Edit tour

Windows Analysis Report
Pay Stub .pdf

Overview

General Information

Sample name:	Pay Stub .pdf
Analysis ID:	1528308
MD5:	9abafe3432608a88c8786540512f9696
SHA1:	d9192ddd916d2b3a09eece3498c86eac5e3d3125
SHA256:	c9f6afa2a0221680f98c6893e48c45701d6e80a100a05179fb8a6a9ccbad382e

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 528 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Pay Stub .pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6920 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6560 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2056 --field-trial-handle=1568,i,12771086922530842713,2068329658079769137,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443

Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 192.168.2.16:49717 -> 52.202.204.11:443
Source: global traffic	TCP traffic: 52.202.204.11:443 -> 192.168.2.16:49717
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.16:49718
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 192.168.2.16:49718 -> 23.203.104.175:443
Source: global traffic	TCP traffic: 23.203.104.175:443 -> 192.168.2.16:49718

Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	TCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: classification engine

Classification label: clean1.winPDF@20/39@1/16

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6984

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 13-08-24-439.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Pay Stub .pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2056 --field-trial-handle=1568,i,12771086922530842713,2068329658079769137,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 7BC9975AAC5B89F538735CFBEA8992A0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2056 --field-trial-handle=1568,i,12771086922530842713,2068329658079769137,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Pay Stub .pdf	Initial sample: PDF keyword /JS count = 0
Source: Pay Stub .pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Pay Stub .pdf

Initial sample: PDF keyword stream count = 21

Source: Pay Stub .pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
windowsupdatebg.s.llnwi.net	87.248.204.0	true	false		unknown
x1.i.lencr.org	unknown	unknown	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
2.23.197.184	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
52.202.204.11	unknown	United States	14618	AMAZON-AESUS	false
54.144.73.197	unknown	United States	14618	AMAZON-AESUS	false
184.28.88.176	unknown	United States	16625	AKAMAI-ASUS	false
23.203.104.175	unknown	United States	16625	AKAMAI-ASUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
87.248.204.0	windowsupdatebg.s.llnwi.net	United Kingdom	22822	LLNWUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528308
Start date and time:	2024-10-07 19:07:51 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Pay Stub .pdf
Detection:	CLEAN
Classification:	clean1.winPDF@20/39@1/16
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 2.23.197.184, 54.144.73.197, 34.193.227.236, 107.22.247.231, 18.207.85.246, 13.85.23.206, 87.248.204.0
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, glb.cws.prod.dcat.dsp.trafficmanager.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
VT rate limit hit for: Pay Stub .pdf

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai	{ "brand":["Capstone Logistics"], "contains_trigger_text":false, "trigger_text":"", "prominent_button_name":"unknown", "text_input_field_labels":"unknown", "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "text":"CAPSTONE LOGISTICS LLC 30 TECHNOLOGY PARKWAY, STE. 200 PEACHTREE CORNERS, GA 30092 770-414-1929 Filing Status: Single/Married filing separately Exemptions/Allowances: Federal: Standard Withholding Table Social Security Number: XXX-XX-8244 Earnings Training Pay rate hours this period Gross Pay $64.00 Deductions Statutory Social Security Tax -3.97 Medicare Tax -0.93 CA SDI Tax -0.70 Net Pay $58.40 Checking -58.40 Net Check $0.00 Your federal taxable wages this period are $64.00 Period Beginning: 09/22/2024 Period Ending: 09/28/2024 Pay Date: 10/04/2024 Khristopher Estep 1825 El Monte Ave Apt 19 Sacramento CA 95815 Other Benefits and Information Found Reg Rate 16.00 Pto Rate 16.00 Total Hrs Wrkd 4.00 Total Hrs Wrkd 4.00 Total Reg Hrs 4.00 Additional Tax Withholding Information Taxable Marital Status: CA: Single Exemptions/Allowances: CA: 0 Advice number: 0000401006 Pay date: 10/04/2024 Deposited to the account of Khristopher Estep xxx7560 account number transit ABA amount $58.40", "has_visible_qrcode":false}

