Edit tour

Windows Analysis Report
Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf

Overview

General Information

Sample name:	Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf
Analysis ID:	1524350
MD5:	61b61a032a0cfb3b4d57ac7103bcb64b
SHA1:	41cd2232903e82417ae320baedb05e2ef1814973
SHA256:	da5cbe2f356e8958900f666fc4dd72eb8a4cc060b8ba196c6e35b8dced3fa449

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Signatures

Contains long sleeps (>= 3 min)

PDF has an OpenAction (likely to launch a dropper script)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 2172 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3012 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3412 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1592,i,491027021382810470,18401027826524376712,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 4468 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.adobe.com/go/reader-upsell-scan?mv=in-product&mv2=reader&invc=floating-toolbar&tl=ScanPDFRdrApp&subtl=ScanPDFRdrApp&modern=true&SCAMode=Rdr&DTProd=Reader&DTServLvl=SignedOut&ttsrccat=RGS0263*ENU*Control MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2016,i,16908384908861861738,1744630284485348241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

AdobeCollabSync.exe (PID: 3896 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 2600 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3896 MD5: 8A41FC5F946230805512B943C45AC9D8)

FullTrustNotifier.exe (PID: 5644 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri MD5: 92366A2F482926C3D0DD02D6F952F742)

AdobeCollabSync.exe (PID: 4684 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 1816 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4684 MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 5484 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5484 MD5: 8A41FC5F946230805512B943C45AC9D8)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 28MB

Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: classification engine

Classification label: clean1.winPDF@49/69@1/120

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2824

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 11-44-43-479.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1592,i,491027021382810470,18401027826524376712,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1592,i,491027021382810470,18401027826524376712,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.adobe.com/go/reader-upsell-scan?mv=in-product&mv2=reader&invc=floating-toolbar&tl=ScanPDFRdrApp&subtl=ScanPDFRdrApp&modern=true&SCAMode=Rdr&DTProd=Reader&DTServLvl=SignedOut&ttsrccat=RGS0263ENUControl
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2016,i,16908384908861861738,1744630284485348241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3896
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4684
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5484
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.adobe.com/go/reader-upsell-scan?mv=in-product&mv2=reader&invc=floating-toolbar&tl=ScanPDFRdrApp&subtl=ScanPDFRdrApp&modern=true&SCAMode=Rdr&DTProd=Reader&DTServLvl=SignedOut&ttsrccat=RGS0263ENUControl
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=2016,i,16908384908861861738,1744630284485348241,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3896
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4684
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5484
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vccorlib140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: appcontracts.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cdprt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cdp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wldp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: dsreg.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: onecoreuapcommonproxystub.dll

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Source: Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf	Initial sample: PDF keyword /JS count = 0
Source: Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf

