Edit tour

Windows Analysis Report
Invoice Number INV132146-1.pdf

Overview

General Information

Sample name:	Invoice Number INV132146-1.pdf
Analysis ID:	1646899
MD5:	786bb21da0bc0a7a90278e99818d59a9
SHA1:	1b63a43223fa7a5d275d0b3631bee54fe8ca181c
SHA256:	3f193b89c9274026c94b4da74272c7160f1c6f76d5a64594ebb66b103d1e38d2
Infos:

Detection

Score:	52
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected landing page (webpage, office document or email)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6152 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice Number INV132146-1.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6236 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 1872 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1724 --field-trial-handle=1580,i,13425934564398751757,2030006266861664592,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Phishing
• System Summary
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: Invoice Number INV132146-1.pdf	Virustotal: Detection: 10%			Perma Link
Source: Invoice Number INV132146-1.pdf	ReversingLabs: Detection: 25%

Phishing

AI detected landing page (webpage, office document or email)

Source: PDF document	Joe Sandbox AI: Page contains button: 'Open' Source: 'PDF document'
Source: PDF document	Joe Sandbox AI: PDF document contains prominent button: 'open'

Source: classification engine

Classification label: mal52.winPDF@17/37@0/41

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6816

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-24 07-15-43-058.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: Invoice Number INV132146-1.pdf	Virustotal: Detection: 10%
Source: Invoice Number INV132146-1.pdf	ReversingLabs: Detection: 25%

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice Number INV132146-1.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1724 --field-trial-handle=1580,i,13425934564398751757,2030006266861664592,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 81C729D3E6604B0A5F8F6F5DC9FEC832
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1724 --field-trial-handle=1580,i,13425934564398751757,2030006266861664592,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: Invoice Number INV132146-1.pdf	Initial sample: PDF keyword /JS count = 0
Source: Invoice Number INV132146-1.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Invoice Number INV132146-1.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Invoice Number INV132146-1.pdf	11%	Virustotal		Browse
Invoice Number INV132146-1.pdf	25%	ReversingLabs	Document-PDF.Trojan.ScamX

