Edit tour

Windows Analysis Report
DUEQ_RECElPT_SSSL8CLGKPWSR.pdf

Overview

General Information

Sample name:	DUEQ_RECElPT_SSSL8CLGKPWSR.pdf
Analysis ID:	1455409
MD5:	7826209d8f9f6ce7bf8508deedcaab6f
SHA1:	443871f3c14ed1431d64416c22264f465632b5fe
SHA256:	81859b4c5b52cb9fef38e3e35bc27bf411227c4e0d2aee7127cfd959d4d9417b
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7032 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DUEQ_RECElPT_SSSL8CLGKPWSR.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 4948 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7240 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1668,i,3490079776710011617,2781617310672127113,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Source: classification engine

Classification label: clean0.winPDF@14/47@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-11 13-56-12-476.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DUEQ_RECElPT_SSSL8CLGKPWSR.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1668,i,3490079776710011617,2781617310672127113,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1668,i,3490079776710011617,2781617310672127113,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: DUEQ_RECElPT_SSSL8CLGKPWSR.pdf	Initial sample: PDF keyword /JS count = 0
Source: DUEQ_RECElPT_SSSL8CLGKPWSR.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: DUEQ_RECElPT_SSSL8CLGKPWSR.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1455409
Start date and time:	2024-06-11 19:55:20 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	DUEQ_RECElPT_SSSL8CLGKPWSR.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/47@0/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.19.244.159, 2.22.242.130, 2.22.242.82, 2.22.242.115, 2.22.242.128, 2.22.242.83, 23.22.254.206, 52.5.13.197, 52.202.204.11, 54.227.187.23, 172.64.41.3, 162.159.61.3, 2.22.242.11, 2.22.242.123, 2.16.238.8, 2.16.238.16, 88.221.168.141, 199.232.210.172, 2.19.122.199, 2.19.122.216
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: DUEQ_RECElPT_SSSL8CLGKPWSR.pdf

Simulations

Behavior and APIs

Time	Type	Description
13:56:23	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Input	Output
URL: PDF Model: gpt-4o	``` { "riskscore": 8, "reasons": "The PDF document appears to be a phishing attempt. It impersonates a well-known brand, McAfee, and includes a sense of urgency by confirming a high-value order ($523.86) that the recipient may not have made. This could prompt the recipient to contact the provided phone number, which is a common tactic in phishing scams. The document does not contain a visually prominent button or link, but the phone number is prominently displayed multiple times, encouraging the recipient to call for assistance. The sense of urgency is directly connected to the prominent phone number, increasing the likelihood that the recipient will act without verifying the legitimacy of the document." }

Input

Output

URL: PDF Model: gpt-4o

```
{
  "riskscore": 8,
  "reasons": "The PDF document appears to be a phishing attempt. It impersonates a well-known brand, McAfee, and includes a sense of urgency by confirming a high-value order ($523.86) that the recipient may not have made. This could prompt the recipient to contact the provided phone number, which is a common tactic in phishing scams. The document does not contain a visually prominent button or link, but the phone number is prominently displayed multiple times, encouraging the recipient to call for assistance. The sense of urgency is directly connected to the prominent phone number, increasing the likelihood that the recipient will act without verifying the legitimacy of the document."
