspw65.akamai.net, wu.azureedge.net, acroipm2.adobe.com, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, apps.identrust.com, fs.microsoft.com, identrust.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: Security Guards of America Proposal.pdf

Simulations

Behavior and APIs

TimeTypeDescription
12:15:50API Interceptor2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

InputOutput
URL: PDF Model: gpt-4o
```json
{
  "riskscore": 2,
  "reasons": "The screenshot does not contain any visually prominent button or link that could mislead the user into clicking on a potentially harmful link. The text 'A Security Proposal' does not create a sense of urgency or interest typically associated with phishing attempts. Additionally, there is no impersonation of well-known brands that would raise suspicion. The content appears to be a legitimate document related to security services, and there is no immediate connection between the text and any prominent button or link."
}

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):291
Entropy (8bit):5.274707162521874
Encrypted:false
SSDEEP:6:18HM+q2PCHhJ2nKuAl9OmbnIFUt8g8OFJZmw+g8OFcMVkwOCHhJ2nKuAl9OmbjLJ:18s+vBHAahFUt8g8O//+g8O/V56HAaSJ
MD5:6E515F937FA9B44BC3BA523063A8DF4D
SHA1:B57FF3224E0AF11810506ACD1A71AD9BB4D98E1B
SHA-256:1F6DA20019E834AF6F684B13CF64DAF4F40A3D177E27A17C107F1A0AA2FAC285
SHA-512:D2ECEA521C33D7DB422A7757EE9B839382F84446BE7052ACC34D0BE2DB4E21C9EA9A9A558744AE0F42B9DA6B8145BE5F17A7144940B91DA95552805510E6D41E
Malicious:false
Reputation:low
Preview:2024/06/17-12:15:36.846 51c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/17-12:15:36.848 51c Recovering log #3.2024/06/17-12:15:36.848 51c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):291
Entropy (8bit):5.274707162521874
Encrypted:false
SSDEEP:6:18HM+q2PCHhJ2nKuAl9OmbnIFUt8g8OFJZmw+g8OFcMVkwOCHhJ2nKuAl9OmbjLJ:18s+vBHAahFUt8g8O//+g8O/V56HAaSJ
MD5:6E515F937FA9B44BC3BA523063A8DF4D
SHA1:B57FF3224E0AF11810506ACD1A71AD9BB4D98E1B
SHA-256:1F6DA20019E834AF6F684B13CF64DAF4F40A3D177E27A17C107F1A0AA2FAC285
SHA-512:D2ECEA521C33D7DB422A7757EE9B839382F84446BE7052ACC34D0BE2DB4E21C9EA9A9A558744AE0F42B9DA6B8145BE5F17A7144940B91DA95552805510E6D41E
Malicious:false
Reputation:low
Preview:2024/06/17-12:15:36.846 51c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/17-12:15:36.848 51c Recovering log #3.2024/06/17-12:15:36.848 51c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):335
Entropy (8bit):5.2125414096299245
Encrypted:false
SSDEEP:6:18KL+q2PCHhJ2nKuAl9Ombzo2jMGIFUt8g8fj1Zmw+g8f1LVkwOCHhJ2nKuAl9OU:18PvBHAa8uFUt8g8fj1/+g8fD56HAa8z
MD5:8CB33FA6938F9BE94186F37DE0E093EF
SHA1:3CC6D222A7BEF8BE73829535F39E3739C6F11FF8
SHA-256:B9365D261EBE0FD1E189BA23AF508A149FB547E5F8FF26B19817F330B76BDB42
SHA-512:5E0F008DBA4DAB6B1CF48674DDD9EDC5DEA94BC81DB9ECDE9F8C2F13C486AC0F50BB205874440A3EC5C251754104C322E570E935D73C88DEB7CE546A25A6542B
Malicious:false
Reputation:low
Preview:2024/06/17-12:15:37.017 3e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/17-12:15:37.018 3e8 Recovering log #3.2024/06/17-12:15:37.018 3e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):335
Entropy (8bit):5.2125414096299245
Encrypted:false
SSDEEP:6:18KL+q2PCHhJ2nKuAl9Ombzo2jMGIFUt8g8fj1Zmw+g8f1LVkwOCHhJ2nKuAl9OU:18PvBHAa8uFUt8g8fj1/+g8fD56HAa8z
MD5:8CB33FA6938F9BE94186F37DE0E093EF
SHA1:3CC6D222A7BEF8BE73829535F39E3739C6F11FF8
SHA-256:B9365D261EBE0FD1E189BA23AF508A149FB547E5F8FF26B19817F330B76BDB42