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.51.56.185	unknown	United States	4788	TMNET-AS-APTMNetInternetServiceProviderMY	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
23.47.168.24	unknown	United States	16625	AKAMAI-ASUS	false
18.213.11.84	unknown	United States	14618	AMAZON-AESUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1646899
Start date and time:	2025-03-24 12:15:09 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Invoice Number INV132146-1.pdf
Detection:	MAL
Classification:	mal52.winPDF@17/37@0/41
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 23.51.56.185, 18.213.11.84, 34.237.241.83, 54.224.241.105, 50.16.47.176
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.18876148785998
Encrypted:	false
SSDEEP:
MD5:	0D24D2B86611B4F73B30F02204F82176
SHA1:	7DA5C4D061AF32C5F7F30E1A368ECA6B159EBDD8
SHA-256:	F8AB3982A0699E3BC86FAB9B3F61E31B85735544560603948BB8B6CFD5FD01F8
SHA-512:	AAC449A07451AAC1632BB38115D4A9F377FA6A1FF63E61A5EBAC741298796E4E2990A72B54DB79BDC988B9B2E07EFACF805AD1A1D6C3843267D5F2D94E31A631
Malicious:	false
Reputation:	unknown
Preview:	2025/03/24-07:15:41.046 1970 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/24-07:15:41.049 1970 Recovering log #3.2025/03/24-07:15:41.050 1970 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.165841917754713
Encrypted:	false
SSDEEP:
MD5:	D0728ED038D8E7D05D434A198DFF7B87
SHA1:	FF1571F96E71CCBE6FD34C4CD397EB31BB4BDD64
SHA-256:	042DC68317365F3792FE5610CC5738896E856C2374E10971D307C627946F407C
SHA-512:	35CF6148FDE85CEC9D60379206670042CBDA86302FA871C414205B8BC28893F174732BFA0326853F6A2D36B02D7686E292650D8332C31D1D1088A85FB346E9CD
Malicious:	false
Reputation:	unknown
Preview:	2025/03/24-07:15:40.918 704 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/24-07:15:40.921 704 Recovering log #3.2025/03/24-07:15:40.922 704 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	89D69F7E91F96630988C8C30944C1CA7
SHA1:	BA02FF2C2000BE5B596FFD764C1D4B43CE8DCDF5
SHA-256:	56721B0E94F2130828D69D3169CDB29C1464B06CAAEDFF388A5BB00E0BA99A81
SHA-512:	1A3AF95E4393A58C0F4AD81BE4365ABE9810FE87F265F3C1792F1B803F5D99588CBC7330D9646CACD7905292E9DCB3F03B1BE1DDC30C1B1963ECC5C6BD814228
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387374952237680","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":100204},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\dc19a82f-d8b4-4a1d-a6c3-2ad8f8a9e42e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	476
Entropy (8bit):	4.9798487087473315
Encrypted:	false
SSDEEP:
MD5:	89D69F7E91F96630988C8C30944C1CA7
SHA1:	BA02FF2C2000BE5B596FFD764C1D4B43CE8DCDF5
SHA-256:	56721B0E94F2130828D69D3169CDB29C1464B06CAAEDFF388A5BB00E0BA99A81
SHA-512:	1A3AF95E4393A58C0F4AD81BE4365ABE9810FE87F265F3C1792F1B803F5D99588CBC7330D9646CACD7905292E9DCB3F03B1BE1DDC30C1B1963ECC5C6BD814228
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387374952237680","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":100204},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	6391
Entropy (8bit):	5.238088774266273
Encrypted:	false
SSDEEP:
MD5:	F7B4A2B2881747CD465FD9C2D07A80FE
SHA1:	12BD759F4A050634A91F23B7B469560B25A9A389
SHA-256:	0DA1EA92820FFC753014F498778F6C5ABFAF6E4C3B5C07DF364E4997D855E6E7
SHA-512:	CEE5F0F474CD7D1E8E8CA8C51EAFEB7892ABD9D09D33A13CCA70326A4EDB75B622482F47EEB2899B54A466C88B1FE0E5A185D500CA6B8FA93086756BCD003565
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.129970235463914
Encrypted:	false
SSDEEP:
MD5:	2B62CCFC79A16722866FF2FA3F513464
SHA1:	B271814CBEA8D4AAA9E0B214975FF725D573783F
SHA-256:	51FD29B919609537E0A82CC371419E8C886D5B909FD127F5EB6A762DA14C415B
SHA-512:	65B7EE5569C661A9F0A3F1C9BAAB403001D8844B468CBA39D4C2AE9CF3DDA1CA9F5EF5F5CBF1EE818A0EFDFB614C55E1AC0255838A9F7DEAFC20F89B415FE5E3
Malicious:	false
Reputation:	unknown
Preview:	2025/03/24-07:15:41.101 704 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/24-07:15:41.102 704 Recovering log #3.2025/03/24-07:15:41.104 704 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.444876733944662
Encrypted:	false
SSDEEP:
MD5:	6FE16C4DA30D0039E28BCABFCE2F8397
SHA1:	18C5325B77FD214D287CEFCB303FAF6519AFC331
SHA-256:	7912213CA6B77BD52BA1F49E27EE9633931F4E9D899CA703D9C74208D1320D0C
SHA-512:	3723D741D2E097703D6D3D7F83BF82D42C9C4A9C34B5B719750C035898AC547D14765FDA0E19151B54CC151B9596E615894EDCE4C7C1054DB1F9C7E42567D3B2
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.769393036672982
Encrypted:	false
SSDEEP:
MD5:	0894C9FBCFC7B525C84A2539163B8138
SHA1:	893C74167DF6D00415085E36B636B3231A49E2A9
SHA-256:	1AD773AB473D3BB165A389A7F80088E62F1EE94950EDBA90006E3532F74FF51A
SHA-512:	6A75C194EADA73044175801A0365925746EB96EB45C97E4C27928EAAD1BE6B65D702871F6358C911A0A9EC1D915670C335A94448185ECFC241F3A29BB46FAC1A
Malicious:	false
Reputation:	unknown
Preview:	.... .c.......;................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6816