}

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	rPaymentAdvice-PDF.exe	Get hash	malicious	AgentTesla	Browse	199.232.210.172
	zb1.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://drive.google.com/file/d/1rUX5pF_yChUfocjQZEgSZVDbnTsCbsyI/view?usp=sharing_eil_m&ts=66679781	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://workspace.cftc.gov/cedc903c-09bb-4a95-bb76-9b133af0550f/?action=reply	Get hash	malicious	Unknown	Browse	199.232.210.172
	file.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse	199.232.210.172
	https://mcfp.felk.cvut.cz	Get hash	malicious	Phisher	Browse	199.232.210.172
	https://info.virtualhealth.com/e3t/Ctc/GB+113/cmmfD04/VWRD9T8N6WzjN8MJTHvTlRp-W842MfZ5g9NL_N6-TN-l3qgyTW7Y8-PT6lZ3mfW56Rjx787zhFxW4_YPND6r6flrW4BlJlg1DphdCVWC28Z4PpMbRW6GGMRN2bfpFdW7hSWPP6KFbcRW4PBy7c6n3dRqN7ztR5NtV-d9W1y6F6Z799h-lN1ZbvtmQ73TLW5ShFj48-W2NPW1L2f016vN6bSW45yp6K7Xp_V9W1fy0nl6xLNR_N5n9x3txmtWFN2nZ6w9QgWwJW1rlxcq4rmPQZW2D31f_3FjFXjN7D51x8lx574V_S2G96X3V3rW3xJHsh5zkBZjW6M_Gg24KcjVwW2wm07P9jh6znVyVtyJ6VBB3ZW80wlHc6H0YX2W1stJK56XtGc2f45z9Cx04	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://www.tlyrxy.skyliexhys.com	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://www.tlyrxy.skyliexhys.com	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://deyangming.angebotfilesoffer.top/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	199.232.210.172

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.144558363356789
Encrypted:	false
SSDEEP:	6:BfMjUWq2Pwkn2nKuAl9OmbnIFUt8+fMjU0UhZmw++fMjU0U7kwOwkn2nKuAl9Omt:KvYfHAahFUt8Uh/+U75JfHAaSJ
MD5:	7E2A5A6383F87CB429930BDE04FD1A63
SHA1:	54FEBB26C357F1735151D1BCC9C5C96A914091A3
SHA-256:	1D2D8D50D0F581BBD5BF47163323AF69050CA23AE18307FFD5672C0E9DF9A478
SHA-512:	CE97EBCB3761E2067A354CD867E6C8A9145204853ED68DD9BD5C6AE46ED33CBA4421E44647C88B7F3603D473376BBD26DDE70D0F538234E68EAACD6F7A90DD2D
Malicious:	false
Reputation:	low
Preview:	2024/06/11-13:56:10.211 1c10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/11-13:56:10.219 1c10 Recovering log #3.2024/06/11-13:56:10.219 1c10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.144558363356789
Encrypted:	false
SSDEEP:	6:BfMjUWq2Pwkn2nKuAl9OmbnIFUt8+fMjU0UhZmw++fMjU0U7kwOwkn2nKuAl9Omt:KvYfHAahFUt8Uh/+U75JfHAaSJ
MD5:	7E2A5A6383F87CB429930BDE04FD1A63
SHA1:	54FEBB26C357F1735151D1BCC9C5C96A914091A3
SHA-256:	1D2D8D50D0F581BBD5BF47163323AF69050CA23AE18307FFD5672C0E9DF9A478
SHA-512:	CE97EBCB3761E2067A354CD867E6C8A9145204853ED68DD9BD5C6AE46ED33CBA4421E44647C88B7F3603D473376BBD26DDE70D0F538234E68EAACD6F7A90DD2D
Malicious:	false
Reputation:	low
Preview:	2024/06/11-13:56:10.211 1c10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/11-13:56:10.219 1c10 Recovering log #3.2024/06/11-13:56:10.219 1c10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.204042110746139
Encrypted:	false
SSDEEP:	6:BfMjQ339+q2Pwkn2nKuAl9Ombzo2jMGIFUt8+fMjQrF3JZmw++fMjQqL9VkwOwkV:v34vYfHAa8uFUt8M3J/+ZLD5JfHAa8RJ
MD5:	23D64E69259849B4F227023B93024E24
SHA1:	3A36BE664004698D0CC05B8C39039E4C0E857748
SHA-256:	F57EAA4C6BF82B3E153F71C031A484BF44FB2C3B1CEC5591C256E1274FE38418
SHA-512:	5A677BEA58849FCC0F08D939F44B4149B8D27CAD16DD05B8665657E23ABF2DBF23277D362F25D18CE6E9DFFD4E6BD7594FBA516EA5DE735BF08319D9B71C7FF7
Malicious:	false
Reputation:	low
Preview:	2024/06/11-13:56:10.254 1c68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/11-13:56:10.256 1c68 Recovering log #3.2024/06/11-13:56:10.257 1c68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.204042110746139
Encrypted:	false
SSDEEP:	6:BfMjQ339+q2Pwkn2nKuAl9Ombzo2jMGIFUt8+fMjQrF3JZmw++fMjQqL9VkwOwkV:v34vYfHAa8uFUt8M3J/+ZLD5JfHAa8RJ