SHA-512:5E0F008DBA4DAB6B1CF48674DDD9EDC5DEA94BC81DB9ECDE9F8C2F13C486AC0F50BB205874440A3EC5C251754104C322E570E935D73C88DEB7CE546A25A6542B
Malicious:false
Reputation:low
Preview:2024/06/17-12:15:37.017 3e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/17-12:15:37.018 3e8 Recovering log #3.2024/06/17-12:15:37.018 3e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):475
Entropy (8bit):4.95899770031832
Encrypted:false
SSDEEP:12:YH/um3RA8sqlEsBdOg2Hycaq3QYiub6P7E4T3y:Y2sRdsOdMHd3QYhbS7nby
MD5:00187CF7519489BB6121122244AF4BBB
SHA1:9645D2BCB95AF1D6A331F05EEC3E374105F79EC7
SHA-256:AD1F459D4D5AB1CFF022652061BB20471A0D52DFDDDCD6CEA2E612273B7B52D3
SHA-512:4C4D784A7E59CFD64499A38D1DA6723427F4DA283E9C9E752BB7FFDB27C0EDB6F6FA186014C6656526966AC9C950B468C544D5F0A6A79E64E5815BF330125ABC
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13363200943231642","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":228518},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bde44254-daf1-4f98-bf51-485e9420e15d.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):475
Entropy (8bit):4.95899770031832
Encrypted:false
SSDEEP:12:YH/um3RA8sqlEsBdOg2Hycaq3QYiub6P7E4T3y:Y2sRdsOdMHd3QYhbS7nby
MD5:00187CF7519489BB6121122244AF4BBB
SHA1:9645D2BCB95AF1D6A331F05EEC3E374105F79EC7
SHA-256:AD1F459D4D5AB1CFF022652061BB20471A0D52DFDDDCD6CEA2E612273B7B52D3
SHA-512:4C4D784A7E59CFD64499A38D1DA6723427F4DA283E9C9E752BB7FFDB27C0EDB6F6FA186014C6656526966AC9C950B468C544D5F0A6A79E64E5815BF330125ABC
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13363200943231642","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":228518},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):4288
Entropy (8bit):5.224476710737875
Encrypted:false
SSDEEP:96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+b/WAsWJWQgZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+b/Wn
MD5:B6D4E08D06E5F942B5C98636CBF571E1
SHA1:CC32771AA4AB93F6FC5191CDEB27EDB48F78493F
SHA-256:FFCD92F681743AD571AC708F985E1CFEB7024BBC0FBBB928C9A20A720A90890C
SHA-512:6D6A112240DE1CCB403B883BAC90A5E3D721F83EF396BC1F6CBDAB95DFEE56A90BCECE673B52E59F37D3717A44B3E112532BBA8721DCD903F542218886BCBA40
Malicious:false
Reputation:low
Preview:*...#................version.1..namespace-8..|o................next-map-id.1.Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/.0...dr................next-map-id.2.Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.2.$..o................next-map-id.4.Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/.3+...^...............Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/....^...............Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/T.3.a...............Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.U..a...............Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.$..o................next-map-id.5.Pnamespace-c66013b9_73b6_4b3f_b279_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):323
Entropy (8bit):5.246695972387304
Encrypted:false
SSDEEP:6:1810L+q2PCHhJ2nKuAl9OmbzNMxIFUt8g8g11Zmw+g8YLVkwOCHhJ2nKuAl9Ombg:18zvBHAa8jFUt8g8g11/+g8g56HAa84J
MD5:90449FF7AAAD78E73D63C9D334BB6998
SHA1:4B1577D80C379F0044016190C1D1921A50C4A659
SHA-256:22AA249A12522ACE389A7512202A75162FFDDEBCB23FA98EFCC516A30C61695C
SHA-512:31379C899607ACD379577AC1178525B2A1A2BEA64A6B00B1D714A71EEDD33B45C151CA92D3E666522424CDE90968C91879E5816A3996A4B453AA78E0E1CF93B2
Malicious:false
Reputation:low