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.376952223155967
Encrypted:	false
SSDEEP:
MD5:	25D6CBA0FEF1F30187B3A77F7D1D483B
SHA1:	7E525412D4ABB9635912CF3C32C67444B37CA79B
SHA-256:	553322B2990342FC787B78C3013CAC10234A8A0BBFF1CAE70C71BE157EFF5906
SHA-512:	109DB9C00AAC569C5C517157FBCB56692F2EF54144FC12DA743E010EB39C285E0AE529FCBCDEC9AF20FC7AFB82B22CE90214A54B23F73F4DFC4F4CCB7E0A9C28
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.321060688118762
Encrypted:	false
SSDEEP:
MD5:	9BD8F6A4402E5CC97D4BA92DE4575591
SHA1:	28C28935B85FD741D1236A7422D9F28FC26193D3
SHA-256:	B5C6D5955BE62A31994B8F538C4939014E0F2C3A12D7F18EEDF514C53CF1A4E0
SHA-512:	F3A33636A688231565D86C3F4D82C2A9555E05136604F85F2C5EC51CAD1ECCA9928F69E7B21CF1AAA244B053F1E1D6B43D156DF37EE3758D9F05E533E6806BAB
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.300586871192794
Encrypted:	false
SSDEEP:
MD5:	6A6912691EF889A6F16F4CA34741EF2C
SHA1:	54BE9C054446781E4CE536B85CC3C7AC3209B0F7
SHA-256:	8C37D7F92E58757A9EDB9FE5B87A493303865EC59C28396C683488C04267C55B
SHA-512:	A719BEFB342E04D6B9195D8D820BA67FDAEDF1E4F2D3301CC61233049262E80B2B2093C83BD6E7645904C93095CF7B84C640426942D1E28F90D2F09C05EFE203
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.363525508212058
Encrypted:	false
SSDEEP:
MD5:	7CD0F3806EA8A7DFED2686225832FA17
SHA1:	4FAA26BA3DC9759F998C3A5855C46A8CCEEA3A8E
SHA-256:	03D8EC38AE2737C375D4D4AC111AA87A6A0BEAE9EF2880DDA491871D34B52B69
SHA-512:	10A85FD464543FDBE42E496B0AC4D1D1D86CA131FC3E133E2463703CC81D2A5F917EBDAF055323B7BB26800B37A289D63DF35124CB0D8F7550D2FE08989A2811
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2129
Entropy (8bit):	5.844199714313397
Encrypted:	false
SSDEEP:
MD5:	E49207A2A9202F2B9ACEEFEF00452CB5
SHA1:	38F3856F77DF86D01B302EE15691361DAA195C2D
SHA-256:	10DBEAA9E26F426E2D59F44D1639F0F269A44B4F60C47B9D0DA50A4C4E9E91B4
SHA-512:	9093F3A2F1293D7E9B00DA464EE761298834FE5CA32AEF95B937EB6E2D216E2EC0B1D549CE2228DC27EB271CB6218615C0D8E9FEA2A9E8C1C9E22A23D8B9CB83
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.313188353551466
Encrypted:	false
SSDEEP:
MD5:	4F04C9E424CA36C1AF7260DEAF344D81
SHA1:	E5520CF1085B9CBF8952C58145359EA1E468ED84
SHA-256:	7382634DB07D687B2DE16CE572236D1950E6F5C4F129132564E880FB18D01EB1
SHA-512:	05D6D696426AEF1F16B5319E49D9990FB2E7900DDB09051D5A18BEA61722F57A56E712CA6FB47D41A3BD30F8ADBA914617101CAC8761E823B32BA0527D44513A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.313182473128114
Encrypted:	false
SSDEEP:
MD5:	E076692BB10BBD096B665602A03C5893
SHA1:	D733A089743894D0F1C557649A049DD478109A9D
SHA-256:	631510224140FCA67B7E9A34C39B5179BA075427F1DBBA9B7B91342AC43D8D17
SHA-512:	A0271ADA9DE459A52F54F2C5A7563F1A91E9050473D2B7DB1BF6A8552E89D5D2B0BE3D5388A1F16D75335A33376E6927F1F76371B87579D85F6F0CCBEF91057E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2080
Entropy (8bit):	5.829571849699971
Encrypted:	false
SSDEEP:
MD5:	7AA21131CB93532CE6255B9DC5E62EE4
SHA1:	39B08C476DC4830FAA600D2C439C6AB7FE47847A
SHA-256:	2BB807BD676F24FAAC3567E71E0EF7F3E644E3AF79EBA487A3D6CEB2B7A317CF
SHA-512:	A3ABED3CFDFCF746384283B9A20DF2771AF9831C63EA99CB1121ABAD02CA11B7C7ACD785497D4B2450D3085DA4E43C41260FE03960C588F9BF5CF9FC101E4A89