Input

Output

URL: PDF document Model: jbxai

{
"brand":["Capstone Logistics"],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"CAPSTONE LOGISTICS LLC 30 TECHNOLOGY PARKWAY,
 STE. 200 PEACHTREE CORNERS,
 GA 30092 770-414-1929 Filing Status: Single/Married filing separately Exemptions/Allowances: Federal: Standard Withholding Table Social Security Number: XXX-XX-8244 Earnings Training Pay rate hours this period Gross Pay $64.00 Deductions Statutory Social Security Tax -3.97 Medicare Tax -0.93 CA SDI Tax -0.70 Net Pay $58.40 Checking -58.40 Net Check $0.00 Your federal taxable wages this period are $64.00 Period Beginning: 09/22/2024 Period Ending: 09/28/2024 Pay Date: 10/04/2024 Khristopher Estep 1825 El Monte Ave Apt 19 Sacramento CA 95815 Other Benefits and Information Found Reg Rate 16.00 Pto Rate 16.00 Total Hrs Wrkd 4.00 Total Hrs Wrkd 4.00 Total Reg Hrs 4.00 Additional Tax Withholding Information Taxable Marital Status: CA: Single Exemptions/Allowances: CA: 0 Advice number: 0000401006 Pay date: 10/04/2024 Deposited to the account of Khristopher Estep xxx7560 account number transit ABA amount $58.40",
"has_visible_qrcode":false}