Preview:2024/06/17-12:15:37.660 3e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/17-12:15:37.709 3e8 Recovering log #3.2024/06/17-12:15:37.712 3e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):323
Entropy (8bit):5.246695972387304
Encrypted:false
SSDEEP:6:1810L+q2PCHhJ2nKuAl9OmbzNMxIFUt8g8g11Zmw+g8YLVkwOCHhJ2nKuAl9Ombg:18zvBHAa8jFUt8g8g11/+g8g56HAa84J
MD5:90449FF7AAAD78E73D63C9D334BB6998
SHA1:4B1577D80C379F0044016190C1D1921A50C4A659
SHA-256:22AA249A12522ACE389A7512202A75162FFDDEBCB23FA98EFCC516A30C61695C
SHA-512:31379C899607ACD379577AC1178525B2A1A2BEA64A6B00B1D714A71EEDD33B45C151CA92D3E666522424CDE90968C91879E5816A3996A4B453AA78E0E1CF93B2
Malicious:false
Reputation:low
Preview:2024/06/17-12:15:37.660 3e8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/17-12:15:37.709 3e8 Recovering log #3.2024/06/17-12:15:37.712 3e8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240617161541Z-161.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:dropped
Size (bytes):71190
Entropy (8bit):1.753853349536202
Encrypted:false
SSDEEP:384:iD8gCTDwRO3doceoQXVKLTAPUcQhSZcdmr5klVx:aFCTDwcr/QlyU87hSEf
MD5:B404300BF4B3A54614767046E60BFF14
SHA1:1AEC9F62D721758F8B165A76AD4E1864A509663A
SHA-256:139E18D99F22EF084BCBC515BD8CF0EA1D23BC37F3C870ED9A526E793F980488
SHA-512:B66A97EDBED2F77B30A8F486AB135907B521290E2AB6A894E8A906007DE08D1012AC66D0C8256E425B92C10A24C7572BFC30D8407E3D44CA08518A5340665F4D
Malicious:false
Reputation:low
Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:dropped
Size (bytes):71954
Entropy (8bit):7.996617769952133
Encrypted:true
SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:false
Reputation:moderate, very likely benign file
Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):893
Entropy (8bit):7.366016576663508
Encrypted:false
SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:false
Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:modified
Size (bytes):328
Entropy (8bit):3.1356875516282012
Encrypted:false
SSDEEP:6:kKk/MD9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:8EaDnLNkPlE99SNxAhUe/3
MD5:F2D008C2972D478E564A0C0C8D5844B2
SHA1:63BAA1ED7B1A674D69E495653FE24AF400FBAF83
SHA-256:4C513BA6E1A6C0A20ABE2E95CFC93F535453AA72C55FF681A1C26074EB39EEDA
SHA-512:1058892E9CAC36386CB7743FE162771549C34AD0286A2A7014C0CCDD527372E2BB40CEE26B5F237FC0732656AA4021D14E83112E5EE00C842E0FF39BD461678A
Malicious:false
Preview:p...... ........?1......(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):252
Entropy (8bit):3.034404395079139
Encrypted:false
SSDEEP:3:kkFklVvwifllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7lnka:kKUNxliBAIdQZV7I7kc3
MD5:2B02EC9EC7064691FBAD85265DFA721F
SHA1:6211E4E9EF17238F047D8DC0BB8D49D38EB04B3C
SHA-256:0A0734BCEF67FE31227548719FEF1DA6D81E8C44B22E81AE3B44DC3E0FFCF420
SHA-512:BEB52132589B3F35EC47BA28A1A2D829E021BB60CFDFFA99672DF212A9A86BF9460E478940E48451A5433D846A5E3056306CD76AC8C6803089ACE5F9902FAF78
Malicious:false
Preview:p...... ....`...........(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6784

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):185099
Entropy (8bit):5.182478651346149
Encrypted:false
SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):185099
Entropy (8bit):5.182478651346149
Encrypted:false
SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):227002
Entropy (8bit):3.392780893644728
Encrypted:false
SSDEEP:1536:qKPC4iyzDtrh1cK3XEiv07VK/3AYvYwgF/rRoL+sn:XPCaL/3AYvYwglFoL+sn
MD5:27094DF6D14B4D6728D59FFC4E31294B
SHA1:CC768A8693F9C122496C2BE949E13F0C36AE7888