Initial sample: PDF keyword /OpenAction

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 30000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	LSASS Memory	11 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 Process Injection	Security Account Manager	2 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Extra Window Memory Injection	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Extra Window Memory Injection	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
x1.i.lencr.org	unknown	unknown	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.200.0.33	unknown	United States	20940	AKAMAI-ASN1EU	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
216.58.212.164	unknown	United States	15169	GOOGLEUS	false
184.28.88.176	unknown	United States	16625	AKAMAI-ASUS	false
173.194.76.84	unknown	United States	15169	GOOGLEUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
2.23.197.184	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
2.19.126.140	unknown	European Union	16625	AKAMAI-ASUS	false
52.5.13.197	unknown	United States	14618	AMAZON-AESUS	false
23.56.162.185	unknown	United States	16625	AKAMAI-ASUS	false
142.250.184.238	unknown	United States	15169	GOOGLEUS	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
18.207.85.246	unknown	United States	14618	AMAZON-AESUS	false
2.16.100.168	unknown	European Union	20940	AKAMAI-ASN1EU	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524350
Start date and time:	2024-10-02 17:43:33 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@49/69@1/120
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe
Excluded IPs from analysis (whitelisted): 162.159.61.3, 172.64.41.3, 184.28.88.176, 18.207.85.246, 107.22.247.231, 54.144.73.197, 34.193.227.236, 2.23.197.184, 2.16.100.168, 88.221.110.91, 2.19.126.143, 2.19.126.149
Excluded domains from analysis (whitelisted): dl.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.141040630983599
Encrypted:	false
SSDEEP:
MD5:	4E86C78E5401AA9D4F5F1404BE9E65B6
SHA1:	CDA10DAE28C40D4AED7E319067D5D7BAEAEDD866
SHA-256:	1D4E8E94D1273E764381E0297E12779297A06EFBC4995C3DD648350E0E3479F4
SHA-512:	EEA10AC77AC98CD61CC77927DDC6ACB51CD1C156799D864F0DA3BB00086E66882DB518BA7B07B795B4AFA936CD63C59041014C7BC500A785D5A84DC51D3C027F
Malicious:	false
Reputation:	unknown
Preview:	2024/10/02-11:44:41.665 16c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/02-11:44:41.667 16c Recovering log #3.2024/10/02-11:44:41.667 16c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.102946145713107
Encrypted:	false
SSDEEP:
MD5:	B36DE1731C6F364E2BCEA9B699AB4AC7
SHA1:	6CF83F1AEEACB235971C0C59420F2BDD1C631926
SHA-256:	9FA2206031437F1160E8D43FC3DC7C06EE4091ECD0B06EBF8D1C4241FB0B18EF
SHA-512:	78D16E88E2822975F12CB566F7F5AF528A06177260CD3F020CF37D04D478412C2AEDB893EEAF73D5A24D309E08E1A0466AAEF94DCC149050CB336D2EE9CD68F6
Malicious:	false
Reputation:	unknown
Preview:	2024/10/02-11:44:41.521 1330 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/02-11:44:41.561 1330 Recovering log #3.2024/10/02-11:44:41.561 1330 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\587bc1f9-5ee3-4271-84cf-92e41d98664b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	476
Entropy (8bit):	4.973973222440336
Encrypted:	false
SSDEEP:
MD5:	C45D427B83D825EA9124B9C14096597F
SHA1:	BC9E776B6542D2D4E1034E2C5FDE5D2616AD4133
SHA-256:	3C0C7C8BF44360A6C03A76C8DC19A2C3F48EA389CE79601019068ED862B5F967
SHA-512:	9B50AF38821791B469CEB8EFE1854A0454B2B7A8919BDF66CDCA20C21DEBF4B470A87D978F573E4362E61B4407C90F0B541C2D00EE8DF4793ECAF9B885CD303A
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372443894775379","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":126408},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	929CC6E99547126B372398AAD499520E
SHA1:	9E80FB95EE9FD70D36091AF14FF89552081504C9
SHA-256:	6570DBFDDC047BD44B216BBC3AA00C4EF095D3E3120304F7FD277E8B472B7A43
SHA-512:	BEDA4E9EC4537247166B4CE05F7CDF4C7E06081413C6599FA0294E5AFE3412322275127BE41DBD8C4C1EF70DF38EFA55E7458868C9EF50D65D8F5327715B1274
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF65b77d.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	929CC6E99547126B372398AAD499520E
SHA1:	9E80FB95EE9FD70D36091AF14FF89552081504C9
SHA-256:	6570DBFDDC047BD44B216BBC3AA00C4EF095D3E3120304F7FD277E8B472B7A43
SHA-512:	BEDA4E9EC4537247166B4CE05F7CDF4C7E06081413C6599FA0294E5AFE3412322275127BE41DBD8C4C1EF70DF38EFA55E7458868C9EF50D65D8F5327715B1274
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a5b3a7b4-f141-4237-bf56-a5dab0e7f292.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	384
Entropy (8bit):	4.932552339462053
Encrypted:	false
SSDEEP:
MD5:	929CC6E99547126B372398AAD499520E
SHA1:	9E80FB95EE9FD70D36091AF14FF89552081504C9
SHA-256:	6570DBFDDC047BD44B216BBC3AA00C4EF095D3E3120304F7FD277E8B472B7A43
SHA-512:	BEDA4E9EC4537247166B4CE05F7CDF4C7E06081413C6599FA0294E5AFE3412322275127BE41DBD8C4C1EF70DF38EFA55E7458868C9EF50D65D8F5327715B1274
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145508750011","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	6937
Entropy (8bit):	5.245940992261814
Encrypted:	false
SSDEEP:
MD5:	7FD8F91F88AFB1B8C38CD13519224496
SHA1:	13C6827EE8B834A9D4ACFB662EAD8B0128DA5BFE
SHA-256:	31DB40502A566807F61462149FA372E7777A08D62A20B1439423800077DB0309
SHA-512:	DF15CA675FCA13B95CC404B89642ECC6EFB34A8B0FD950CF29E552430297B8CA127E4CC6C827732676A94B34E5407C9106BDC1A326AE2991AA91E40759F65850
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.091923157720052
Encrypted:	false
SSDEEP:
MD5:	D88D52CE3BD83A559870198C7A4E7492
SHA1:	E4001078D10192BED6F15E3A0F40E721649E5B90
SHA-256:	21A79285B3B7863D5D9461E1549B4D0A61F43CE92297ABA630F7CB597060C439
SHA-512:	E0CEF7600A38D71AB232793BDC7533D66395E86FAD81EC0930DAC9761F43658332C9925EFCF45E59E104BBFF3FAB2590589D40E41DC9A9463483E62BD6A3CE40
Malicious:	false
Reputation:	unknown
Preview:	2024/10/02-11:44:41.709 1330 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/02-11:44:41.711 1330 Recovering log #3.2024/10/02-11:44:41.713 1330 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.014398390623025559
Encrypted:	false
SSDEEP:
MD5:	2CA18D8392674A893869D1D44678DF8E
SHA1:	90760A4B3ED87707597EB8F56AA2F22B152D6282
SHA-256:	519F61F1891B02662B71CB896F4F38699F17C95DF0EA4DF2A797F62B73D53217
SHA-512:	619372C151396FE7695206B3F162BF427E3225D381B7248F37CF7DF16CB0C9DA64AF5A4C5E747548F6433304EC165CDBB45E2D01BD51457E50CA4FB8D113D2A4
Malicious:	false
Reputation:	unknown
Preview:	VLnk.....?........d...u.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	unknown
Preview:	MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	54
Entropy (8bit):	4.32369838151265
Encrypted:	false
SSDEEP:
MD5:	4E5714CABB1AF70C101D65B9A0DE00D4
SHA1:	9D3F38185CE8C1EA257833F26AF235B1FF4E99FB
SHA-256:	3FCC20ADB132D7F2D935EC5037C159E426B5B732B56C60F7C22A432B532A6B00
SHA-512:	18EA1C13477A65D1EFAF42C5BBA0609B60088CD4CB32C735016A8BA1C0C85F71A07E44DA1D689F8F014E3AF534E849C215EE653A96F176CD60500C45B52F5CC3
Malicious:	false
Reputation:	unknown
Preview:	F>^./................22_11\|360x240\|60........9.4U..$yB

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	unknown
Preview:	MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.172511027749779
Encrypted:	false
SSDEEP:
MD5:	5102336A6501E28406C5126F8EF1F5A7
SHA1:	CDE67D5A4DF9F2F281DB77194D53B2F2F8014130
SHA-256:	307534B80D8346FF1303F5906C363EBCAA01A6B04C077A63A11FD78DB08847C8
SHA-512:	5D0D84BF5BF829E59F9F00BEDCDF88AB1CC4E8088F75055A900C8AAD53C28EE20625FC62C29969F5343CE53199ACB9E99BC0C1140A4A338FFB8328EA85FDF0F5
Malicious:	false
Reputation:	unknown
Preview:	2024/10/02-11:45:57.554 1178 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db since it was missing..2024/10/02-11:45:57.581 1178 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db/MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	126
Entropy (8bit):	3.6123534208443075
Encrypted:	false
SSDEEP:
MD5:	A05963DD9E2C7C3F13C18A9245AD5934
SHA1:	15A87493591860C6C22499DF3A705ACB3CB466BD
SHA-256:	F40B7EF0FE0B676871403B8DD21CE42AF8E482DC8B81F09D93CB2C48CCD112B4
SHA-512:	E67833950A3DB8D4C27FC851C7DF9AEBB85699024F805E98A2951E9E9FC3B606F10EAD23CE0A3B97484A18A9A52520540FB29787178BFEB9FBD8D46D0AA492A2
Malicious:	false
Reputation:	unknown
Preview:	.h.6.................__global... .t...................__global... ..7..................22_......u...................22_.....