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.183456616518066
Encrypted:	false
SSDEEP:
MD5:	54BEF284D0AB6A8D1039C88FECBAC81A
SHA1:	35697A9CA3F83D3A0DD8F79B598566774D55692B
SHA-256:	F96F06E639D743DACDC950B28253DDD65E9ADBA4D4E82C6C0792623A788ADAD2
SHA-512:	A9C3DFC397F7749647739ED83EE6679279A87127E97AC5806E14E850C782CBE74695D4DF0B4ABACABF71498DAE40CE5D83148F3218EAD11C5D8FBC778288A4DB
Malicious:	false
Reputation:	unknown
Preview:	2024/10/07-13:08:24.773 1780 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-13:08:24.775 1780 Recovering log #3.2024/10/07-13:08:24.776 1780 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.156708411466549
Encrypted:	false
SSDEEP:
MD5:	CD3BD24E1D3FAD41179411D74AED32B0
SHA1:	8E1BDF26DF31ADAB028B96839440F092F6682320
SHA-256:	CAF9905DB5064CA02434F5729C6F3CB7FC0BCDFCB56D553159AFE78377373AD8
SHA-512:	4C1A948E644F9C6C4D8D6D84C3BB43C2CABAB2526A3EA78438B5DCC6705AF4FEE92A449D039E34F9DD134CEE76F621F21A8884C2409901F18A752CA9F8679518
Malicious:	false
Reputation:	unknown
Preview:	2024/10/07-13:08:23.199 197c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-13:08:23.219 197c Recovering log #3.2024/10/07-13:08:23.220 197c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.231398463410712
Encrypted:	false
SSDEEP:
MD5:	CB9CF2DB78F2EC83B1955935579C0106
SHA1:	709441C35FC1DC2E27A6DB55988ABB0629355985
SHA-256:	574BA2616F3120338DFD2DE4371D923919E3E5D839E68B2266A27767D1C2ADC4
SHA-512:	A1FADFABF8FF644485DCF425E5013888686280726E2C18A4BA00C402A01078699C5387BC8DCD9F5EEFD743D88BDDBFCEEEFAAE40E3965F02855863E79AB4F5C5
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.209590046230691
Encrypted:	false
SSDEEP:
MD5:	0B1E37C3F82B13EAF2F81531AC31071B
SHA1:	E3D125A9C3847C2BBFC7B3E33D00BBBEC26016E6
SHA-256:	7CED27844EC4C80B8B4A252B6C51D1977D15F289EE9F5E2722100830860383BE
SHA-512:	59A221C7A27B57A6F3B20C05E53A72A347F0E8472CC5C4351218EB137A6119547BE3A04DD065B75C2C78F222CDB6ED80691B80448DA869E480374BE1282A607E
Malicious:	false
Reputation:	unknown
Preview:	2024/10/07-13:08:25.049 197c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-13:08:25.051 197c Recovering log #3.2024/10/07-13:08:25.068 197c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007170827Z-207.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.5082909201603543
Encrypted:	false
SSDEEP:
MD5:	54C738F7F0A84969BF04F13DDD0E9A06
SHA1:	0919BB4572DEFF946F3A5739F21DC759AE275B4E
SHA-256:	9F68421D216467466167EC80EBE52C44A1465288D841CD53CBF8D586D53E57AE
SHA-512:	AB513E2344F1541B7B355E9E7E4208F0FAFA87C57AF0B999BA8E6F6A8B054971E3A279B91BBF66076D2450BDE3808581C860176FB7DE630187E1BDB84FA8704C
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.216029127506309
Encrypted:	false
SSDEEP:
MD5:	9FFBE4B7A7D2396A7225F26A7F3AA4B1
SHA1:	D5EA6367DAD5C38FE5739CB31D0167039F327A3E
SHA-256:	DFC338354206AD15923FFD66AB0FD8166CFEAC5BC4A0B0F1925EF2BB5D4C2CE7
SHA-512:	86C85852E2E9823CC4758722C22CF186A85B7E1BBD80A5061629FDF47C13E5025BAFBF7E32624FE5D306C8CEB11F2925D0D73CBF050FFC9DAC2DB6B2E6AA0912
Malicious:	false
Reputation:	unknown
Preview:	.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	unknown
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7569015731729736
Encrypted:	false
SSDEEP:
MD5:	66A74723957B6BF3BD9939ABED3CFDF3
SHA1:	DC4F8CBC53221B26E23822112B9993C051387ECC
SHA-256:	263CA4C183E8DBFAE16862F2C77841E0FC933E5E2E2597085565286E9D2F6EA1
SHA-512:	6203454A8F7F16BB35C34C36F5DB7ADCD75D6D6DDB6AC239586AF8DB36D1AEE8FA26CB785210C9B8D1EC13C5A7862CFEAF71946DBD036B9A54120D02B074867D
Malicious:	false
Reputation:	unknown
Preview:	p...... ........9.......(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	290
Entropy (8bit):	2.977525407934455
Encrypted:	false
SSDEEP:
MD5:	EDEF2BEF86B468B8B584543F4399661A
SHA1:	933A5341E438BF858ABA09CC739C36924C951B99
SHA-256:	3510A0D67059F0F486E48136DA34F841F7BB6E3AED27F526629AE2614DC19A2B
SHA-512:	63D7213C12EA0CE04ECCF0B0C8B9377D1F4C44D00B99A697084C930B49EF7FEC5B0A00294379CCBF7AF8D3AE34890EB90D555031F6A061EC537EC5D5EB5CFB83
Malicious:	false
Reputation:	unknown
Preview:	p...... .........01.....(....................................................... ........G..@.......................h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6984