SHA-256:B26846BECCDB3792F05A996D2863C7A1D286BD9F997DBC2112604EBDD206FEAC
SHA-512:681F8D3F21AF1B1898F6572DB44AE92CF2AF56B3E8C9421C679DF0962A6CABE44753A5327368DAB97BC9AF997EFD86B803847285BB64F427196C65C8B0348BE8
Malicious:false
Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.337831068390098
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJM3g98kUwPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GMbLUkee9
MD5:B7E1CFE58A2D12E2D0540196D438BDDF
SHA1:31F5528364D4EF62041AB434859E86FE59795F2E
SHA-256:B2D2A78948F622C8B64966AA1EAFB0C4439B1BB8F4E6EAC400D234EC824747DE
SHA-512:36D96DD2AC16321F50C0E15FA5B771FCE9277F4CF2C442C00DAE73D50BF54BC1BA98D757D18416C87307BE020C8A6D63DD6C3A3814628107E7C2EE446803935C
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.2774276661326445
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfBoTfXpnrPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GWTfXcUkee9
MD5:4FD1AF6C571C3C4A32A17EFCCD08B9FA
SHA1:8496E80C98E5036C343272B8653AF7EC74996B42
SHA-256:61B881E7E01FD08C4322EF461EA608C674C7DE4284F936D6CEC41EAD3F040451
SHA-512:5E739548EE5DCCCEF982801F544C576D10531D41DAB93B5B8AEA6A3FB67CE716989E6CFF1D3994129D25C47817A8AB7E419B1ED6354528EFAF1C9874EB034A22
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.255380266132004
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfBD2G6UpnrPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GR22cUkee9
MD5:B160DCE5DB28F3F61B24C094BF585BA7
SHA1:8861560581AE86810FB52C02B4BE85DDEA38D24A
SHA-256:C80AD8FBC0DDEDE3BC5B721BE64A5B40AA8D8E3480CADF9741486CEFCBF3A095
SHA-512:71513CB86D1A4F3DDFA8F312828E15ECAAA6DDC77CA782C406657E8F977C39B4B306EBFBD9259C2ABFEC8FF79343FE0338FA50D69496267CBFF0AD962C4DA613
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):285
Entropy (8bit):5.313883744130935
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfPmwrPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GH56Ukee9
MD5:64ECE91634D51170820FA64544006E18
SHA1:A51715B3CD294D3CAD9F6FFDCAA3AD201FE3D68D
SHA-256:A09FCAF8EE786FE0937E17CB51561942F0355494BEF6906F6EFE0548301CFE0D
SHA-512:435378D2B3A390810BE26E1620EA40252B2EFFCE50E48471F8CF02DFB0126D05983FF2C55A224A79AA74C7A89A8B9413971F9ED1D1584CB25C88B701778DB98B
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.2774273063299155
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfJWCtMdPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GBS8Ukee9
MD5:8ED3F2FCEE52BA2A0382FEB17CF862F6
SHA1:E38CD6331DA7B81B9EB00075AA82017B8DE378A7
SHA-256:454DC7B17E253BE4483717DDB95C70FEF8D654798F24A5ED2FB28DC980CFFDFC
SHA-512:A86A166508B1EB61FB78CED395496975DD67A219FF98DBC8C75F3AA1DE5926CC1FD0476E210CD3136C516AC8071CCF0EC3DD7991D7EDBB830A4C855D2882E3AF
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.261822327626672
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJf8dPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GU8Ukee9
MD5:42F0B725F123BA654B2FB0CA30C07782
SHA1:952B145F82C4D386B4573478DBDC0D90F89E3F83
SHA-256:EB4E6990E89A2550D3F191349A3EBDCD32BD61D5E7EB6AFAD5A047684D511882
SHA-512:0178D0F8BE7F0319542CB4535E7A5EAB07DD1F6ECDF4C211A9FABB1B9CCA9824908795C8F809E61715DD43B54BB26CF225E9BB9903ED5A082BB92C3B7341A2B5
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.261202529009628
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfQ1rPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GY16Ukee9
MD5:B0106326DCD97FA1F7CFBF005B5BF54B
SHA1:7E2A89A61A531A13C8A34976101EBA14AB82C36C
SHA-256:21FBB98E20E6C7B40A39E6AEE4FED8C0C8DD7ED74FD1AE310E703CB85527056C