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	303
Entropy (8bit):	5.158876454787324
Encrypted:	false
SSDEEP:
MD5:	4EDD21730203035E2FA0883294C5705D
SHA1:	AC1BCDB7DCC155325E30540F4E9D0EDA83C99136
SHA-256:	4F93299ACF26799AD172642F27FB4EB8A827BF0ADBDF18D511E8ED17B265609F
SHA-512:	5567C21F39065CB2ADBAC72A03338D8953C36566338E5DD9BC58FAD3135ABF9904356DBA9B39098CE544FD11680E69B1A594164DB267411B06617E30D1580422
Malicious:	false
Reputation:	unknown
Preview:	2024/10/02-11:45:57.486 1178 Creating DB C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata since it was missing..2024/10/02-11:45:57.517 1178 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata/MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Reputation:	unknown
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	0.08728080750134917
Encrypted:	false
SSDEEP:
MD5:	863BB379B267B2404CB64A3BC9B4A650
SHA1:	139EDCE2C64569B81175543D1DE743EF474F4432
SHA-256:	F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C
SHA-512:	6AFF907DDAFC78AF2186F58D7102A88527BCE5473D72C03607EFC49C56ABAA157191D391A1ED9350CC058E9BB37040C29DBA9E3A668F640DE0100A639F1D2F51
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.28109187076190567
Encrypted:	false
SSDEEP:
MD5:	CF6CF19538B0CAFB4DB12436F05FD38C
SHA1:	649F8CD8B72EFC59C55E8675DF0A46E423584E2B
SHA-256:	815F5F2C9C88DF67CBEAD0CB1ABB997E59E3C0096272449EADB1C344410445B2
SHA-512:	179713020198AE706614B3087EE866DA80A0D134F78BC121296116454272228782BA29D82C6958A0C35D5E6CC5D0E82BD5533DDBD3D97E18EA2E88FF074BF345
Malicious:	false
Reputation:	unknown
Preview:	.... .c......u.y................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.06146477858805117
Encrypted:	false
SSDEEP:
MD5:	FF52F43B9F66CE04CBA3CE69CFD7F166
SHA1:	131475B853FC4885B5654700D06E58E9BC7AF4E7
SHA-256:	8DCF0B418636B3113CB7F009E9E6C5E231516750D8E19CDD7B66A1B2C640BD87
SHA-512:	01F44F46D8CECAB0F63180B13A01BB4008A4F0B04C99469700F073601E0911A920AE46F1FE1892AA7E00E5C90B6EC246C0BF86DFAAA656D335CE909F4021806C
Malicious:	false
Reputation:	unknown
Preview:	..-......................g.F.k..\.I.....9...o....-......................g.F.k..\.I.....9...o..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	119512
Entropy (8bit):	0.9644376407631008
Encrypted:	false
SSDEEP:
MD5:	14D7D2DF204541AFCC79C706840D5B5F
SHA1:	17D273546AF1F3C7F4237629295BFD64FA9EE8CA
SHA-256:	B0CC07EE5AADF14CC6AFBF57CAC460F2D5462A734C43C2432F32CBC69C3841CB
SHA-512:	3B051708810A235B0C0FC0D58508B27AD9B50FD3F2DFB43BAF38977F7C1D3225F2C35A0A65CCF292D2579A3BD108F75E43ED401C3FC3B4283126D9FF419F8135
Malicious:	false
Reputation:	unknown
Preview:	7....-..........\.I.....0.os...........\.I....jR"...%.SQLite format 3......@ ..........................................................................c....................A...}...~...............D....................................................?...S-..indexsqlite_autoindex_pending_requests_1pending_requests..<...++../tabledevice_mappingsdevice_mappings.CREATE TABLE device_mappings ( .device_mapping_id TEXT PRIMARY KEY NOT NULL, .content_item_id TEXT NOT NULL, .content_item_type TEXT NOT NULL, .include_rel_types TEXT DEFAULT NULL, .include_depth INTEGER DEFAULT 0 NOT NULL, .branch TEXT DEFAULT NULL, .device_mapping_created TIMESTAMP DEFAULT (strftime('%s', 'now')) NOT NULL, .collection_id TEXT DEFAULT NULL, .TTL INTEGER DEFAULT 0 NOT NULL, .Priority INTEGER DEFAULT 0 NOT NULL, .app_info TEXT NOT NULL, .unPinned INTEGER DEFAULT 0 NOT NULL, .UNIQUE (content_item_id, branch))=...Q+..indexsqlite_autoindex_device_mappings_2device_mappings.=...Q+..indexsqlite_autoindex_device_mappings

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-10-02.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2420
Entropy (8bit):	5.135097621659396
Encrypted:	false
SSDEEP:
MD5:	2BE612F2287A4E878A78DA48AC4FF38A
SHA1:	EFDFEEEA8893E2E6290A7FEAC5F55521E2A2A4CB
SHA-256:	28BBD3B08FC4C6500EEAB5F561AE0A7192D1A55215D816197461D0C5BFD5D07A
SHA-512:	E78DF5E10362FC16160AA2861800213672CE03AF93BD18B825E41427275A3463CBD146043C4CB8AC981AECF55C4B1462CC08062438B13B7B835332349752E690
Malicious:	false
Reputation:	unknown
Preview:	20241002-114649.429: t=0420: Info: app: Begin Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20241002-114649.429: t=0420: Info: app: End Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20241002-114649.429: t=0a98: Info: AppShell: End start (AppShell.cpp.musync::AppShell::startup.173)..20241002-114649.445: t=0a98: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20241002-114649.445: t=0a98: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20241002-114649.445: t=0a98: Info: Cosylib: getEntityClient (CosyLibImpl.h.cosylib::CosyLibImpl::getEntityClient.166)..20241002-114649.445: t=0a98: Info: ES::cosylib: EntityClientImpl::getRegisteredLoginInfo : (EntityClientImpl.cpp.cosylib::EntityClientImpl::getRegisteredLoginInfo.944)..20241002-114649.445: t=0a98: Info: ES::cosylib: RequestHandle :

