Edit tour

Windows Analysis Report
Datalogic Falcon X3 Reset.pdf

Overview

General Information

Sample name:	Datalogic Falcon X3 Reset.pdf
Analysis ID:	1409995
MD5:	537741a4c5c8176d00591224909e685c
SHA1:	ca9175fde36cd386fb02fe58b3022bf001f88765
SHA256:	94a9a0eb0dce68c65c58fca3c4f757dd185b5ae295ab66959c435ec241574afb
Infos:

Detection

Score:	5
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Checks for available system drives (often done to infect USB drives)

Creates files inside the system directory

Deletes files inside the Windows folder

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Found dropped PE file which has not been started or loaded

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Queries the volume information (name, serial number etc) of a device

Tries to load missing DLLs

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook

No malicious behavior found, analyze the document also on other version of Office / Acrobat

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6840 cmdline: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Datalogic Falcon X3 Reset.pdf MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7076 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 2792 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1572,i,9933028904589772316,2409644351438293736,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cmd.exe (PID: 7836 cmdline: "C:\Windows\system32\cmd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Spreading
• Software Vulnerabilities
• Networking
• System Summary
• Persistence and Installation Behavior
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\System32\msiexec.exe	File opened: z:
Source: C:\Windows\System32\msiexec.exe	File opened: x:
Source: C:\Windows\System32\msiexec.exe	File opened: v:
Source: C:\Windows\System32\msiexec.exe	File opened: t:
Source: C:\Windows\System32\msiexec.exe	File opened: r:
Source: C:\Windows\System32\msiexec.exe	File opened: p:
Source: C:\Windows\System32\msiexec.exe	File opened: n:
Source: C:\Windows\System32\msiexec.exe	File opened: l:
Source: C:\Windows\System32\msiexec.exe	File opened: j:
Source: C:\Windows\System32\msiexec.exe	File opened: h:
Source: C:\Windows\System32\msiexec.exe	File opened: f:
Source: C:\Windows\System32\msiexec.exe	File opened: b:
Source: C:\Windows\System32\msiexec.exe	File opened: y:
Source: C:\Windows\System32\msiexec.exe	File opened: w:
Source: C:\Windows\System32\msiexec.exe	File opened: u:
Source: C:\Windows\System32\msiexec.exe	File opened: s:
Source: C:\Windows\System32\msiexec.exe	File opened: q:
Source: C:\Windows\System32\msiexec.exe	File opened: o:
Source: C:\Windows\System32\msiexec.exe	File opened: m:
Source: C:\Windows\System32\msiexec.exe	File opened: k:
Source: C:\Windows\System32\msiexec.exe	File opened: i:
Source: C:\Windows\System32\msiexec.exe	File opened: g:
Source: C:\Windows\System32\msiexec.exe	File opened: e:
Source: C:\Windows\System32\conhost.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:

Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443

Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 104.77.8.172:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 104.77.8.172:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 104.77.8.172:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 104.77.8.172:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 104.77.8.172:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 104.77.8.172:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 104.77.8.172:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 104.77.8.172:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 104.77.8.172:443 -> 192.168.2.16:49708
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 192.168.2.16:49708 -> 104.77.8.172:443
Source: global traffic	TCP traffic: 104.77.8.172:443 -> 192.168.2.16:49708

Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.8.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.8.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.8.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.8.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.8.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.8.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.8.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.8.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.8.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.8.172

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF3BE.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF43C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF46B.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF49B.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF4BC.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF4DC.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF51B.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF54B.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF57B.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF59B.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF5CB.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF5EB.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF60C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF62C.tmp
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\SysWOW64\Elevation.tmp

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSIF3BE.tmp

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll
Source: C:\Windows\System32\msiexec.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: winbrand.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: wldp.dll

Source: classification engine

Classification label: clean5.winPDF@20/45@0/31

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-15 21-42-27-521.log

Source: C:\Windows\System32\conhost.exe

File read: C:\Users\desktop.ini

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Datalogic Falcon X3 Reset.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1572,i,9933028904589772316,2409644351438293736,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 09E76C39A48E2328F1F3B1979C7210FA
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2144 --field-trial-handle=1572,i,9933028904589772316,2409644351438293736,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 09E76C39A48E2328F1F3B1979C7210FA
Source: unknown	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Datalogic Falcon X3 Reset.pdf	Initial sample: PDF keyword /JS count = 0
Source: Datalogic Falcon X3 Reset.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Datalogic Falcon X3 Reset.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF46B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF59B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF5EB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF60C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF57B.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF46B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF59B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF5EB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF60C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIF57B.tmp	Jump to dropped file