SHA-512:E6A6AE5A7AC9138BB44BEC8DCA5467ED8AD0A911D453D09BC5F1F0EADFC5D34EFD5454291A07C5BAE658ADAB89E97F78553631DCBB8BEB602DF5A50A0ADCE61B
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.274738412611558
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfFldPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5Gz8Ukee9
MD5:9501D19B30BB5C82F12D12702C5081FF
SHA1:1BB8A5B38B98599679E27F8441FE91952354911E
SHA-256:62CA67BD3D330E80E073B46C25119882973CB545787319624517BF2520B941D7
SHA-512:D4888BB67E91A0DB318797807D7C95842B932ADCD934DA893791C7944AF20CE15F62B2C0E1E725D0198C2EB51547B271DD41C7601C6673FD0C693C6B6AC7EE4B
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1372
Entropy (8bit):5.741656035066882
Encrypted:false
SSDEEP:24:Yv6X1JhRuElKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNV:Yv8JhRvlEgigrNt0wSJn+ns8cvFJf
MD5:E239356C80BDBA1193DAA8A2FC5AC04E
SHA1:2EF5323A9317B8CEDCDF30A242DC7CC82F684A95
SHA-256:06DF3BD0E6A046FDFBEA2026B7CC2B1B3F0E629BB6A5D522AA599A7660FC23F6
SHA-512:D02512A13B94BB2DB1BFABD7A69F96DE78BC2311C1C9ACF4FA13A32A4E3C1F3C87F22CC9631AC0BD78D1862EF05B52226580537EF33EEAAE33168FC926D1392B
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.271271456391259
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfYdPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5Gg8Ukee9
MD5:C13C6841DC013C2A42BC895DEEBC0262
SHA1:012A8A462474231755DB7AAA9A212BE443BE5BA3
SHA-256:D5BEB985A94D90C560A431786D51D6C65DED2302E0FEC72F473C89157169BFBE
SHA-512:B8B626E7CCE188EA863CEE1471E5EACC2E04E1DBC2E41D5BF06B2332AB491FD38A01494C5B6DBB1793BF25422A1D16D3D78E3DDBD5C71823F9AF37F3381F10F4
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1395
Entropy (8bit):5.777023149218417
Encrypted:false
SSDEEP:24:Yv6X1JhRuEYrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN6:Yv8JhRvYHgDv3W2aYQfgB5OUupHrQ9FS
MD5:DE21DD4D4645C2CE5007FB0E144B71AF
SHA1:A0B19DC581834A8D7D60306CD12277A067E6ED55
SHA-256:890A8C9C46DDD13DB3F00B95260D56BC53030D22152F1D94C630FBD6F059A7C7
SHA-512:EE5DA76EA88527FD9F1B06AB19119E3B3601046E30EC71C365F473D1B2CDD34D1CF4BF768712AE49E034649EF111969C9C0D6E977D5F3E82DB79CD5779492DDD
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):291
Entropy (8bit):5.255016001100233
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfbPtdPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GDV8Ukee9
MD5:821C99933BB7C5D95B6A4406EBC45F42
SHA1:756118F563811456CA656B76664B50BBA7621761
SHA-256:15A356FB3E461AA9EE1EE67832606627F07C64DEA5962E01514E1512CA38DB93
SHA-512:83A5B4E191AD618D83A65729E288E5DC03AEC5AAFE51D021124F9FAAD0DA29715D9804DFB628228F20A7B8FC4C181F829B630945457E56F9BA57A97023F77EB8
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):287
Entropy (8bit):5.253661304395933
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJf21rPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5G+16Ukee9
MD5:03D9E3FA2DBD51A87017D860BD15156C
SHA1:AB85B8C13BB9799D8FCA47F8039C14FF26BDA2B4
SHA-256:218FBE99B346FDC805672B741151E146FD8389854B763948B09771DFB6A49973
SHA-512:96D809742E64AFF267C100CF9C39818F46C3DF8475F4EF4B2FDF3F66549DDF206A6982C072E8B363A39171A99916F53AC9D3E8CD9D9BFF1CC26CDBF097D92B10
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.27750056210846
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfbpatdPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GVat8Ukee9
MD5:4C26D874941C0FDFF11F26CCB76140A3
SHA1:0BF2D3EDFC04AD9D5ADAA027580B2FCE4054AEE3