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.338320798528185
Encrypted:	false
SSDEEP:
MD5:	D305CC92D51DDFE2C0B52902ADD62B45
SHA1:	87E2856C28E7A209B6536C190AFA10B182D32B23
SHA-256:	F3E54A7C489F7A49364B5092981655C9A496E986AB8233A389C0661E7ED55CF8
SHA-512:	30717D3E4D8440EFAED5FD8CAC3D5C151D9D86381DDAC13931FFB1BC2316262030D02F1453935D42E3E1E52A6F38350E857856CDFA83944B30AE564E1F9DB343
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.319064297849304
Encrypted:	false
SSDEEP:
MD5:	FEB38A1276980B4C228D41A152774619
SHA1:	329E6BCF877932894EDD49713061D2CEB4B7BB88
SHA-256:	6CE7D144187C1565D12B7826498127434288FC693BCCBE7F0BF5C8F825B8D97A
SHA-512:	4F871D859557AAD28E4E9C1C401D0BF5FA43F5535F9479C0E0D22CF14D7F96BF0D85A649FB0193308614DEA1CF38D1624C0E017FEDEDE516495D29707DD33C85
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.30629915070848
Encrypted:	false
SSDEEP:
MD5:	47351794FF3395229B782A5B35549D8D
SHA1:	06E35F180F99821FAB20B485EF3D6911DF56CBCF
SHA-256:	A62E4E38A7B88CE275DA17ACD7479E395E8965A98935C635A5D7D43E8FBA0824
SHA-512:	A0AF18D1142229C76A2B1AD84B61E0AFC673BE807B17D7918CAA94A20AF7CA5F75CC69191F94ABD4E7855824BF931B9A0182E209C7EF90A5FF02CAED4B3E2E52
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.30248036942111
Encrypted:	false
SSDEEP:
MD5:	B00FD700D7A3E21A9C587AC1CB40D881
SHA1:	B4A147CBEB5DCA28ADF458721756A8C02728FF08
SHA-256:	E710C614D732E662F89B0659F32E4C3F6C11C5A5539FC5DC80411AB19296846D
SHA-512:	3C72FB7D465D88062DC879DCB0B8B4075155CD1AF32E967C673ED7010F3A586C0418F1BA4F85D4CDC3E1C7CB25B74B5CF15981C6E7C70E28E03ED7744412DA68
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.304103086445252
Encrypted:	false
SSDEEP:
MD5:	771F7438491AC72A9A62DCE7D591890E
SHA1:	F134A4D2B346B56B8B676E0EF0498799ABAF451E
SHA-256:	B355BFB6C4FD51E16DCD84B2B6F29308C336BDBCB571C4803CD5087796B720B6
SHA-512:	4DB7EDFFBF576C573D60B05EB15258588B06D466580102DA7B72567784A532A8F63AA1831EE29EDDB6CFBF743F2205EEDE82673C6EBBE06EAB8BBC1BABC5B7E0
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2028
Entropy (8bit):	5.843775095275366
Encrypted:	false
SSDEEP:
MD5:	823E401BF89BE22C07A3A9353916398B
SHA1:	622F26FCAAB4A97E12BF26FF6937D3BA4D54F0F9
SHA-256:	D33F26DE88B83AA964DB55F67C2DB9240B50671F7BC4A418BCFFC53C53D6B605
SHA-512:	2D2D9AF59E674E000262618D0D3FC29E36FC72CE5C815D6FBC695C7B789267A39DA0430CAF69216D22BE7D9CC2D232E05DFC5DA6ADBC8EA19E81547C09FBD7E3
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.281677240973279
Encrypted:	false
SSDEEP:
MD5:	B1CAF52A361CA26CE3AC60A94E21A4DD
SHA1:	E7CD5C2C5120F6C59CD6178BA9A5B17D5E057656
SHA-256:	DBC113799CDAF389A3AB45A7BBC543CB78D33A03215A526791A1E127C830E200
SHA-512:	2BB9C352F672C9D1F40651FE61A1C3C48DB1DA42C7B6073BF9E0F984269B6918DCA85D8C04C4599BCDE36D8CA5B0F2AD895F8EFABAE8065DE5044A795F3104B0
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.290180581643895
Encrypted:	false
SSDEEP:
MD5:	84689BF521E8C1222C0C164B8714EC82
SHA1:	A298BCF41D95BB5B80C078BBC8BF893C34705610
SHA-256:	7B5890DC61C1FC1C66B37E19B30160081A8039E698CF00633F5DF9C6BDA648D8
SHA-512:	10C1396728BBB7489C906E279398929A3ED28B0A68CBED73182DD26C9CCD26E020E5F8F3E623F0AEC286DBBF497A97EBAEB7A7E8949A55A15B2925E63E9C2AA7