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.380368727462042
Encrypted:	false
SSDEEP:
MD5:	A3E11ADF7592C269EFC50241C1D495ED
SHA1:	613BEE0968B9D0961934C97D5459AFA4F67520A1
SHA-256:	4BFE8A8E1C12A3445E98C3102B6EF0104B868DD77C716BAA4A3D07C8724625E1
SHA-512:	88A81B5CE529601F35356A0C5F18257B18121F655A1A188CAA0ADAC107642EA0FFEE3E681C3C20F13AA6BD0B073BF84C69EA7C1B4E047BD89FC7EB10811FCF5A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.328194120360653
Encrypted:	false
SSDEEP:
MD5:	4D2C763D02FE89A70ECD2CC5EC6AB42D
SHA1:	DD01EC98C31628CF0E5218C1158D8921FB355D2A
SHA-256:	22584A0051EB64BA9763D5340800A89E1636E031DC52FAC6D201DF5C4B092E64
SHA-512:	D8DBFD3F75FE8FAF63AF0EE8463D4E3AB7001DBC41657B9037BE8641E60B3D582FAF2EA8FD0E76EC96BE43C443D900225851CFD30ADCB57EFE7CB1F397479208
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.306742436886658
Encrypted:	false
SSDEEP:
MD5:	57ACEEAA593AC87ACA7786C3A5129607
SHA1:	67DE492DB149545493A9D10B23C071519CD2D42E
SHA-256:	A03C4AB7C7AD5F804E7AFF74097F39DFA73EDB9E32CB7CC75042E331392E4E6C
SHA-512:	11AF9A7D033534802766F7F276C7DF6443862E2872A9B58E797C56CC51549108EC033591A9B0EFC60ED427AC908FF81408F1D7129399DE5FAB55B47A2544478D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.369345594839698
Encrypted:	false
SSDEEP:
MD5:	31B778A5EDF4F67F6CF6CDD04878C196
SHA1:	713BA481E510459354CB5209F9D4FCBB8FAC0077
SHA-256:	36A213D8BBD5A90DDCF836C94300839B1A1B983DB3AB37FEAC94E17917598C4E
SHA-512:	E0EE5F97337E31F21EB770E24C534F43EAC5B330D1B6A019CF350FBC6963AE4D373905AED66182B29D58535B6403DF50FABE4858B0BEAC4D6560265C3F89E9A1
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1083
Entropy (8bit):	5.681473380440966
Encrypted:	false
SSDEEP:
MD5:	7115EB7478E3A175EA9D9E550CB34E9B
SHA1:	F54C79CC59A25554EA5E806A7F08151881AF9E64
SHA-256:	07F83C1DCF7A93F9B5DC8BC385AC2541D138AE524ED605A15E60FF2B2CCF6154
SHA-512:	36AFAD90D73A834A566C71A2C23DFFD692FEAE94BC4F694F0E7A5E937340A88D72202721047797C07935EE3663BAECBFE4918C77072D37748CDB08869A2FE974
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"22b145c0-22bc-4bba-811f-7234f288595b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ29udHJvbCJ9","dataType":"applicatio

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.650907209081937
Encrypted:	false
SSDEEP:
MD5:	D32D100905B6291DFC07F2EC94AA42BF
SHA1:	8A04AEC45740B7D7CAA382A01BFB7D8B70E6FB91
SHA-256:	446FB4AFB1B4008B4BB08E3F3F7EA6E568C4448FC51E6E1D9D4ABEAC67DED9DA
SHA-512:	2D453222D461BA25BE4B140ED5388BDEB28DD70A6D53E4F71473887A509C0BC69851D4E1F670FD2C200C1D82330477976EBE571439E685FE0D8EAB7C280DA3CB
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.317086126121518
Encrypted:	false
SSDEEP:
MD5:	C30AE23191EBD7F9E1D678DC25B53A67
SHA1:	FCE87721164E75B4605A1B578F5446A803A9713E
SHA-256:	729F43CAF31BDC5D155A6D2CA8C8225E8CD41C91B1F535A1C2DD4C798B164F4A
SHA-512:	BBCA8B7D2F38FF5AFFCDEBE0CD13AE11F4F13376C7BD614198EA8846BEED229B7DAAF191A4290C5284DDD0E2ABFCC9655673ED1E66BF971EB6936A309389FF69
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1062
Entropy (8bit):	5.689969822235486
Encrypted:	false
SSDEEP:
MD5:	81F4B99FFDCC29605998755DF37A66ED
SHA1:	8881B6C58E44F80C76F02AC814757040A0BAC055
SHA-256:	4A9C22E75E134C7DEC77631DEA3D926931215624BEAB89B7BBC14669F065A857
SHA-512:	A780EF117D18080B2BD01E246D20208F6A6370950F1ACA9F60F7E049A666531DC86E760A8F9FD8DB71514A60CEC60CDA6B3EF3A2D5162A9A0386A95452A935AF
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"58886bd3-acd7-4f84-ae2e-6684bc127c41","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application\/json","encodingSch