SHA-256:9E64FC4630C0C7FF97C18F2ECA97E1CDE4544ADA805B7CC54E1BCA0501ADF8F9
SHA-512:AF7E61904F970DDDFA0738FCCEE23F6F68D5467E85AF79431CC2E2FC8FDAA1F277D6D1C5AF954505B56BFB888E5F49885BF4B54C489A6873D5DBD1B7C5DD85D8
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):286
Entropy (8bit):5.225986031579576
Encrypted:false
SSDEEP:6:YEQXJ2HXgcV22vB3/dVlPIHAR0YRFUP8KoAvJfshHHrPeUkwRe9:YvXKXg/2vR/ZwHA1FUE5GUUUkee9
MD5:6940294F4199FFCA2FE361488BFAAE8B
SHA1:F29BD20990ACAE0D53C7CDC61BBDB0C6A20BA5B3
SHA-256:24CEE1A8B2D5B73EB13269D1331CAE97E6B37C1F46F349E1EE1BD6F1707C4C2B
SHA-512:F59C6FB98C64D43D749042B955624522A465429910C77E7F10C06FC56709FC68B4461BEF080E169AC6F092DA264712D729D11B89D32F2E2F6ABD6E5A74799A14
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):782
Entropy (8bit):5.364710070200502
Encrypted:false
SSDEEP:12:YvXKXg/2vR/ZwHA1FUE5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWp:Yv6X1JhRuEV168CgEXX5kcIfANh8
MD5:204482579DCC17B8DEC391AC5B4FF609
SHA1:36F0EA6D0812CFE1A39DF03FCAF2CAB220445EC5
SHA-256:1294B01D03DE606D17D6A368EB0675A5A64844A41C7C389A3C30FF067526E6CA
SHA-512:72F681509AD8A9BB6D23CE9817AC2D7F96DDBFD49DCCBB8E51D050B3ECA8853786D7A63BD5DC6F27775A093E8C7D6D53B04A5B17E4CA44BBC6077B238E6B21DA
Malicious:false
Preview:{"analyticsData":{"responseGUID":"ad2b762c-6a28-4460-90d0-d81936c8769d","sophiaUUID":"6BC8D74A-F8DC-462C-8ED4-D40FDD780397"},"encodingScheme":true,"expirationDTS":1718819113447,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1718640943478}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:3:e:e
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2814
Entropy (8bit):5.1322558890250045
Encrypted:false
SSDEEP:48:Yjz9EDSO401ggpAdAn8vwKfkZ7QVcEJUYpxKLmw9/s915/:S9EDSqhpAWn8vwKfkZ7QhJUYfgmw961B
MD5:4701D3127CCF4E35DB6602E2B7FBE654
SHA1:6BE5C93B175A25B64B9A68E1CA12E00FA24E9C3F
SHA-256:C5E4E16B98F5456B398172BF23D6B3276A60B8CD654FD9C1B0F0A221F9449014
SHA-512:4386DEEBA9402FE6D2AC0F94BEEB7858E93E55E06781CFAEBDB53B3084ACCF943CA915037016AF12380A709D42852058701D1EEF2BB3A8295CAE9A0156A8D40C
Malicious:false
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"0014d9f9453e06a95f1b2297cdb4f0b1","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1718640943000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"990d14540a0f5bb0d3f9b651ca877efc","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1718640943000},{"id":"Edit_InApp_Aug2020","info":{"dg":"c97a9f547b0fbe4008b7464e670d797c","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1718640943000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"de35e916392c00c6a0f73852bb66a78e","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1718640943000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"62eb11eeb7b126bd6cb70584a064026c","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1718640943000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"4f6804707f158b5e97d80fd5a11a0321","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1718640943000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:dropped
Size (bytes):12288
Entropy (8bit):1.317423299789279
Encrypted:false
SSDEEP:48:TGufl2GL7ms9WR1CPmPbPahe5fypilIw5z:lNVms9WfMwbPahq9
MD5:515346D557AEF743B794F6AC201E50B1
SHA1:2DD56B25DC508F8C744B240D1197C4F231D9FC32
SHA-256:227B6DDCDC6ABFE795F70E57EE3CECFC769F321DE0E19602783DCE8CB03CC1F6
SHA-512:D06EE2ACB361FB6B59E4AE8E43FD427AF51C2205E15177E0849CF1797C7D3A3E8DC9F68D58D8BF4FB5314E185149F34CA5FB3A7B4F80F1D2F60DA29930DFA3FC
Malicious:false