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 8, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.36835287347338636
Encrypted:	false
SSDEEP:
MD5:	F391306DD8BAA3198B26D3C80A906E19
SHA1:	6CD1B24D186F1CC68BF9097177DA5676C4A56422
SHA-256:	62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680
SHA-512:	5AD524078462D761F0F01933EBFC3714B44C93296BD4EDAB34B59CB833D1D9334CE830E196D2BD2BDA82837914E91B2B53E848EDC9BD04B7EDCC31D7DFD9DD53
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......2........h...2................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.28499812076190567
Encrypted:	false
SSDEEP:
MD5:	B3DDA0442937F86B2399D376D948C37B
SHA1:	0218ABB261F5F3D790222143AD9D6AC9D99AB479
SHA-256:	6594E6FB7B232FD713129FC6B4109116B4F2047ED01A8A7EB6B6F1A48FA35E4C
SHA-512:	4BF9FEA2BCE7E3ABD93175ABF83BB40A3BDCD5416CC82786F212CEEE1966DB8CA8418A1BF9AAC4EC6E358A7A61B6AF78B8171316482B633D7E9BDCBD8537A24F
Malicious:	false
Reputation:	unknown
Preview:	.... .c.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002154453Z-427.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.7558660031022084
Encrypted:	false
SSDEEP:
MD5:	A24CC78FBFC61CBF828A276818D75870
SHA1:	57D36FD183DFAF9E648E75C79780DDCCA0695C0E
SHA-256:	96609433E493A48692542CAE356AF1FF782B33FF11CE18BE926DF5933E7700D3
SHA-512:	DB7CC9737B7728BE83C6F2C0EB3528640C4783F93D1FC9A8BB8334A076145D32A82F26B9E412B24B439BE5B477DEBD92F9901D363AE1B351EFAB183475FC2F89
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 13, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.444928811590567
Encrypted:	false
SSDEEP:
MD5:	406A1F34899287A2C2D086730CF9EFA4
SHA1:	7C7CFE70E8CDFD982A825C3E4A50314EEE61050C
SHA-256:	866B205CBD4821CA5BE077896328F0E9E905BC11367986771002E48B79C83EF5
SHA-512:	B93D8414D3223868C0F636C14B0FF1B6249BF533AB2258D011BE9D317C218B62D93FAC11AB8B744D5DDF6FA7A9ED6C71F041A0B67D329F695E35D565D8477D34
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.2112907360115464
Encrypted:	false
SSDEEP:
MD5:	65427806F64AB75F38DFAD1DB78FD3C0
SHA1:	91425E27981C61F82D343F4E7C5F903F08BA82BA
SHA-256:	8B2EE1BDC679BEFB5C87EE5C7F91DDC986782967D21E373B6BD2D76607F49D11
SHA-512:	06D73072794538432F405F02A86E4CD2CE2FE1464F29465C6B96BBC3D0FDE1C8807074CAC84A23DA95B8C3AFC308499B39DEA21062AC39FE03066D829E42F33D
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....)g.u........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 23, cookie 0x11, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	0.9951370817377893
Encrypted:	false
SSDEEP:
MD5:	DCD066A1C8CA38D94ACA4E5DF6CA20BF
SHA1:	0C670E7CB31FE1CFD952082C3629AD8861BFD799
SHA-256:	E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E
SHA-512:	C07D385DB9B836F106E1951FDCD911D7FFF44AAE6EE7406CA665B211236E8ABE3395789E10200644343779983E9AD7B5E484B3B1567CA6EAB890A88E4FF9500B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c......................7...4.....d...k.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z...-%.qindexdependencies_diddependencies.CREATE INDEX dependencies_did o

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.28109187076190567
Encrypted:	false
SSDEEP:
MD5:	4A3A5BA44A162E5AEAE74829B31453B3
SHA1:	49C1AA3AFBD0B589C62F3663C26BDFA4511D69FA
SHA-256:	72D14B9291550C330BC39B466BEB57D943D7D9366BE85D7F5A064B5F0F72A25E
SHA-512:	B5D1F53E9D9460CBA98C606043E6635A6F8F03A8E596CC914434CCA0BB484D94772492D1F6C61AFE8197D931B804A99F5FD2C9D9FAAFC82A24D404FA478061B0
Malicious:	false
Reputation:	unknown
Preview:	.... .c...... .f................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	unknown
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.746484906506307
Encrypted:	false
SSDEEP:
MD5:	CDF4A18CAE7FA9302955BD6E684EC8AA
SHA1:	91B99FC6EE64DDF1748E5C38A352C3F37B6D718C
SHA-256:	0B8F842537D370BF806771D589579D9AED13FFE6910D152759A2132B622511B5
SHA-512:	2BB5FBE73692F7C89909AC4C2A9DADBD94CE8CECD26ED50C74175993335CE4F7F4C5F95E6E1AC02CC7E8404CF25334F7CEA01427FBF8331B83721D83BB614E06
Malicious:	false
Reputation:	unknown
Preview:	p...... .........\|......(....................................................... ..........W....e...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.1224298822818697
Encrypted:	false
SSDEEP:
MD5:	987EB07A7408223213C27B14B252D929
SHA1:	0411469A5DCABE0A88FB2DC45B09976D09F224DB
SHA-256:	9102B364764B71C0F0B6FC64C86E4CCA7251D3093146F0023B5CF602B1212B5C
SHA-512:	83C4A72FE52473E679288BC9708C4546CBCDEAE605194EE24A2629D53B9E0E7749F89B1C56EF91CE54A10DC9B2ADE2F4E122D17380597BC1D9677398C00932EC
Malicious:	false
Reputation:	unknown
Preview:	p...... .........m......(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2824