MD5:	23D64E69259849B4F227023B93024E24
SHA1:	3A36BE664004698D0CC05B8C39039E4C0E857748
SHA-256:	F57EAA4C6BF82B3E153F71C031A484BF44FB2C3B1CEC5591C256E1274FE38418
SHA-512:	5A677BEA58849FCC0F08D939F44B4149B8D27CAD16DD05B8665657E23ABF2DBF23277D362F25D18CE6E9DFFD4E6BD7594FBA516EA5DE735BF08319D9B71C7FF7
Malicious:	false
Reputation:	low
Preview:	2024/06/11-13:56:10.254 1c68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/11-13:56:10.256 1c68 Recovering log #3.2024/06/11-13:56:10.257 1c68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.95688498962853
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqs+XhsBdOg2HpGcaq3QYiubInP7E4T3y:Y2sRdsOXydMHp53QYhbG7nby
MD5:	49C4790C7983DFE3B1D1F8402CFE7B7F
SHA1:	88A99F160711AF90B40A381524C78739078C4F52
SHA-256:	319838BD4112A8E0D150B2964D4E76C55F6A95354BC3751572063E1885666CC8
SHA-512:	9BF6A87A652FC3C3A4B5F5078AD03E241326635CE177E8EA9171020E270BCF53A78173D69A9F61C3626E20BB38B2E1A1CC8DB4DE60CFA8C26F99B35ED672F350
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13362688576148836","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":239428},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c62f1be0-7dac-441b-90ac-f8259d45b215.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.95688498962853
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqs+XhsBdOg2HpGcaq3QYiubInP7E4T3y:Y2sRdsOXydMHp53QYhbG7nby
MD5:	49C4790C7983DFE3B1D1F8402CFE7B7F
SHA1:	88A99F160711AF90B40A381524C78739078C4F52
SHA-256:	319838BD4112A8E0D150B2964D4E76C55F6A95354BC3751572063E1885666CC8
SHA-512:	9BF6A87A652FC3C3A4B5F5078AD03E241326635CE177E8EA9171020E270BCF53A78173D69A9F61C3626E20BB38B2E1A1CC8DB4DE60CFA8C26F99B35ED672F350
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13362688576148836","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":239428},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.251088562312665
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7Wb6NQZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goi
MD5:	82F485761F027C734283463630762F01
SHA1:	1C1F2D2359BD65A71C58CB6222F2991C9B36E0EE
SHA-256:	E505144D0C513BB8072481017BCAF7F2C924C711F3C2815C7D841BD1CDE05CC4
SHA-512:	1234F21D8E71B8FE87B5EF78E02570CCEB1387C9B8B7402B90EFE986E5B0E719050043F1226E7D11306DF84FB0F6EBF06B899A7DB773B73CD8FBA3F0709E4ECF
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.194365267361641
Encrypted:	false
SSDEEP:	6:BfM8F39+q2Pwkn2nKuAl9OmbzNMxIFUt8+fMdGTH3JZmw++fMdGTH39VkwOwkn2v:Z34vYfHAa8jFUt8JEH3J/+JEH3D5JfHP
MD5:	AC51E4CDE92930E10B36EAB8DFD80843
SHA1:	D83F872A49EE88DA38FFC44F1FDBEE0B63CAF238
SHA-256:	C3A3483A4D137C722CCE9BA251AAF2CEF45F7B76C1E60F897AB009C2F5397043
SHA-512:	2409826A5320115CC5021089C3CF216888BBB4F8F4BE6B345963F838A44E2D4BBD5F34F380562750B954F96F4ECC09712C03D193007A630CE815034730458924
Malicious:	false
Reputation:	low
Preview:	2024/06/11-13:56:10.384 1c68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/11-13:56:10.386 1c68 Recovering log #3.2024/06/11-13:56:10.386 1c68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.194365267361641
Encrypted:	false
SSDEEP:	6:BfM8F39+q2Pwkn2nKuAl9OmbzNMxIFUt8+fMdGTH3JZmw++fMdGTH39VkwOwkn2v:Z34vYfHAa8jFUt8JEH3J/+JEH3D5JfHP
MD5:	AC51E4CDE92930E10B36EAB8DFD80843
SHA1:	D83F872A49EE88DA38FFC44F1FDBEE0B63CAF238
SHA-256:	C3A3483A4D137C722CCE9BA251AAF2CEF45F7B76C1E60F897AB009C2F5397043
SHA-512:	2409826A5320115CC5021089C3CF216888BBB4F8F4BE6B345963F838A44E2D4BBD5F34F380562750B954F96F4ECC09712C03D193007A630CE815034730458924
Malicious:	false
Reputation:	low
Preview:	2024/06/11-13:56:10.384 1c68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/11-13:56:10.386 1c68 Recovering log #3.2024/06/11-13:56:10.386 1c68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240611175614Z-155.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.6361094337783657