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"a6f82953-eef4-4593-bc54-e36fde856007","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1742993940186,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.126644851337418
Encrypted:	false
SSDEEP:
MD5:	6C4CEF887B4E6175983BC3D8ECB9C762
SHA1:	16018928B2D1C5BD41392D327C6AA5C5A6D2869D
SHA-256:	B0CC7062A37EEEA378957C846068E57217605174C1BC91DD40F34D24B42EE578
SHA-512:	3B632B60AED62D1BE6ED7B042C730CF47960EAE5E376DBB1B144B77F1E6C7922C607AB5889BDB98C751C60CBCB922C40BB98D6788B4CBDBF49D2B79F6B9C68BF
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3826f804f0e28d61b8b4b93fa43fcfeb","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742814944000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"be6cac40f2a2493f5a7425b45db69ff7","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1742814944000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"1fd08661848388ea9cfd1c708144d558","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1742814944000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"dfac09c83ed589a1703d2828c14c88ab","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1742814944000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"bbcbe7bcfb2d8af99e87065bc1620c1c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742814944000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"01b6fc24bea1b14737c641ededca8693","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.3577575351309996
Encrypted:	false
SSDEEP:
MD5:	BB9F8E37F613071CBFF063528BC925E4
SHA1:	ACD0085AB53746EC50D3C174BA163E7F3B082701
SHA-256:	F717DF7565BE6645606ED2DBF2C426A3C72448E708B301A8C4D17FB131317A8F
SHA-512:	957A173C275867E1F1A23DBD29C8BA724337056842EB73EA9B91820D3974ECF4B68A70C3DBC3B68052FE3153B24446008C6C99D1F5D5E8BDAD5DAC317A52FEB4
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.8298293718588092
Encrypted:	false
SSDEEP:
MD5:	90B78E9F7124529E017BF7BBABAACDA3
SHA1:	EFC66CE835554581B7F71F48B254BE90C173BC72
SHA-256:	DCF845B526B89AB74EAE93AB1C45CDCA75A7939780057C6198CC1BEBF30EC6DD
SHA-512:	BC1B5BD28F5486FF400437949373B177220B078D04FA84C2018B010CD7C61D9C2DEF70BF65E1FE1CF0A485E6522D0F6B571FCC6CDCF71BC1788CA6E178C3F79C
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....#.mB......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIb0b9e.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5248044522866877
Encrypted:	false
SSDEEP:
MD5:	BAAAA79E593EF6C46CC1161CEE0556BE
SHA1:	2B68146E8DDC1B6730688D24812A8CFDC02DF00B
SHA-256:	1AC3DC3E7639736833A85ED997F49278BC67EC8F33C410DEC6DE45F2B1C7F0BB
SHA-512:	9A8D2AE8A4B3F347BCA77CF11CCA92DF41800C5663BB3B58958AB3A9DC69549A82CD72E6CDB8F95652203EF7C56ACD1A9664CA3BCA6F021401186A17C8C5D3D1
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.3./.2.0.2.5. . .0.7.:.1.5.:.4.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-24 07-15-43-058.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.359827924713262
Encrypted:	false
SSDEEP:
MD5:	06DEAEDB81D09FD8FB5FF668D8E09CB2
SHA1:	28A02BCBD5975117B97A08AFB049F2C94F334726
SHA-256:	D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
SHA-512:	948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
Malicious:	false
Reputation:	unknown
Preview:	SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.353839960483008