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.3837996153025385
Encrypted:	false
SSDEEP:
MD5:	3AB2595A56535F43694A84FB93A5CC66
SHA1:	B8FB6F13CCB5B1B48109144224A62023C67BA12A
SHA-256:	7971330A5C7AB2D0230E6DCDCF5268DB8873F1C00663E86F87E11F60E198A063
SHA-512:	2587F55BEBDBD7A1AAC7565E70D154F6F2DB580E954370CCB0C386835AD2340DE6DDABCB44660F72590FD32B6F5DB26B9AFEC19462B7590AB27EBAF38F8B73D5
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.331036469395363
Encrypted:	false
SSDEEP:
MD5:	ED45A0F5DF185CD2FC36EB171C1D7F08
SHA1:	315DB48E1AC056FED34B472CA84D4AB51A867C61
SHA-256:	A2AA87EAD31453DD9A8869B0F770CDD5CA0E256BF08ABC8A8DFDB58FDEBC9485
SHA-512:	81145C00A967C365B18C1150F7EE6921524BDC73D8D322050F6081DA9F8EA73C8E19607A7CFA2FFE77A609AB92EE9FEC0E6B00AE79E73E7A60871540D4626F3C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3092959647531695
Encrypted:	false
SSDEEP:
MD5:	764F36A34A94D51620CD310D25DA2895
SHA1:	8C5D05C32D0F43CEBDF3033A69C27C84D3A84530
SHA-256:	1E4B881CB453F2DCD84E85A2D06060289CB9269DA0DD190FD68CF2DEE0288F46
SHA-512:	2C74F864CE35D2A7604F134EF7076ADB3911E81F03EBDB3BCE6FA333B74EC8DCA62FC2B361ACD80300A93E201C05ACB84DEBBB5EE450BC24E9D0BC9AEF18ED86
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.370613159732194
Encrypted:	false
SSDEEP:
MD5:	269CB3127BF8AD5FCD15B9DDA0579C2F
SHA1:	C658E058E8E238E7DE95E02703E4FB422209DFBD
SHA-256:	5AC9157EE4772AF22D1C435E5529C069C5EA2F4A2B3A2B17CFE353A8FA6D4A4F
SHA-512:	2D708EAD5892EEA706DC1240CFE28C828A22677558619B4BFE493C55E7EF7308E10C6BB73C197E68C6386423DA55E688A7644CEA9EADFF6B65977917EE5B0BF0
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.674317804577162
Encrypted:	false
SSDEEP:
MD5:	5CC3F7DC1F83CEBF87205F6D00BDAB75
SHA1:	BAC5BDE732505252A9F3273ADBF98099CA508905
SHA-256:	AD076FCA948EE7185D3C6960DA7687DD26D9D85AB83B3BBF6B81D16D7D087786
SHA-512:	C4250638BE2500E1BA0A51D05F997EF4A29D0ED4CAE282F8061CA97E92765A62BD545DFAFC39B997F44C085B161507A008E92E250D641F4F3E97EF6427D03D4A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.662017227035596
Encrypted:	false
SSDEEP:
MD5:	AB88B0D6068FD948DCD88F48657CF4E2
SHA1:	712A9C317E0AE3DCCE01AC6503F2D8F49EFD78CF
SHA-256:	C3AF6DF286324BFC163EDB27B166D5123196DCC76BF7AFDC2973CDDB8A80F0EB
SHA-512:	8B284CB4ADB2C3F3EF61B892FA2ADA312437DA31951596948E3099A891BE502E245145E72B555B08D978BDA56B7462C5E2E838CD388AC8A0FC31830EA9ABA296
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.323226581673733
Encrypted:	false
SSDEEP:
MD5:	CA414C9905EA8AE07E2F62BB3B072F5E
SHA1:	FE7394CEA005786823638C45FDD93244EC8EF7DB
SHA-256:	FBAE642DECE158B539E6D4DF4C167F41DB112E35EB760D2734728333AF92A752
SHA-512:	01A5489CD6D57E25B0F6D6F7247FA56D3FC67DD7631125C06FB90D208EDA3F006AA9D8D10FDBAD23D9D2AA3EF10D1E4A7F5DD2990ABD29D99062AACF57CB5184
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.658425471470462
Encrypted:	false
SSDEEP:
MD5:	38BB1FF1CF01144F42342F10D6146F3A
SHA1:	AAF391D2CA3D7EDE8BB9196CEAF4DC8289B8A066
SHA-256:	0C7796E0A30D2A57F41EF5063BACCF0FA2C35F0F7D4A1526F45179E4E1A120CF
SHA-512:	9BA2D3E8886BAC4F32C3166D3BE27B92BA885602358223A8870A8769453D38FD79FBA6FE6D4955CF8E31DB4273A4C3522A66CE026F7FCA3E02C365E84BA67E01
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.705067830259659
Encrypted:	false
SSDEEP:
MD5:	39C611710572F2A1A663DC7B3FFFC372
SHA1:	B47BF502EABF74C1DF67C075FD10D12CA6DCDBEF
SHA-256:	465FCE3515A804CFB6FC8F34BAFCDC031AE92427BDD345267ED1D48FEA935A0D
SHA-512:	7BD1371BBD508EBDB0D214DC9B1435CCE2FE585BEC6E3247742E3A3800421290254EF014E865061A29A81C29D1C8DA172EA1FE9AA5B668C9249023AE60933859
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3297127082837825
Encrypted:	false
SSDEEP:
MD5:	0275D6DA6C07BAB698D2EBBE046C07C9
SHA1:	F8579ED939D111F3F0EFEBC203D1C5AAC1E3AEC6
SHA-256:	E19D3E3EB48F4CFC0636CEAFD98DEBFE0CA0871D18BCFDB103ADB4321D1228CE
SHA-512:	98470F44EE568EBA592536E922E986CF04EB7227EFEC294EA9DA637DEFEE06555E1E5ADADED0B74217E7C8E2AA3F0BB275C0DC81FA8DFB5DBA22C6268B9A75DC
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.780700824954139
Encrypted:	false
SSDEEP:
MD5:	325DE634F41019A2CF5AE0983AE0CDD5
SHA1:	3B3B88D136FC92F52EB1F050237D32FF0EA91357
SHA-256:	FC142210F99DD604D91CB4F1FAB937695C1D47B239A351670252459130CC7B67
SHA-512:	91D9DFB0DDF6A53197A18A5CA0C18710F831E008B48759A3081FC18CF69FA246BC055002FC3E76536F8CECFC233F3776E83EDF476E3E61D36D3EAB2BC1A9015A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.3130555949041485
Encrypted:	false
SSDEEP:
MD5:	944F4166948D02DCD462D60980195FA3
SHA1:	23960E678BF378CEE3AAE2B80F7D2B5C966CD742
SHA-256:	4CF81FD3B1B8D4711DE4856801C02D5F14A38C13D377D2D99D138D45682912A2
SHA-512:	703F8E46A423083F3E478AFEEA294CCF6A166864E540ED29D979D71A72E8E34FB338F4AFFE0DCE67DD2F31EE588977C2A13250C8001EF0B4FEE9095027EDF97C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.314825701830492
Encrypted:	false
SSDEEP:
MD5:	B0AC3940C4C003BE24AD046005745295
SHA1:	8D865F62D5F5FED1344F4B5232FB647A36200858
SHA-256:	5A9FC14E6A7E0D918BE83E08E292EA79681CBFA3F2EE75FF940B8F248EC9D4CC
SHA-512:	4E77815472359586DF632793CBBA85366040CCED2C48E1DA2D52B45624FC99958385516FDF37588C4F73C7FF90675132BA18F05C82D030EB25D36BA89FB9100A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.665042436967076
Encrypted:	false
SSDEEP:
MD5:	C2822D02E39ACF652B6E7EF30708F62D
SHA1:	7B4F4DB4AFD034DAB3283BDDF386E2F47E0EBC13
SHA-256:	6085CB4D1613A648C8650FBCEA7E0CE754B8AC596344DEC2E23FDDC4EE324740
SHA-512:	0479B4C5029D8CD5A73448FA3DBB72F0774950360E763ADD63ECCF9608F496D00478F11FB3AA1063E14BF0B7A27578648724C2EC9CB388D64240E6BAD770764A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.2915944429820225
Encrypted:	false
SSDEEP:
MD5:	93604683E8910989F9D06FF92197D730
SHA1:	E8E9A62699F7FDE69D306724FCE23C1BE3F470B8
SHA-256:	BE6D783EDCEA46D16C2C900A6DBAF04DC2DDFE611679D9DC9BE6BF1DE36FE950
SHA-512:	BDADB5EF1E7F57D27DA53A3B0F05899F60B0039DF13EEECC885729FD99C96D93BF126E34A65531FF4CB5E25BC2D3A07FCCA2D4FE40CEA72AAD4D5C212B0C20DD
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.37877091794164
Encrypted:	false
SSDEEP:
MD5:	CE67CD187915AABB731844B5D3CA7D28
SHA1:	7768EF969055B686508F1D4F7A72DDC6971BE0B1
SHA-256:	7F64F61C6EA77DDF5B10AF383323C158FE5EDFB7183F14176ABD09DBE42DCA37
SHA-512:	9C4A4FAC1C80A5C4BCC3CC93D91EA722119AA9FE935C8BDB35FDD9B6D311AF5B6765011A9C4C60FDF26140F15FDD5B135C9F1F71FC785A71EE4C2897C8A79005