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF46B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF59B.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF5EB.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF60C.tmp	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIF57B.tmp	Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Source: C:\Windows\System32\msiexec.exe

Queries volume information: C:\ VolumeInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	2 Exploitation for Client Execution	1 DLL Side-Loading	1 Process Injection	21 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 File Deletion	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Source	Detection	Scanner
C:\Windows\Installer\MSIF46B.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIF57B.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIF59B.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIF5EB.tmp	0%	ReversingLabs
C:\Windows\Installer\MSIF60C.tmp	0%	ReversingLabs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.51.56.185	unknown	United States	4788	TMNET-AS-APTMNetInternetServiceProviderMY	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
104.77.8.172	unknown	United States	16625	AKAMAI-ASUS	false
18.213.11.84	unknown	United States	14618	AMAZON-AESUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1409995
Start date and time:	2024-03-15 21:41:58 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Datalogic Falcon X3 Reset.pdf
Detection:	CLEAN
Classification:	clean5.winPDF@20/45@0/31
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 23.51.56.185
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Datalogic Falcon X3 Reset.pdf

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.21744782483226
Encrypted:	false
SSDEEP:
MD5:	25599B6AE2DFAA2A21582EA513EB2D36
SHA1:	35AE3D18056978562764FF2B535008640B791E91
SHA-256:	F90C66749FBE77A0A54A84A72381967C8691CDEABBD7EA8396B52141B2166CBE
SHA-512:	A7433BB2215C2309C2397FA877989457FE7DCF4F099F02D3AFA03165A434F75AB2F807DEF003DF563653C00E958368B9527BCB16797CE2AD28A0C24CE97A3F0A
Malicious:	false
Reputation:	unknown
Preview:	2024/03/15-21:42:25.897 1bcc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/03/15-21:42:25.898 1bcc Recovering log #3.2024/03/15-21:42:25.899 1bcc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.205118693356976
Encrypted:	false
SSDEEP:
MD5:	41FDF5872EB59C64CA9EB7CD77754E95
SHA1:	CB0623FD588304703C7689450EF73103E7405492
SHA-256:	B3A7CA6F14988A07CEE48687003D5026CAAB6410255EA0F8E8552E944C5809DE
SHA-512:	3DD8FBAA74BFE33A5BC47A02F0EFF76EE7F89A719F4FBD1BA85BFAAF7D57AF7403CCAC63F2161CB733E116530AB31310DD7E8DDE85A4A520DFD545EAB71C17B4
Malicious:	false
Reputation:	unknown
Preview:	2024/03/15-21:42:25.785 fd0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/03/15-21:42:25.788 fd0 Recovering log #3.2024/03/15-21:42:25.789 fd0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\027135d7-6839-48d1-b602-c8df0dc01df8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	403
Entropy (8bit):	4.953858338552356
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\75e3faf6-ba4f-47c5-8b78-5cb3250c6f28.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	402
Entropy (8bit):	4.984376319223817
Encrypted:	false
SSDEEP:
MD5:	E9A5D5D2437DDC01BDF332EB28E914BE
SHA1:	3E4F67DA0DB72AA17AF272606F4DE4E19EC392FC
SHA-256:	4E25769B7D59A5BAE8733542E88C0CBB07229D8F16D23CAD95BCFCEEDC326239
SHA-512:	ADBEB78996826E57BFB2346777FF2FF8E419E6E1F29CDF0B608973776B63D241E64C27B98753458887DC9CD10D09BDDFF75CE104C86D5BDC3F8647DFC236965B
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13355095357251296","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":91864},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6d03b7.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.230774607165151
Encrypted:	false
SSDEEP:
MD5:	8B607E67A44B9A79F1C86B90CD1217A2
SHA1:	5AF22E4F9F3E8741AF2F11AA182E46729AE31AF2
SHA-256:	CD15606C4BF6293FECC7B9407F243FFF8B0CC670BA4FB690D1D7E728B6B7F88F
SHA-512:	A4FFD3E865FB623AD37D539B6CB311D9A4E524A6FAD7DC18502E0DF89F4194A877FCEEFF746B0D9466C97818829BCC345B69544F348E7753DB407DF99B63B987
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	319
Entropy (8bit):	5.185029125052274
Encrypted:	false
SSDEEP:
MD5:	0CFF974173923C50CC8B5A93CC4063AA
SHA1:	CC5FA85B708D54F8AC5AFE72BB1261E8EDBECDDA
SHA-256:	AA863C49BD4C8E04714685EBC9AF209523D6A671CA5F57079DE65CAB87C28EE8
SHA-512:	4339D4D12E0F38434AAA585EBFD37C3A4679E8F5997B2D5B1CA5BEFD1597F86692B959D50D5C9C886DF7CAB6438514C3AD98CA208AA9FAF0E95E1ECC2E671FE8
Malicious:	false
Reputation:	unknown
Preview:	2024/03/15-21:42:25.923 fd0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/03/15-21:42:25.924 fd0 Recovering log #3.2024/03/15-21:42:25.926 fd0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240315204229Z-157.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.6868206034766535
Encrypted:	false
SSDEEP:
MD5:	412D4F78C2AD9AF57C1707F281FF12F5
SHA1:	E7EDA1733FB34AED975EF9547ED5719BE377F43C
SHA-256:	B7242CFFE7751CDC5FEC54A98D5FACEE03EE1281751883A4C9254D26F53F1599
SHA-512:	B838B452B5866FE38BAE0B85B2F3926570B192D06644B48E2E643F0816FDEDDA1CD75DB00743AB2F1F90F85C20EE38A9AC55C4E20FE467ECF767A5560F5C4040
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.2145489134942595
Encrypted:	false
SSDEEP:
MD5:	CAD21D438C01914C6280757BFBBC982E
SHA1:	3C5E4C13C0D95812040045101E91C2A4F0872BB2
SHA-256:	4524C6C87A52D0127C19DFAFDB7F435B7921A9A4184A4BFA1FEA5253680D9514
SHA-512:	70D3EAFD5F1B47B4C8E573A424E5B783D500932C8B01004D633543BCF0FD9C9BE25BB683DE8CF3940823D39E498B1C9ED02D09544A05C65E2B39B7F4310BFE11
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....Lw..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	8BA9D8BEBA42C23A5DB405994B54903F
SHA1:	FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:	26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6928