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.698882543064966
Encrypted:	false
SSDEEP:
MD5:	E2C5B9248E74BB343B888C49F43254F6
SHA1:	ABA336EFE2038284BE2D0A8645CDC214C76A2A0A
SHA-256:	A1BA3C43822E890A07C99BA209060ACE886CA60B0062A3C5AF24A13CEB10AF07
SHA-512:	C04231F3E66E69E9E6A5311056826397359FDA8E54BF6573DCA64D1E47DC7061F08D5D4A053205BEE8B08D5403E44714A0F99D19504EE69C7D5D8A6854A27399
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.321186592421141
Encrypted:	false
SSDEEP:
MD5:	C336CFB8ABA2735134F08039D827C9F7
SHA1:	B5BE8CF92A5E1F10309453603A3D8DA9B3954332
SHA-256:	CC15C3E31458E0565EB7A68267094CEA9BF12E14668360F43BA242419A3CA437
SHA-512:	FED812D3E354DD67EF606F6F289FF970AB51BBF4D4F0BC48F5424E4D434B44DBD477EBDF09B6E70198A5AD0F705138FB37EEEFB96AD314F58D3AC126CEC146A5
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.7726939914699535
Encrypted:	false
SSDEEP:
MD5:	9883E51FB3183ABBBB87B197F4699DFE
SHA1:	31AECA2DC9310549BE54830A3A272207CB6C3DAF
SHA-256:	68E557E04723F7C59DC2D0A8A183C66FF99DAC6BD86A2832310EE12B581E621E
SHA-512:	D957D2A3A4D815ECF2D70F0E3A9CD1E445B5C184AD242026CF6B099F681495E11544E37611185FA1DB142B1A101FE828B35A4C37C1F7AAEAE6B1788879726F43
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.304588077775958
Encrypted:	false
SSDEEP:
MD5:	B8D6D42102B8A5EAD8D143500219F29F
SHA1:	F818A68E3C171BE08FEEC3E963097EBCB0C446FB
SHA-256:	EC7BC73AD022DEEAC4E53D077B2CC2E4E66A48DC216EF282D3DEE944EF0A0465
SHA-512:	FD70D9F70379773E276C89709A9395F137D08765BE2DDE2F19406DAB15B9A077A98655C03F5F924913625255D042E395C810241C5AD9D6F579B017371CC416D1
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.307948271556518
Encrypted:	false
SSDEEP:
MD5:	1DC40A18EC58C017AD6CC269B61D318E
SHA1:	F11C219E3421200B0A19FEACB73465B290B73309
SHA-256:	2470B93A097BBF75CD3CA4F21C708517CE301A9FB534DCB87D56C52CCACAA9B0
SHA-512:	9CC962BB006AE16DE9DBC688F90413A8AA84A2FB4F98ED702E27CA0EFE0090CB3D2D2DF9BB3CD2613C48FA4280003873C49CC9DA6DF4BDC04FFB25F8A3E9235C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1082
Entropy (8bit):	5.6866534980672485
Encrypted:	false
SSDEEP:
MD5:	52B7471975875D569912D56B12A414B0
SHA1:	5DD953DAC68912A3ED184706EE707986856AAD8D
SHA-256:	E0B3A7F562A64B770E4A7177F1F7A2574D5204FB2E0F2B4F8823B73424B7698D
SHA-512:	931441DCFE4557C973B0DAE56E27AF6848B8BA200A8BD95C63AED7C3DBC39C831F48BA226F37BC73C6B707874B60BC5AEDAD46FF25ED55DC13E31D0522B9FA21