Encrypted:	false
SSDEEP:	192:ro8vW2ENCnwX1RdhXaE0i/VU85J8hwFpxmWdCrX++GYGcmS:rxBe1R/aE5/VUCJ8hwpYWwX++lGcv
MD5:	4E2BE52D87D04B09C55DB93EFAD2BBF0
SHA1:	3218DA945F93165EF9E404E09429FD89541B7F4B
SHA-256:	7C9100AA736AF4ABBE7EA63C9A0DDC1950D367A70FB1D13C8DB601842590B282
SHA-512:	28B0BCA3B3C512B505A71D117699E677AD4274162C92757EFE79E87C04232EE826CF5F29BCE35BC12F4137ADB1C5CFABF6F6C37C6CA38B97BAC03E14B5C14A4B
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.44517480030488
Encrypted:	false
SSDEEP:	384:yezci5tmiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rps3OazzU89UTTgUL
MD5:	D1DF63887220831D2364BAC337222035
SHA1:	4E64488998F08A919E449689578472F9E952B6C2
SHA-256:	2B15E940BEE7D198FA5CB34895DC0BAE13D92F50D7D0DBF6F8AE63023F28AE68
SHA-512:	A2FC6DEC7BEFC311D6AFFFE0C5A80B9DF81BE36D63196834845BE3C0141BA335B9EEE1AE390808954EA3132C28FBF3AB165C1059C3A82A10A455F84CA48D5F27
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.775371814918543
Encrypted:	false
SSDEEP:	48:7Mip/E2ioyVvioy9oWoy1Cwoy1LKOioy1noy1AYoy1Wioy1hioybioyboy1noy1b:7BpjuvFyXKQOIb9IVXEBodRBkO
MD5:	A66C8DCBABF02E6F5301CA534BB401A1
SHA1:	354EFA761990856DFF26341A32279563AAFD4659
SHA-256:	7D37584A4119CC9D0A0DC6A72C6C2F2BD6F9ED4AFAAF068E8F69491F75CF5E16
SHA-512:	58A989B7072B60204866CE9F2A20F855D563E3F4F242CA9A023478E5C3A58BFCA24151A9197E1AA8F98484D869203A23FF8CAF877998E3255C0589E74DDF8CE2
Malicious:	false
Reputation:	low
Preview:	.... .c......K.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.2418003062782916
Encrypted:	false
SSDEEP:	6:kKw9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:zDImsLNkPlE99SNxAhUe/3
MD5:	F179DE673B9955DE95C215F437A6C530
SHA1:	D992BD4A6ECE0AB340A9881F695DC26EB64D92DF
SHA-256:	FE9DA56F90690274CC59540A5712EC5BDAB07259628F11F486226BB48D671976
SHA-512:	41A51A6086DACB475D2CEB78BF70FC92B1C901B01356696B195C26D47DDCE1116F747DEE9FDA85950AF2E8E7C3475112B7E8467D5C03EA21F505BFFC712C9D14
Malicious:	false
Preview:	p...... ........$.y.(...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	2.9774614285160768
Encrypted:	false
SSDEEP:	3:kkFkl2NZktfllXlE/Bi9llPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB15RNU2UP/:kKRLziZliBAIdQZV742MN
MD5:	5166E06E4D9C89208BE1284A5EFA3840
SHA1:	A1E5280091745DB4F0CDA26CBF51D05C1471686D
SHA-256:	C4332469C98160E436BA2EE3A49277BA0B984C6EF0D9B491A3980D75F519B7F3
SHA-512:	AEAC7F2534142B0E8AA17CBB03A8E1E9C2060D828E648E3E399F4AE300D2D9E18CA5CE9F0C5FF1F09752F606AC6A15D3A539CFBC011D5B0CCF05315590DCE3CA
Malicious:	false
Preview:	p...... ....`.... !.(...(....................................................... ........$...;......(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.5.f.4.3.3.1.8.8.d.a.a.0.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6320

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.368798620626598
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJM3g98kUwPeUkwRe9:YvXKXRoZc0vvGMbLUkee9
MD5:	1134684C3794588547C8BC4750915DD6
SHA1:	C5F88389FB266A70E70E8D2F56BD7997EFB66202
SHA-256:	245D7C9DAB0B5C20FF418AF1F546DD4F6F248932B6A222511E714CBD1A581302
SHA-512:	023A9673FDE403E897147120A9A5A2A9693D5F44C0E760B2EA69AB85C30E028A836DDC56652B94B4FB0327D795086AFAF5D929B30310450389FE5B94937728CC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.316364618598598
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJfBoTfXpnrPeUkwRe9:YvXKXRoZc0vvGWTfXcUkee9
MD5:	5443F54C526FD956574BCCC53026FA72
SHA1:	2321BD8E872DA56107E8611079B1DEAD746DD42A
SHA-256:	2EB04913EADF3FB19A6B474F8843FC328F4D640FDBF675DE35228AC95125C0A2