Encrypted:	false
SSDEEP:
MD5:	A4D31D654DA7448F4E53D9EC7697E46F
SHA1:	F37A5BE1DBE25FB3C09ADDFC9BA1A1D017CAAA36
SHA-256:	7E135A4D3DD1AC3112F3929674310D2D7F89653E8CCA32BAE911F6224072288C
SHA-512:	869D3CA8D2C2819ABAB82EE26C43C43AEEEECD5733112AB69EB35E8A032B4D9E7DB2457D01178B504548A4A0FF886EF8D4CCF6981A4BC2BE28755B141D53DD27
Malicious:	false
Reputation:	unknown
Preview:	SessionID=298cf591-89c0-4b19-ad19-be510bfe7e76.1742814943071 Timestamp=2025-03-24T07:15:43:071-0400 ThreadID=7092 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=298cf591-89c0-4b19-ad19-be510bfe7e76.1742814943071 Timestamp=2025-03-24T07:15:43:090-0400 ThreadID=7092 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=298cf591-89c0-4b19-ad19-be510bfe7e76.1742814943071 Timestamp=2025-03-24T07:15:43:090-0400 ThreadID=7092 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=298cf591-89c0-4b19-ad19-be510bfe7e76.1742814943071 Timestamp=2025-03-24T07:15:43:090-0400 ThreadID=7092 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=298cf591-89c0-4b19-ad19-be510bfe7e76.1742814943071 Timestamp=2025-03-24T07:15:43:090-0400 ThreadID=7092 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35721
Entropy (8bit):	5.4257060814830345
Encrypted:	false
SSDEEP:
MD5:	93EA4DF7F5BE98EFD095148AA0462475
SHA1:	96EE4861FFC8DA002B2A42BD194A93C996936422
SHA-256:	8D0081A53C0EF384428AE1FA539985870047FAE957F9309ABFAAE82827FA89A8
SHA-512:	75C1BFC6B9CC4358445D03B6904585AB50990864CACD5264E391A90FEB7172D1F514F313B8991910D88A615C85C40962832FB9980FBEA2A27884767878C47D84
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\3dc648ab-8a01-4526-91ee-ede56317ff30.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	1D64D25345DD73F100517644279994E6
SHA1:	DE807F82098D469302955DCBE1A963CD6E887737
SHA-256:	0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
SHA-512:	C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\5d51e24c-b200-4a79-872d-441790e6f905.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\8c27fdff-4e6d-4f8e-85b6-800180a19d2e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	E787F9888A1628BE8234F19E8EE26D68
SHA1:	44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
SHA-256:	3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
SHA-512:	EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\c5cdb9d3-1651-44eb-a38b-0054cdb4cfc6.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\cc58f457-7d96-4bac-b6f2-131a1a08d6dd.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	543911
Entropy (8bit):	7.977303608379539
Encrypted:	false
SSDEEP:
MD5:	37EB23335CA9CF70C7AC49AE9F7BF936
SHA1:	527BAE2405AA5B4FB780C1E09FC71A18320F7760
SHA-256:	3D1372D97BDBD11D57448741BA29893D2EE4C49FBC408F2F8925BC790926F9D6
SHA-512:	F52F478C539FC83D91D4E28F55B3B85FD5185EE29413A39A4520215F69FE08B01EBF41A10EE0DB2855DBDB46AE3D94470D43C419ABB2868D326CA3FA29113447
Malicious:	false
Reputation:	unknown
Preview:	...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=.R........4..(WCMQ..u]]R...R......5...N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]\|..7;.5....^..7(.E..@..s...2..}..j.......t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...zBs\|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5\|:bj[.._R{gi...^