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"8b0bf9b4-cfa7-4193-91f3-96c8e58d0648","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1728058315315,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727883895345}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.134369963052342
Encrypted:	false
SSDEEP:
MD5:	BBFFA12A00F1A118CD88E05D718EFED2
SHA1:	78DBC11C3933D92B8E3A4A15A4C3AD9D4B40BA81
SHA-256:	2A0DACC6E0251918487A527133EB8E1F95D363D8AC7427F0E509A21DEFF9F34A
SHA-512:	D6A100029C8A37FD3D827C9CA141ABA31D0DEEF5F57AF82B050BBEE27B3D88D9108E7AD7F63AD43396B2171D3784201B686D268D6F0A92B2FB78E3991EE08441
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ede46cee585aeba1b833efc06967ea82","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727883895000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"0d8940819ef761c872f905fddb530846","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727883895000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"6c0d340312c1af03a4f69d5944e8898d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727883895000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"3ab2c8274607f4f460ecbf7c770b6e5e","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727883895000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"f298e23ad4a6364a8f205530ff3f4319","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727883895000},{"id":"Edit_InApp_Aug2020","info":{"dg":"6255f93bcbf8f9fe73f4a6b9d8e91cb2","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.3574982542901968
Encrypted:	false
SSDEEP:
MD5:	9BA7A8CEBAC50881F9F1566CA95DBA91
SHA1:	EBC3432083086EC05B2BC89A76BF66015AA8E0D1
SHA-256:	517A14CA4065057F3D0D227ECDD49D8C2A3F0BA3F7116573CE29CB70C5286E69
SHA-512:	899911F4FACFA4EEA2E4CFF109B3519DBC5156A6457ED618E3775DC3C9A3A1008C36ABF015070C4E1776B007BBB07FB8C52259C004A717B053FCBD37B8115711
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.831940188283579
Encrypted:	false
SSDEEP:
MD5:	6B1218FF4C6EEDCB7FCF086E3FE245D4
SHA1:	B59806310B17A5D7504D14A8437801262176077A
SHA-256:	1110826F191989BA4B833AB32478DF3B73DF99B549674403BD0369F29C8FC4B7
SHA-512:	6EDA22CE5010D44EF772FBBB08F9E01A12A617717D1A773B58CEC5CF6628845E264ED1A590F4C206FC2507630590CFFEBFF1280772542B0175E50F4C7B5804C5
Malicious:	false
Reputation:	unknown
Preview:	.... .c......;K......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI518bc.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5004142083842487
Encrypted:	false
SSDEEP:
MD5:	6A9FDA47D33828BC3ADE74C2C040ECBD
SHA1:	13DB4EA3454FE83FB5CB0B0F9E839B8A0C738CDE
SHA-256:	2CFAAE84812657DC1C13BAE81EC9216428E14BCC828AA179332A16C95D8310C4
SHA-512:	D7BA154E29DA8594F12E42C04BC0CC7445B5A483C174398951791BD4589FA78F7AB95EEF90CBB2C2ED79DBBF982D0B41626E59C1472319F7A6EF984CE1BA8504
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.2./.1.0./.2.0.2.4. . .1.1.:.4.5.:.1.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91f6i5kk_159499w_26g.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Reputation:	unknown
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-02 11-44-43-479.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.359827924713262
Encrypted:	false
SSDEEP:
MD5:	06DEAEDB81D09FD8FB5FF668D8E09CB2
SHA1:	28A02BCBD5975117B97A08AFB049F2C94F334726
SHA-256:	D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
SHA-512:	948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
Malicious:	false
Reputation:	unknown
Preview:	SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (392), with CRLF line terminators
Category:	dropped
Size (bytes):	15089
Entropy (8bit):	5.3850051343182015
Encrypted:	false
SSDEEP:
MD5:	BAAA097A78B7D695A0CE7DB57324C9C5
SHA1:	8D7323649C8957B506B6B7F61C8E142518F5B121
SHA-256:	EC63CDF3A75910E5BDC06328883D3024A8139B9816E82A5AAF6444C4B43F5F57
SHA-512:	5B2762AB5F9C22CBC25C2E9C6F4EFC39A3D457EB11388153983CFC593069BA75F8D88C65F4587B0DAD309404640808A382EA6B9C8B8582F34FD158BF103B1D65
Malicious:	false
Reputation:	unknown
Preview:	SessionID=f72919b5-686f-49f1-be80-52f15236569d.1727883883499 Timestamp=2024-10-02T11:44:43:499-0400 ThreadID=6172 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=f72919b5-686f-49f1-be80-52f15236569d.1727883883499 Timestamp=2024-10-02T11:44:43:502-0400 ThreadID=6172 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=f72919b5-686f-49f1-be80-52f15236569d.1727883883499 Timestamp=2024-10-02T11:44:43:502-0400 ThreadID=6172 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=f72919b5-686f-49f1-be80-52f15236569d.1727883883499 Timestamp=2024-10-02T11:44:43:502-0400 ThreadID=6172 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=f72919b5-686f-49f1-be80-52f15236569d.1727883883499 Timestamp=2024-10-02T11:44:43:505-0400 ThreadID=6172 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35721
Entropy (8bit):	5.417887147453702
Encrypted:	false
SSDEEP:
MD5:	4186E5BC91A80E3E50CCF680F7DC4880
SHA1:	337E960122B88697897EECC714D8D30C2A79B49A
SHA-256:	167F2473EC94929FCE286599ECED12046A71A95821B09047781D0ECE54CD1E37
SHA-512:	6D496464B742D86A47ACB9056F9476FDE952BA8B9832E535BEE318BD68BFACC3552B05545C2EC907DDDCC846F3F4E9C21BB42ECB631B813CE70B471942F44172
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\3af49705-d360-47d9-b1b1-cb4d82805c98.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 37968
Category:	dropped
Size (bytes):	303847
Entropy (8bit):	7.977343682139445
Encrypted:	false
SSDEEP:
MD5:	6EBF730982F4EE546227EB59BEF4B58A
SHA1:	7BAC2D7BB2CA2065521FBAB3565BAB088D335CE5
SHA-256:	CFFC432047F639682F764D701156F076C40FB8F824207463FE5230196543446B
SHA-512:	562C849B4B648FB5CC0678DC9BF1334FC55D2EDA2DEAD1A75955C45956DD50AE8E9A1156ADA2FEDD3379E33EECEF84EEFF9315D8E76D11DFCEF8495A76FCBD48
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\6f039ebf-fc37-4168-aaa2-0544f18c5ad1.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	408F8BA5ED5014C1E10FA19D75C944A6
SHA1:	87595F69D692B4D785AAFAD71394426879C7980F
SHA-256:	FFFE47EBC7E157F63F4BE40AC0B2DCD73A5DCDF57B9D03FEA3EB99212A7EC16F
SHA-512:	01B286CA276C6B4302AC6ABA30466CE2048F6AC7FA5ACD7DCA375541C91339CEE94377B783A3A7710D10C315CA062CAE79DD2A073406D1C3C76AC4787DA5A793
Malicious:	false
Reputation:	unknown
Preview:	...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.\|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..\|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...\|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U\|}../xS}.q..B\|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