SHA-512:	70839CBD14D6619C5575C1BEFFF3BCA7EB6384FB27F3E7B428AFE06596554C5954255B84A53145DEC76F4447AB8121AEF10D245DB24DE8BCB753742B16F01E35
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.292851780291058
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJfBD2G6UpnrPeUkwRe9:YvXKXRoZc0vvGR22cUkee9
MD5:	096E0CE9400B47433EEF02666A7FD6F0
SHA1:	25EDB044004416BA3568BFC0D921B318B8A9AD55
SHA-256:	B8B7B38C593660A0B5EDAC356EBA85912F8306373340C07D06885BF445395E30
SHA-512:	52A74CB7ECA9F1AB2DD3E5A8112D4636A2301A2FC675E9825FADB72DC0B881622915A4AF8C50D41CD6C6986CAFA56171B8A4F7658F7487CE307D14E20A7E4DFE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.355999836797525
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJfPmwrPeUkwRe9:YvXKXRoZc0vvGH56Ukee9
MD5:	61225E38DF0496A2CF33A2C7F03C7E0E
SHA1:	2B6388993F24362C32A7B27B2687ADD9E22E54C4
SHA-256:	821985FD456CC96A6058AC91DB8F92B42470E2A832758EEBAFF3B1D235CA65EC
SHA-512:	7BCCFFA26F8B09DF792AD58A87557861BA703C3BDF7FC71F6D790FD79C59D834C34EE98E2D79277F9EF336DDA4C9CF0320CFE95F3F8CDF97CA5995958074A3EF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.3179034208964975
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJfJWCtMdPeUkwRe9:YvXKXRoZc0vvGBS8Ukee9
MD5:	AB213409AF39C06B517E321CE5265571
SHA1:	C3A032B122355A34AF37BF5BBC6D0AB27A29A773
SHA-256:	63E983B88FA184A3219ADAAAA952B42400F94EEB43D739D17B020C35B1E53E6C
SHA-512:	6D90BB59076FAC5E40B1C131B9662A63B5CE582FF60DAA5DF94E3B180A547936CC1BFB6D29228351203055D1B4C3684E3B819476E88A69D56806C52F700D4AD6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.302632830066883
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJf8dPeUkwRe9:YvXKXRoZc0vvGU8Ukee9
MD5:	45F19AA9A25554A3AAEA6FED8CADDE87
SHA1:	5329B187859F57F171DB1E176F781C11856ABCF5
SHA-256:	F4F9FBFEE77CC4365508F8DF9295B75E6D968436C8FE6C01EEF28E1A3AB8FB85
SHA-512:	DA69DDFF588EB28A7F917284E9C7F8D4CD981EF594D7306372DF9CBF99D5E2F31655693676C888FCCE3978C2806C5E1E933D1A21432AFA94804883D4D620505F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.306488218081169
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJfQ1rPeUkwRe9:YvXKXRoZc0vvGY16Ukee9
MD5:	B305019C4E2FD5B2120FBC6126E12F7E
SHA1:	C23A73F30E8B181AC8CBD82B6052FE8997713DF9
SHA-256:	750F6E9EB5F043CB04969C62A400CA132AFD998E60473DC74F1371FF2AE9AE13
SHA-512:	A9607E0AB901392A5F1F4705BFB1E895E6005CD61B113C8460C508AFD1C922CEB8FDABF73BF010BBF62C51876BB984FFDE3FA208CB69C7E95E05499CD05D4B58
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3148863233464
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJfFldPeUkwRe9:YvXKXRoZc0vvGz8Ukee9
MD5:	AF326A59BC279CE6B1D107A2A2E2CA65
SHA1:	872FEF9691FDD66B60B39853CF3B5F185AD7FA49
SHA-256:	601C6BF730335AB768C079FCAB27F16D3CAF993C41747AAF87BE495B483EAE8E
SHA-512:	DC009C007C7F50A272B14D94720E0A90D22B5007C039D1D0AFE15C4EAE46569C2D449792C695630F175C5E6181F3678931A2FC262D9649F97307B15311E1239A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.739044893270295
Encrypted:	false
SSDEEP:	24:Yv6XRozv3KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNH:YvwwPEgigrNt0wSJn+ns8cvFJF
MD5:	38BA6955A28FAE4C36468F1DD746171C
SHA1:	BDB9BD3605CEEC037648785A89E21F0FF38B80CD
SHA-256:	387666D332E398154706A2E43711D55B701D9A9525500C97CA0A73D35B9670D6
SHA-512:	70A8657CD915D21626829F787AA85E4E8DE8BE3146E264F208FC010772E626AEE8A48B0802CACFD683CA296602450F63826A0309E397D39AC04AAD71181D9198
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.311162568495028
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJfYdPeUkwRe9:YvXKXRoZc0vvGg8Ukee9
MD5:	3A476558D0E53A5F83017267109B0E09
SHA1:	644749BE8C483C83A888D56E02E8D5774EED7C26
SHA-256:	D1F46BF22289BB3064074B75B4E3852B9FE5713363D9D6168D9C94E365CE50BD