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.7807288598511077
Encrypted:false
SSDEEP:48:7MRWR1CPmPbPahe5mypilIfqFl2GL7mst:7oWfMwbPahbuKVmst
MD5:C9D08BB8EF69CD8B13AD8DCCACBE1599
SHA1:27FAF8A5DB8A0EC23C06163AC62618B20B7ADAB1
SHA-256:50762AAA6CAB6730691D765F5AEBCF13464F6016516792B57FDD24B9ED10BDE0
SHA-512:B13F1959F4DE6BBBC08284EEDEF0969C37F38CB341A5B32B91FE921C650F67FDBBECB08EAF9FA81D5FD152D9F77DA96133E2EBA4ED13B23AAAB6627D79EF4C57
Malicious:false
Preview:.... .c......j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.p.p.p.p.p.p.p.p.p.p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIe3d40.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.5162684137903053
Encrypted:false
SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8dq3GlKR:Qw946cPbiOxDlbYnuRKCYGlg
MD5:A955370E4D3D03775274273C739BE296
SHA1:5CB6CD051930E4E5D25B918BC1D19B526DCBF893
SHA-256:17404D4336D5EA8A9281D83B87AE7B3EC7F1D6956FF9F16B321364D348D6DAF2
SHA-512:8CBE9289BEE41BA3E11039BD47EA5489786DBCFE734FD571A1461E859F5BC7A6DBA5C6BC559D81CD4CCA4EDB4C698D23287457F7303D31E93AD10AF7490093FA
Malicious:false
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.7./.0.6./.2.0.2.4. . .1.2.:.1.5.:.4.4. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-17 12-15-39-341.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.33860678500249
Encrypted:false
SSDEEP:384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B
MD5:C3FEDB046D1699616E22C50131AAF109
SHA1:C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D
SHA-256:EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD
SHA-512:845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185
Malicious:false
Preview:SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:080+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393), with CRLF line terminators
Category:dropped
Size (bytes):16603
Entropy (8bit):5.350044446424254
Encrypted:false
SSDEEP:384:9DRKpXE7y5M+JbH0pFqdSYpAc/m/oXMWtxJV/HXfl4cwlnZkUjrbS9SvqWY4POWU:RVqB
MD5:9D53926713D9D12622368B255DC17B93
SHA1:8D51DED9149210B018AED33BFBDE57D76DB725AC
SHA-256:7D4E3B2BA306D6606A28BCA5B9BC1FF72F8A6AC4E791A745233F114C53E1C027
SHA-512:FDF0ECAAC0C120B96BDB2B078CB348D4A2F77C0C7E458EEB96AE5B2AF21D3560A8DDE201B29D1158B8A50C855B1F865770075F3F8716DFC6E936617CA1134DCB
Malicious:false
Preview:SessionID=76e5e51d-0185-42ef-9e98-9de9bd3b2829.1718640939363 Timestamp=2024-06-17T12:15:39:363-0400 ThreadID=7416 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=76e5e51d-0185-42ef-9e98-9de9bd3b2829.1718640939363 Timestamp=2024-06-17T12:15:39:364-0400 ThreadID=7416 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=76e5e51d-0185-42ef-9e98-9de9bd3b2829.1718640939363 Timestamp=2024-06-17T12:15:39:364-0400 ThreadID=7416 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=76e5e51d-0185-42ef-9e98-9de9bd3b2829.1718640939363 Timestamp=2024-06-17T12:15:39:364-0400 ThreadID=7416 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=76e5e51d-0185-42ef-9e98-9de9bd3b2829.1718640939363 Timestamp=2024-06-17T12:15:39:364-0400 ThreadID=7416 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29845
Entropy (8bit):5.4186843061067975
Encrypted:false
SSDEEP:192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cb0cbYI1HcbW:ceo4+rsCN1J
MD5:EA09C266B5B0494FC3F6E981816194E4
SHA1:7F8BF1B63CBDFBA4B320FEB5A1943320A9B3C1BC
SHA-256:0F456D72C0FD5EB007E67A9A6FA91D9978474A4E85469398A5822D702A78DFBB
SHA-512:6591C1516154942E957030D1DE7DB72A6EBEAB4194BA103910551638BD12D7D0641275AB968DB7A76B58CE7C3ECE00F07B4575615C49421ADD1200C8804016C2