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	1233
Entropy (8bit):	5.233980037532449
Encrypted:	false
SSDEEP:
MD5:	8BA9D8BEBA42C23A5DB405994B54903F
SHA1:	FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:	26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	8BA9D8BEBA42C23A5DB405994B54903F
SHA1:	FC1B1646EC8A7015F492AA17ADF9712B54858361
SHA-256:	862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
SHA-512:	26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	B60EE534029885BD6DECA42D1263BDC0
SHA1:	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:	52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6928

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	10880
Entropy (8bit):	5.214360287289079
Encrypted:	false
SSDEEP:
MD5:	B60EE534029885BD6DECA42D1263BDC0
SHA1:	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:	52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.349671342054732
Encrypted:	false
SSDEEP:
MD5:	5AF83C43BE4BC658CE626697354AD6CB
SHA1:	B54BA174633DC5AD8A2BC9DED27F04A993FD4AE2
SHA-256:	A345EE3D880AF5047777E0052DCE52DB3BA30E597E325921700FB5D1DD9F4CDA
SHA-512:	3AD25ABA75D112DD3B2A51985F6E9A341A6931B5FB092C92238D655244F63F6C636CE607B410B0425326F98EDE9878910A5558FEAABC2C8F909CEB258E3F6746
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.300259917002476
Encrypted:	false
SSDEEP:
MD5:	2D27F56139CF75F9C3A093D4F47060F3
SHA1:	2C87B37B80B7B22FD45AF80CA18DC7EE56D8D399
SHA-256:	43FB3ACF567746FF112F45A7DE38FAF3736B0D7485232BD49E6940D334FB11EA
SHA-512:	C9F7F915EDB238CEB881C0BB557583F3C02899A2A77D86FA5545C3AD8E61F41129713E10CB12FABE6065654396C4F02C0B9219D2B4E2A6C8988724CA6BF6CC9E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.278519412360284
Encrypted:	false
SSDEEP:
MD5:	975097DCCEC643809C7A3FBB47D1A924
SHA1:	1B311F9290333848CA5C0931291C7F104B9D4A7C
SHA-256:	A8573B0B9E44316BBBD3BF770D9A63CA30BBF5689E2BF2126B1A04AF0C28C13E
SHA-512:	0568C84CA3F17F4C52D9E90FB923C4DFF1BA8BE746A3A37B4BC4068B88E4601DE48C9A51CD22A0BFC795489BDD46880E86DB9C1D8652EBCA12BEE28901D17314
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.337571108190026
Encrypted:	false
SSDEEP:
MD5:	2784D27570E47DF190681D9390863128
SHA1:	C6F688B8035824EF16C5178FF4E30CCFEB4DACBF
SHA-256:	BAFF7EEC37A5FFA31429C9E4DD4B28D2935EE94531C1270FD9865F170802BC91
SHA-512:	83D6F5FEB0E5B57FFD1010AFCA4BAD87C5FB731649D1D77FB0BB5DB5CF379B47B97B3BE94A38F69145CA5EA49785B7E3280966407DFFD0E14BCF20FFF5E17319
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2999264393509335
Encrypted:	false
SSDEEP:
MD5:	963763DB52BBE2564696AA273B082EAC
SHA1:	E19EA7B9478BB8BE936F04FE04BEDFAF157F2A25
SHA-256:	43842A1A9E1501687334CC4BC56FCF1F1E7A1BFA71DFEF5D7A20C99332F78798
SHA-512:	441D993831FEE5D99B68CB3F18C950FD48DD355EAD581DFB70BC19AC73728D2991F0CBC1D7F0ACEB4A85F83F346EB2F818F456BC02FA17B68817FF42786A43DF
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.286414475736192
Encrypted:	false
SSDEEP:
MD5:	D9D08AACB0B21EFBFFC73063B5206683
SHA1:	4EC5AB55E07057FD5D1849215E3FF8E19C4D6B23
SHA-256:	E5056BA85F57BD704BAD85EE5E16676E60DC5B23494320A6CC11A5621A65AF61