C:\Users\user\AppData\Local\Temp\acrocef_low\994d0624-4358-42f3-996f-09932e3343b4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\bd4d7559-eecd-4b1e-8ce9-498a0b380d2f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\bfcd1a22-bd2e-40fd-8dd9-284e9ad60c3d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	D2D247B52923558A375F88902D534C0D
SHA1:	EA4CAEA24736763CEC24D676DE98B1372010C2F7
SHA-256:	24C3481DC96B4EF9B5A97934BEDF56ABE62BF7A163CFF99370A6B57BDF0B1BA0
SHA-512:	BA095487F17CE39B7D3D61DD27B0839F3534FA5388153DB6FCE0DB7D82818D13916F497EF218556A55012CFE1489F1889E45324737A062425ADB32C837C230AF
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:46:09 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9983364276892503
Encrypted:	false
SSDEEP:
MD5:	A119CB9E84382B3E396B57D82B6CFE38
SHA1:	A4ECA2F2611963AD573A90C5DE1DCAE0C4A93BD4
SHA-256:	B9BD630E22FF621C6E63F298DEEA6AAB9557013B0CECFD3E6ED4E5A28F14023A
SHA-512:	2B23D28F3A543FCFA47B585A7129EE9A1EB1B891EADD839879F8EB76DBFC48C981FC1A716F1D2066183900400CFC4E2B52FD8B70246A6859A8D1FC70D68E3F0C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......3........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IBY\|}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VBY.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VBY.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VBY.}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Uw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:46:08 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.012918370418497
Encrypted:	false
SSDEEP:
MD5:	5D62DFD3CAB7C6F8216531F24FA61096
SHA1:	39CAE6470C80CB4BEAC5FA619412BCDF3EFDB785
SHA-256:	97408EA84296F881A520BF6045262EA02FBC2D4A9B08AF86720A574D0278B77D
SHA-512:	BA29F3E2842CC2034D14BB0A9EB52CAE475668829E91409D55C9A6C1E57B661798C4BEC1EECB0553E9B7DB0118CF3928B370A48874456E5A5804D7DE911F7373
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....n..3........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IBY\|}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VBY.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VBY.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VBY.}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Uw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.022295991281311
Encrypted:	false
SSDEEP:
MD5:	19149615F836CE80B6DEFF9401315166
SHA1:	8655DBD46193CD0179750F5DD4BD63F7019F0674
SHA-256:	9BF092EF95020F82C6264F7147B27F34D10C9632810E460BAF99B3ED5E2BE915
SHA-512:	E6DA0028B7A433609DBEEABA16264086574A9B83765127546B775457868DDDEA1AB6C84D96238443F59BDFE4B417C32EAE191F3F02872B6B91F44BFC94DE6FE2
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IBY\|}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VBY.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VBY.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Uw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:46:08 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.0124404521383275
Encrypted:	false
SSDEEP:
MD5:	7991C8719EBE80C867CEA76790B5B0C2
SHA1:	589AAC687EE6CAEE8C92CCB6850C128F5AA7F7DE
SHA-256:	33A6BB96175A7439D39A2684F0CF1CEF4A094A9F2C43FD15E2AF99ACE29748D2
SHA-512:	F8C6FCB7A56B8C699232411AABED5BBDE808131705FB716F2C4D714494B9D4142520550B1A2EBEFF4CC8F8FF94FAB2E6B717F171BB26C91A4D05AC4C9B8BA130
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.......3........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IBY\|}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VBY.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VBY.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VBY.}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Uw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:46:08 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9990133603919116
Encrypted:	false
SSDEEP:
MD5:	19BFB6E43832A5FCECB7A92C827120A5
SHA1:	C5C2724D879232FAD29F52D8FD354525877044C0
SHA-256:	002F7543AB68F90AC509F09AB9E758C56CA1D7271A2E0EE1802B61F4AEBA37A5
SHA-512:	381CA3FFE211C827510B60A03118D2CABFA3CB7BF30224A253615F9A403A260929DC3F6B78A1F9D08B13F6327C09588990E69F3616521D21E2AE2109BA5CD72F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....i..3........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IBY\|}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VBY.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VBY.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VBY.}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Uw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 2 14:46:08 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.01172497886034
Encrypted:	false
SSDEEP:
MD5:	284B3D0141C739B68BC34C06A40BEB4D
SHA1:	3731B9E7E6EA34575FB1F8ED98E6801B772B68FE
SHA-256:	59AA8960CCD287B5FA2BC2813D47C1B2F36E7EC1FCB3129926903A1C010D840D
SHA-512:	BBA51B66CF6170C06EF7B561C175EB28C2B69D930591E13B2566388A3CEB44DCBE3C36E93AAB3F37ACB6AFAD5BBEA63642A4A4718F81581CF25B7C6BE0256D49
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....@.2........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IBY\|}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VBY.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VBY.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VBY.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VBY.}...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............Uw.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