Malicious:false
Preview:05-10-2023 10:18:29:.---2---..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 10:18:29:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\37650903-a537-449d-8d93-aa5440b533a7.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\ac3eadcd-a536-4aea-9c76-2e585e99c2b7.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\df96c27f-42f9-4021-b12f-45e1c4c26ca9.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:dropped
Size (bytes):1419751
Entropy (8bit):7.976496077007677
Encrypted:false
SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:18E3D04537AF72FDBEB3760B2D10C80E
SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\e80118d5-de3d-4190-9dd6-1159c70636ba.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:5C48B0AD2FEF800949466AE872E1F1E2
SHA1:337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:false
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:PDF document, version 1.6 (zip deflate encoded)
Entropy (8bit):7.1486739793186
TrID:
  • Adobe Portable Document Format (5005/1) 100.00%
File name:Security Guards of America Proposal.pdf
File size:9'526'728 bytes
MD5:3b0e1fc1c45235d3363a88eeb0e5bd32
SHA1:c7954f3bc149924bd300a83d608d1e48af89e90c
SHA256:1299384429fbe823fadacecedc6ca38a5072bef1a04822c3fef01fbb72bb01a1
SHA512:b67dc96b7aa68481637d77319e12237485ae7fc2ba058e6a95fa214633e836140cb743479d423e06460f049dbc42f91017b868c9a5d568870ca52196086f30c0
SSDEEP:98304:mlgVwnEa96dKoezVjcgVfNJPUQqDeHERrpQdELXaxT4ex1vDruhfX6Yw4gV:mqkwdKoezl3udgMeuLKTnxVruhK4gV
TLSH:F4A68DEC98DDE1890679DFC2AB81E4EB954F23635B49443A71AF4FC20B53C1AED83845
File Content Preview:%PDF-1.6.%......1499 0 obj.<</Linearized 1/L 2770623/O 1501/E 237074/N 26/T 2769714/H [ 490 628]>>.endobj. ..1510 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<3C494D00E402A949BD6F996B8A323EBE><41D28A503138FD44BEA832315693D

File Icon

Icon Hash:62cc8caeb29e8ae0

Static PDF Info

General

Header:%PDF-1.6
Total Entropy:7.148674
Total Bytes:9526728
Stream Entropy:7.863966
Stream Bytes:6350343
Entropy outside Streams:3.886998
Bytes outside Streams:3176385
Number of EOF found:128
Bytes after EOF:

Keywords Statistics

NameCount
obj1852
endobj1852
stream1055
endstream1055
xref0
trailer0
startxref128
/Page165
/Encrypt0
/ObjStm149
/URI0
/JS1
/JavaScript0
/AA0
/OpenAction0
/AcroForm1
/JBIG2Decode0
/RichMedia0
/Launch0
/EmbeddedFile0

Image Streams

IDDHASHMD5Preview
15064d5171555533964d1a68c103bf9c36cc87d3d3ad1e4902cc
1509cc5971755533338e36dd25e29fa2e71bce4eb369d0a33f38
227509525b989c25faa5c0c46c830c19793612b50edba47a61
23fcf7c3e9a566e0d3d03037a94d4308182387e2dbafe0b404
54b2303380e861cccc54f8a9cfcc3297eb6afb4d614ac94264

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:12:15:35
Start date:17/06/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Security Guards of America Proposal.pdf"
Imagebase:0x7ff6e8200000
File size:5'641'176 bytes
MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

General

Target ID:2
Start time:12:15:36
Start date:17/06/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:0x7ff79c940000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

General

Target ID:4
Start time:12:15:36
Start date:17/06/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1644,i,2323614241662355698,2891551153677106926,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:0x7ff79c940000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

Disassembly

No disassembly