Static File Info

General

File type:	PDF document, version 1.6
Entropy (8bit):	7.929661539673598
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Invoice Number INV132146-1.pdf
File size:	52'893 bytes
MD5:	786bb21da0bc0a7a90278e99818d59a9
SHA1:	1b63a43223fa7a5d275d0b3631bee54fe8ca181c
SHA256:	3f193b89c9274026c94b4da74272c7160f1c6f76d5a64594ebb66b103d1e38d2
SHA512:	5a2eef7c1a61b777c644b15e38070b3ffe358e69785a235b9cfa440ddc403bd509c786c843eb0d60063d14d2a560badd8df12c9cd9c060891766a444d2a46649
SSDEEP:	1536:oaZC54j2Aup+lgekiqCAltX3/MCgPnTn9d6:HZCSaAusSi+XvjETn9d6
TLSH:	DB3302BCA895CC9DDEA459F62440438E42DFAC379FD617312ECBE3419E8930AF584DA4
File Content Preview:	%PDF-1.6.%.....2 0 obj.<<./Lang <FEFF0045004E002D00550053>./MarkInfo 4 0 R./Metadata 5 0 R./PageLayout /OneColumn./Pages 6 0 R./StructTreeRoot 7 0 R./Type /Catalog./AcroForm 8 0 R.>>.endobj.5 0 obj.<<./Subtype /XML./Type /Metadata./Filter /FlateDecode./Le

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.6
Total Entropy:	7.929662
Total Bytes:	52893
Stream Entropy:	7.929453
Stream Bytes:	51803
Entropy outside Streams:	5.201380
Bytes outside Streams:	1090
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	9
endobj	9
stream	7
endstream	7
xref	0
trailer	0
startxref	1
/Page	0
/Encrypt	0
/ObjStm	1
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
32	11313038394f3736	99a66323ff5e1bcbb778db6bfb3b60cf

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Invoice Number INV132146-1.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\dc19a82f-d8b4-4a1d-a6c3-2ad8f8a9e42e.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6816

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSIb0b9e.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-24 07-15-43-058.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\3dc648ab-8a01-4526-91ee-ede56317ff30.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\5d51e24c-b200-4a79-872d-441790e6f905.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\8c27fdff-4e6d-4f8e-85b6-800180a19d2e.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\c5cdb9d3-1651-44eb-a38b-0054cdb4cfc6.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\cc58f457-7d96-4bac-b6f2-131a1a08d6dd.tmp

Static File Info

General

Windows Analysis Report
Invoice Number INV132146-1.pdf