General

File type:	PDF document, version 1.7, 1 pages
Entropy (8bit):	7.870429229637889
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf
File size:	38'802 bytes
MD5:	61b61a032a0cfb3b4d57ac7103bcb64b
SHA1:	41cd2232903e82417ae320baedb05e2ef1814973
SHA256:	da5cbe2f356e8958900f666fc4dd72eb8a4cc060b8ba196c6e35b8dced3fa449
SHA512:	bd72dfc65b39fd525d9a2d9a755174aea889f8cc0e37651602500417576b3ced69d797b6c998621533328f89c85eeb85a6afba4d7b6604e17b4d35ac8b0aa6ce
SSDEEP:	768:r0Wjjqf1uuo5mH4ZPnM6gg7YK4kHlf4c4c9xSCq0HLN5Fi0WBCjjd86KbOvh8k/j:rVOfq5mINhPHFz9xVXN5FSK0M
TLSH:	7403AF31E5CD8C9DFD1BC217947E3B051EECB25757C828E240BD85A8F194C81EA7A16B
File Content Preview:	%PDF-1.7.%.........2 0 obj.<</Length 3 0 R/Filter/FlateDecode>>.stream.x..VMo.@...W......~y-E....@.P....P.-A........u.4iZ.BU....}.f.9T..Q........[....7...d...e]...<...7..UAXE_QH.....eq.G.....B.../._S^e.;..e...x^t@7.//...........d........Jkb`<.m.....7....g

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.870429
Total Bytes:	38802
Stream Entropy:	7.970055
Stream Bytes:	32830
Entropy outside Streams:	5.154626
Bytes outside Streams:	5972
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	37
endobj	37
stream	7
endstream	7
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	1
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
15	4d4b5d7549290965	7da0b63a960b36f730a91b5e70663eef
7	40b2716969697000	fc837812f869b8d3d358bde2b08f3198

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\587bc1f9-5ee3-4271-84cf-92e41d98664b.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF65b77d.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a5b3a7b4-f141-4237-bf56-a5dab0e7f292.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000001.dbtmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\CURRENT (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-10-02.log

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241002154453Z-427.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2824

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Windows Analysis Report
Fedex Scan Y;29tbWl)zc2;lvb,mlu,Z0B)2c290L)mFl;177-signed.pdf