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"a8b11c37-7d39-4b12-9d33-a040ee4d296b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.282406386561252
Encrypted:	false
SSDEEP:
MD5:	BC4B6ADC9FC14E27FECB120C3B7C7962
SHA1:	11689C4D286C3D838A7DF5752E9EF71AE19D4E27
SHA-256:	D82F94A22869E18EA8B02EBEC518113456CC951FADE14C60B0DB308C4D7E5465
SHA-512:	C4DE6009D5A206894C1397AA94E2326C0BB755A2D46355CF19A76F5F288D97E10E83CBEB15E5BA2107CDAB510C6D18B44F4C6F6BA98AE1202F3991BCD2A4F75C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.36769206687773
Encrypted:	false
SSDEEP:
MD5:	D2CADBECCAD07CB1A28BF84DDFC4CDDE
SHA1:	C7DA2354E0CF699C0274500E3BD7C5B17820E206
SHA-256:	0DA522E12428E7FEFFC46961C999B7815DCC36DF82796D9B23CD7BCC1EFD0F1A
SHA-512:	834F191FF7D9FE2A15435DAB4ACD8C7AA58886C0C9B5A9D6C231E46E729A4EBD4AFA7BDCE1DB49F1960EBBA0DB5921F7FB0E5106FEA370572A587C86547B8328
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"1e5d032c-2d75-48cf-9303-8d1e6f4a155d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728498333991,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728320914055}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.12957453918258
Encrypted:	false
SSDEEP:
MD5:	005CD296963B6665A157A234011BD094
SHA1:	283F6CC86EAFA44D43F2F758073B6FA1A78899E6
SHA-256:	1254D777773E88F1D742957E75C81DA6F4A395CC37F388EA0D01B2D39F9B69C2
SHA-512:	F6443D5E9B355083F89306C736622CFEA260D2FE33001FE4FFCBA89D36A0406C8A0DE72FB5C66B77378533F327344CAE86845821EEF4585FF0833A4625CF43F5
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b32b118ea64dd7d30e02a2aa5ff8a970","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728320913000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"62af7e39bf720034d36d2dd31adc8dad","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728320913000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9382fec535b999e327827a23117d02ea","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1082,"ts":1728320913000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"f2bff71e1923dba9a3286825e19c2423","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1083,"ts":1728320913000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"b94afaca2ad7f66d4050aef54abc8aac","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1062,"ts":1728320913000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"e043e566ba339d51434c511dd3383627","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"t