SHA-512:	DA688F7F84921EC28F4B7D8EC7896D3CBA62CBB013CE59D87DC26F9050ACFE6E3E837C02A419320F72D14ED2689B90FCAD2E9DA63E73C1FE2E38D1C352967D33
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.778609867194931
Encrypted:	false
SSDEEP:	24:Yv6XRozvKrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN/:YvwwSHgDv3W2aYQfgB5OUupHrQ9FJ5
MD5:	AA5B29D035B7041318CFDE3676E375DC
SHA1:	F6DC34F9A8E5B8613081DCD4DC508717406E2835
SHA-256:	15E86CB1C108CB81FF85417978CCB3BD3A2F507C10C0160AC2AB1E74DC918B7A
SHA-512:	0674D48D0A561845F798C98FB379F57C1133FBE5C7725673C9D088EA96E697DA58FE83FE0172A261CF753D480DC4EAFAFB2CB366AEE6D6EE8EBB3102D13A3B15
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.294632947485077
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJfbPtdPeUkwRe9:YvXKXRoZc0vvGDV8Ukee9
MD5:	E97DF79820558BA731A728BF3E24456D
SHA1:	40DB4C2C38E34917443B9DF89B99DE0A60734705
SHA-256:	BAFF24B5BAD497773E26B82905344491FD952CDD5FBAE417B2C8BEA8F1AE0CDA
SHA-512:	13A920A9DD398B5AF0ED984453EDC369A36859119C25741E742F3A07478315BA2730E87E19982D792DFEB93CBB1A568D10A89BA210D8115A8FA25676FCCE58C9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.2991245261277875
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJf21rPeUkwRe9:YvXKXRoZc0vvG+16Ukee9
MD5:	3D25969D4CF3C6DE0880BF54D3AC5569
SHA1:	308836394305DD769E97820B464C029DD7009BDA
SHA-256:	6552487BF316D8A2AEFF985A36ADC6255FFE760B0FFCC562CDC7E49E2C35D6D3
SHA-512:	33A93B18030BE9258430D3B6AA6DC3712783911A62B9132D709489B89A0231426982AD4B14476C4C71ED3CFF30FF41E35B07B48E8D804061AD6B3F2BE223F16C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.317703879178954
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJfbpatdPeUkwRe9:YvXKXRoZc0vvGVat8Ukee9
MD5:	E6D1FE584B602ED6A77F2F24C079443A
SHA1:	FE6321C041BEB827702D7B48ED4BDB3CA1AC1728
SHA-256:	DA142825AE2ED14F3602FE3F6EF6EEB63AD377960A973F7B58E1F490A23F4042
SHA-512:	D7D74ADC2173EC81D78E4CB48BA567ED0539C252B167C605B06582D39CCB1EC45B0D6AF19186A631B090D61A81C73AC8B7C2B2270ADEA9C1E64C089E6D6A5A18
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.275838368063574
Encrypted:	false
SSDEEP:	6:YEQXJ2HX1qAfDKiHVoZcg1vRcR0YMeoAvJfshHHrPeUkwRe9:YvXKXRoZc0vvGUUUkee9
MD5:	66178F9B840DEFE5CC12D29496514CC0
SHA1:	01300970A273F2117870810C5C7D6F4EF7EBBBCB
SHA-256:	AA70442B993E9492DECDB7B3C031A632F3FE67EEFDD43ED7B039430B3D42797D
SHA-512:	9BB50B36B5273B58ED61E31BE27A33E1D29AF6B057044AB9EDEFA0DE7FB6A0127FC5FC110D7D5A2374690D2E5BD1F6AEC3E65F54E59F4CC2C60A56B49186AE65
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.373449671728297
Encrypted:	false
SSDEEP:	12:YvXKXRoZc0vvGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWL:Yv6XRozvf168CgEXX5kcIfANhK
MD5:	918641B24E5A6C664C65FC7D2BB6D2E2
SHA1:	0E376E45C9676305CA3E59E10505B48197B20602
SHA-256:	E684CC41F48CF0C5009CE4E4A3856768F03F14F107C3E8B8498E0A15C31CCD3D
SHA-512:	CA4ADB2959B1AC5B6869ADAACBD451A503EE58157AD294AF2B427828C98DE6E47C4601F6D9E69308A673E2951B5EE0A3D5CADFC959552230B720E07F9E1BDFB1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f9cb387c-b4ce-48d2-bfbc-176cca7fb4c3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1718305111936,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1718128576965}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.143216155689765
Encrypted:	false
SSDEEP:	24:YS1BRdMCykoCJUqQLBqAqknaGYayBts9FbK7BzrxccjHBj0SiS6N9/2DV2LSi8Tl:YSAPzUvU8sglMj4V9G/3MmBk9SDa
MD5:	4CF0B70DA075D9F7C9C184BED1112ADD
SHA1:	826769B5A5E0F4CA939031CD8AD86E99AFF2F243
SHA-256:	52DA3593A6833C7B7B6DF65606EC8DE529A91186D43BE1EEFCE9A9A11BBFFC25
SHA-512:	58CC7C6B5BDF471C54A1B9F9061F48AC3003298E7CB2EA598FFF6726C3E609FBB7CFED338C922ED3D5A586A9F66B4BACDB09675549426264A5B3FDBFB22077A4