SHA-512:	BD5ADF9D4851818D998D31A4028D957E8BD2C92505FC02C50664C1C94929C1D938767CEFB61AA3A01A721A03031D321F9A933E317F6E2B76092F3D472225A179
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2897879039738545
Encrypted:	false
SSDEEP:
MD5:	C728B160F571AD61D4C93397D5596F7E
SHA1:	144996DCBF1FCC7E941B74C65BC13636BA9F95C4
SHA-256:	19ADFEF8E144094392BE72EB9629BF2CA177F849E5A121F6770A6A171B18A3FE
SHA-512:	1ED239AFB2C10DDCE46338F136789AA29F364BB534DB68E3B10B59DB949B1DD4A390595A6E50ED6A812F2932606F57C0B2FDB4EF44B09F77D72E9C648FBA5448
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.296722729535657
Encrypted:	false
SSDEEP:
MD5:	8C2E3E118760446A4875614E69A6325D
SHA1:	1B88AA88AC549D2E46492E3D9ED1FD612D2B3FB2
SHA-256:	166D5A3F699F593A294FE153A1FE4628F68D61FF59740E71D95B41CF71B08372
SHA-512:	27EED1429D3D267780E89489F6651B772A6362CF24DE91CF76C37072D472D6915542ECC1D77168EDEF50C58B0AB40AD1F6A063E15F79F1D540CCAADFEBD55198
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.312225941501401
Encrypted:	false
SSDEEP:
MD5:	762F021ECF46FDB2818589882006F65B
SHA1:	F92EE335438960396553F2F4FE17C0F22363305C
SHA-256:	E5C8F0A77D96EA329CE8CD2DC7C2DFF94CF5DD9C086A56D3FE1014AB8E37C42F
SHA-512:	451628895F6FC0403C1D345710F44BBB246EAE0D6BAEFE4A6A9577ECD8A0395176F8BFC205801AC4B71F07EED5ADDD9863FB2807109C918E31DBDD880363A353
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.292998974684284
Encrypted:	false
SSDEEP:
MD5:	0E81DC2DE4C72C8E6A882B32B89AA9E8
SHA1:	D2031E87EA447021AB8D75816F370DB0193C6836
SHA-256:	010AC0379DF1738943BDC0C59CF0295CD3DAA5E1C9C6644AB92F5FD7284779AC
SHA-512:	3373058E13F11BBCC1BB2DD473BB7B46D55A45EBCE01ADF9611BBC1C99F2DC6349EA221CC719E153802D4279706F558F8F6377D62AC52AA2FD97E9CEEED0528E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.7675287181928745
Encrypted:	false
SSDEEP:
MD5:	8D83D80F0E847742AF8E995F2F4470D8
SHA1:	559B78828BBE10E05A680D37F633239F5CA9DB54
SHA-256:	B5A56E0A9850196ACFF4004FDB931950EF209AEB5A3617F9509CFF3F910EA60F
SHA-512:	AEB9B7373BDFF306827A1FB687CFFEDBBA1FB532259967B022191D5FFFE74A8B78CCDB7235EFFC8809FF638A040FA2922B27878D1EDD993A5733C3D85B48546D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.276594189370627
Encrypted:	false
SSDEEP:
MD5:	7CEBE3BE9628195A8A5EF139BFA4575A
SHA1:	C7A90D997D259E0DCE89F1DEE79575D6DB52E575
SHA-256:	CD6A6C070A40F42E1666C14C8097629F437CC46631876CD72DF3B62B658790CE
SHA-512:	2B5CDA14595320E42859A65ECF2A4FF7BD1CFA25356E4A7E860FC63057E8AC12423AD8429E8FCC7B987D36E3C1A0D49DBF59F57ED83F810BF1FEC77D9AE21C06
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.280174470625795
Encrypted:	false
SSDEEP:
MD5:	8AB9F77C1E3A1337F711357E76037934
SHA1:	F08FE9B20FEA5C63AC3A5028872C58AC615A6C3F
SHA-256:	7E273C748AD90B5597DA74C7C53EAE6056C557634278215DE0D23E158A2E17CA
SHA-512:	95033D832CD9FAD87C25DE0492DF5E7B864CAB5A3B74D1751589FC52AF72D43129A1D89EA11DC96FC300608A28D5ED9566D5823AAC9BE72C26E67740D0189472
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.29954028536821
Encrypted:	false
SSDEEP:
MD5:	38DDC6BA92FA5C865848AC8C6DC42B95
SHA1:	B56313754BF4B50953D57F9593EBDD80B4793CD4