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.988434240623634
Encrypted:	false
SSDEEP:
MD5:	194E1C0ACC414A36669E215BFC128D9B
SHA1:	B1A52DFB5EC486852E08F47CA41E77B51A2E8424
SHA-256:	F4AB857C3B0FB495660263BE005E7714DEA599462EC483F8D443038257ACBC88
SHA-512:	26B28751CF3877DF7F089ACAE8161620E079332A569F445C00659FC98EF77A3A4F7E12FB532E072CAC61F379F0D2D214ADFC43ECECA213EC262ECBE9A8B26467
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3459138050936652
Encrypted:	false
SSDEEP:
MD5:	E51CB909662732EBA5FD7A88291F6251
SHA1:	5EB722D6DA9C18347EFC7308F1C7E8AF0C1291E7
SHA-256:	A28AEBA2CE806EEB10D011C91E5160F39B1796473C966F8C18331DB01748E656
SHA-512:	F8D5681D7CEE803F96811A1C86F2779BEEFBAFB636C75B929FB71923C21CF9A99D809FB54C8A15D3140CD6003442569243EC94E9612D7B4A2B2FC7BEB1F708BE
Malicious:	false
Reputation:	unknown
Preview:	.... .c........y......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI86795.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5258803161342094
Encrypted:	false
SSDEEP:
MD5:	0A31A67230A3ABD8A515422B482E6335
SHA1:	4E1D12F9367AC21480CC500401B4B826414654F0
SHA-256:	4B247E69A4EABDFBCFA5867BC11C6CE6215DF876DD2A66E68E4C052200C95C82
SHA-512:	39A4773B3AE397792D55DC406C5736D5F7A55B5F86D1648E50A210235E081E9650C8C602F9BDDCF4126CCF95D15E49139E33D5D3942F234C363B5CAE27448DA5
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.3.:.0.8.:.2.9. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 13-08-24-439.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.415845938216864
Encrypted:	false
SSDEEP:
MD5:	92DA63C660CD646DA3A59C6CB9F684F9
SHA1:	0E5E5B0E028F00A606E9207B5A7F2B2C157B624F
SHA-256:	BC968D543A64CAFC75070FEDD43F5FF114D8EE036634A6772FCC0AABFD92C769
SHA-512:	2443ADE3663988B063C38F890988EFDD8843A436FC99D6D11BDA538FFA1411447AE48C9AC4E19B0A95DBB3629D61CED1DDF74EA3E936AB203C14E7C044A5A7FD
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\11c1fa4f-3075-4c75-8e8d-b410efee1c8d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\51b8d127-9e66-4a2f-a0b0-a6bdb9c67fe3.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\8a8fec2e-7f4f-476f-98bc-ef2bbb65e397.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	716C2C392DCD15C95BBD760EEBABFCD0
SHA1:	4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:	DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:	E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\d981f384-3c34-4709-8b5d-5ecd5874d4ea.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	0A347312E361322436D1AF1D5145D2AB
SHA1:	1D6C06A274705F8A295F62AD90CF8CA27555C226
SHA-256:	094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7
SHA-512:	9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.4, 1 pages (zip deflate encoded)
Entropy (8bit):	5.46701303020419
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Pay Stub .pdf
File size:	43'962 bytes
MD5:	9abafe3432608a88c8786540512f9696
SHA1:	d9192ddd916d2b3a09eece3498c86eac5e3d3125
SHA256:	c9f6afa2a0221680f98c6893e48c45701d6e80a100a05179fb8a6a9ccbad382e
SHA512:	3193f880dedaa89d60e2e8ecac9d7eced7f1a71078ec87e289b8315f2c68eb39b2fa6e8d84460f11f6e24030d8c823b9bde3ede0004bef268a023e91366e655c
SSDEEP:	768:xj9Gb3UQ59hrL6/Ykt5Pp5gBcnYZyvPS7XfD2M6hpKZyvw:x496htJVZvOPDB6eZmw
TLSH:	DC130B2466BDC04CC0BD87BB89D61223271FAD663990D982F06CB76E2B31F5DDD27560
File Content Preview:	%PDF-1.4..%......36 0 obj<</Length 45/Filter/FlateDecode/Type/XObject/BBox[347.0 177.0 1891.0 836.0]/Resources<</XObject<</Im0 35 0 R>>/ProcSet[/PDF/ImageB]>>/Name/FPFWNV1/Subtype/Form/FormType 1/Matrix[1 0 0 1 0 0]>>stream..H..2451Q0.B3SK.c.s.Css..\.}.

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	5.467013
Total Bytes:	43962
Stream Entropy:	5.221872
Stream Bytes:	37076
Entropy outside Streams:	5.135470
Bytes outside Streams:	6886
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	35
endobj	35
stream	21
endstream	21
xref	1
trailer	1
startxref	1
/Page	2
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Pay Stub .pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007170827Z-207.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6984

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI86795.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 13-08-24-439.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\11c1fa4f-3075-4c75-8e8d-b410efee1c8d.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\51b8d127-9e66-4a2f-a0b0-a6bdb9c67fe3.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\8a8fec2e-7f4f-476f-98bc-ef2bbb65e397.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\d981f384-3c34-4709-8b5d-5ecd5874d4ea.tmp

Static File Info

Windows Analysis Report
Pay Stub .pdf