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"819a6a2c09a5dc747350715d4e00bd45","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1718128576000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"cd6860b10f6686857578912f1fcb9f9a","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1718128576000},{"id":"Edit_InApp_Aug2020","info":{"dg":"0f3a5792305f6780d8790e3c1fafca8f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1718128576000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"76510246317034e3422d0f6cbb3b2a17","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1718128576000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"1ea08b9abafbfd3673a3630b38d611cf","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1718128576000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"e52392b39d3b8f2c1c30f483c5553646","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1718128576000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1894635932465416
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUZMDSvR9H9vxFGiDIAEkGVvpVMb:lNVmswUUUUUUUUZMD+FGSItZMb
MD5:	2A9A1A553C127AF7079A9F0319A0A6C6
SHA1:	A1BD33F706F86CFA3E4EE0364E09FEB0AF65D5C4
SHA-256:	9EF0D401DBB1CB2ACB0D8F0F567502C83C69E4E90E55A7B22939A4FBA5697602
SHA-512:	0EE952573570C6FAFF1EF941FC0ED32982A7AC29AD085748DA98CC87FCFC5943360CA3FFE4E3605F06E81B64F45BFF4C1120706053F4D84601BE5544E86E62B4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.607423735408843
Encrypted:	false
SSDEEP:	48:7MlKUUUUUUUUUUZMnvR9H9vxFGiDIAEkGVvtqFl2GL7ms4:7rUUUUUUUUUUZMfFGSItTKVms4
MD5:	98BC84D171FB21C5272356756DA1706D
SHA1:	EC836B95057F524D83F0C5DA0CBD39C21A06A869
SHA-256:	BA97834378728414085D9C745117F1B5C99DFED76BA260F7AF7FF6E4D35A51BC
SHA-512:	02F31D4BCAC2771E67255ABECA06460C66BFE097CCC51512333F0F55BEA7AC425D0DCA6659651DE51338898027B5AF88E02E3A1CB781AF896700DACF17C0899B
Malicious:	false
Preview:	.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI4d6bd.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5248044522866877
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K87qBH:Qw946cPbiOxDlbYnuRKga
MD5:	C2A7BAD2F1A03DAD3E61BDF27F4FEEA2
SHA1:	3D5432058EABDC99F54A9336DB5F0161AF8E8159
SHA-256:	F788958576AB3A41145B3FC4DE74C2B33BDDE2D209EEFD3025008C5DF3D77530
SHA-512:	3EF6BEBEDC47A593F23E02AF5D700078D860D849B95A6F21D76F7F557143AA6676F5AB921FBB2082CA06EDF5E7A68CF4BF4DD36D0219211D2FBDBC4D7B7406BA
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.1./.0.6./.2.0.2.4. . .1.3.:.5.6.:.1.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-11 13-56-12-476.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16599
Entropy (8bit):	5.3687277801825894
Encrypted:	false
SSDEEP:	384:DGkESEbEqEAEVEfMx9xSxEx0xVxXxIrjrnIFI51C1+1X1I1Lu1Rh17lpl9lTmRT4:WO43KvX
MD5:	101D2011AACD7830B701DC79E1EB3BB4
SHA1:	2889E984824FDA9333C70A044FBD277BBEE63BCD
SHA-256:	2525F28112AD5CCFAE22E414A4817951203F8BE5DEC3C14B700F9A98A6C8ABED
SHA-512:	25F543FF27F54FC985E1660921A31B395FF63F196AAE2FCB6F1514F44149C23F47FB3A19965B39253A671CDC9F4FBEC0BBF150D8539837F66DCD798B0A4B199D
Malicious:	false
Preview:	SessionID=bfd53b10-f725-47ff-b7ab-6da847d711db.1718128572489 Timestamp=2024-06-11T13:56:12:489-0400 ThreadID=7816 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=bfd53b10-f725-47ff-b7ab-6da847d711db.1718128572489 Timestamp=2024-06-11T13:56:12:490-0400 ThreadID=7816 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=bfd53b10-f725-47ff-b7ab-6da847d711db.1718128572489 Timestamp=2024-06-11T13:56:12:490-0400 ThreadID=7816 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=bfd53b10-f725-47ff-b7ab-6da847d711db.1718128572489 Timestamp=2024-06-11T13:56:12:490-0400 ThreadID=7816 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=bfd53b10-f725-47ff-b7ab-6da847d711db.1718128572489 Timestamp=2024-06-11T13:56:12:490-0400 ThreadID=7816 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.395246273699302
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2ri:e
MD5:	03FE32F8574D51C1EBDA19E71A32FBF2
SHA1:	A88FAB00DD9E01C79BC312E5F7C2449DBC90E6FB
SHA-256:	8C97064C51F7E9F1B00C4BDC8BBB3862346C02085B51EBB40D2C99E0552A58BA
SHA-512:	232D42F3B3E899BFA7E938AE8C9DD709848C7DC2293C68E7C7B57415A0DA77A147D84376650A6575518CF86C199B41B29569EEBDB267A4E1B33C82F788ACFC42
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\383bcad6-afd3-4f0e-b6e2-9e21a96899c8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
MD5:	CA6B0D9F8DDC295DACE8157B69CA7CF6
SHA1:	6299B4A49AB28786E7BF75E1481D8011E6022AF4
SHA-256:	A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
SHA-512:	9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\4b7f38c7-a755-4375-94f1-c9ca2b714806.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\50228a4c-f955-437e-a03e-ebf96db5b8f0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\65860300-4165-43ee-9236-cfb39615d93f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.856192714220535
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	DUEQ_RECElPT_SSSL8CLGKPWSR.pdf
File size:	218'267 bytes
MD5:	7826209d8f9f6ce7bf8508deedcaab6f
SHA1:	443871f3c14ed1431d64416c22264f465632b5fe
SHA256:	81859b4c5b52cb9fef38e3e35bc27bf411227c4e0d2aee7127cfd959d4d9417b
SHA512:	b5dd86f431fe7ff305235411f2db27fcb23382110cf7837acabd19631e67106eed7cc550673f79f09af0b0dc634c56722eb74ddc9a2f9e0abfae14ab5dfe3eeb
SSDEEP:	3072:x5J1Zfz4bTVhc1zOUa6bleKiNgO89MzVQxhQF6dj8hdkP7kBUak56pk7KPikm:hLOqJezM9+Qx0u8MkBk5oikm
TLSH:	64249D1389159B53A43843E9BE535FAC1F5B3F1CA5C636EB00620E9F3E782624D9E06D
File Content Preview:	%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20240610233323+05'30').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endo

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.856193
Total Bytes:	218267
Stream Entropy:	7.853917
Stream Bytes:	216894
Entropy outside Streams:	5.086530
Bytes outside Streams:	1373
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	12
endobj	12
stream	2
endstream	2
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
6	965f6b3f692b1e17	6240fc8eafd3779bc4c33dac57e5586f

Network Behavior

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 11, 2024 19:56:24.240614891 CEST	1.1.1.1	192.168.2.4	0xb4d0	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jun 11, 2024 19:56:24.240614891 CEST	1.1.1.1	192.168.2.4	0xb4d0	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7032, Parent PID: 2580

General

Target ID:	0
Start time:	13:56:09
Start date:	11/06/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DUEQ_RECElPT_SSSL8CLGKPWSR.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 4948, Parent PID: 7032

General

Target ID:	1
Start time:	13:56:09
Start date:	11/06/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7240, Parent PID: 4948

General

Target ID:	3
Start time:	13:56:10
Start date:	11/06/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1668,i,3490079776710011617,2781617310672127113,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report DUEQ_RECElPT_SSSL8CLGKPWSR.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c62f1be0-7dac-441b-90ac-f8259d45b215.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240611175614Z-155.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6320

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Windows Analysis Report
DUEQ_RECElPT_SSSL8CLGKPWSR.pdf