SHA-256:	46D52685E0EB8CC761E54F00383DFCC83B9E0877D1DBBF12BBFC8DEBCD09B684
SHA-512:	9C43604C3EA8538E9FD5033DCA45EF358CE5C50F630877114A65B8B7397D94156179F88A831B3CA15118E2264BA71CF33A2B7172D1284981C2C53E7F01963396
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.256209673700267
Encrypted:	false
SSDEEP:
MD5:	4337D54159ACBEC4F9F43834765F5925
SHA1:	C2120EE4A1882379EF4520BA3A8CF8ED2E56BE5A
SHA-256:	703DFFEB724669F7847B8CA680DF77F259B39E0F47A06A839C1FF2289EB0467D
SHA-512:	1CF0283C95AEFE41E74717E21C741C9E8700E4A5C3C2A89A19C3C49171C41381786927015B367785CF2B6D2BE982AD47E02B3073FCD246114541CD68DDE54402
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.360145977545859
Encrypted:	false
SSDEEP:
MD5:	D489B93B262C55653DFBC97BE63B9061
SHA1:	371E7285619286E9798A38D46EB6EB6C0A2BE228
SHA-256:	6C79A40EE26A60D0FD491616C5C125927FA649547897F316D31713997076FCAF
SHA-512:	79CBC9617DE9EC5A7A30DA14DC2D2A1D27452375EEC5013EB5839A05E725A4CFECA0F8B9D5791806CE7898CD65FFE726488F329DBA899F25EE0B1AC714B4AC73
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"6bd14295-5150-49ac-91bb-5a803c04ae44","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1710708390041,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1710535350073}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2813
Entropy (8bit):	5.1226972337381635
Encrypted:	false
SSDEEP:
MD5:	C796C278155396AB69D9A9A24E89BE42
SHA1:	E7D017BD46D5F1BB832370DDFFBC91B6BCD337E2
SHA-256:	C8563F397136C134EB6A5D061BA067C5BEE8594A237733D95BE56FF7C40CB497
SHA-512:	79E357C3F307E6E8E48BD7D7CB5C7B602F6BA16D37BB0E16146B33DA9B12B62CCB3003265257DC630E54798D8FD82A287AE352B20C277DBF95C126285F7F9606
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"f4cd32e4f5e2dba4ce40cd4ee1e5cb2e","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1710535349000},{"id":"Edit_InApp_Aug2020","info":{"dg":"3b4d50a67ebd8eecc9745432a5fc3a37","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1710535349000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"008c5a16d5aaa7a2cd22ab850e05f098","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1710535349000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"623f854e84adce30dd371b22f29de54d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":289,"ts":1710535349000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"fb770ee9c470ef93c605d0fd2fb90503","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1710535349000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"4962f77bed9ed507de96ec86c461b1a8","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1710535349000},{

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9875410466565196
Encrypted:	false
SSDEEP:
MD5:	0B48A7F4906F8B92594963050ACC4D27
SHA1:	A4EF20F7532E910BA9A03EDF2EB68DF5C8542E3C
SHA-256:	8E1A304C17494A9FB1D25179166FFDECA14A951B1E5AD0FF256DA33671EFA6E7
SHA-512:	C3295BE4263FA8039356D28FEAE95182BE9E7F5C9747B19438224ED841CF6FA2BF7D3DD3CC997C37EDEE8819BB19A803E39F1169C7789721FA45D33FB91A3076
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3440646235849687
Encrypted:	false
SSDEEP:
MD5:	57A5AB07371ED73CEEE53CD99FE06BEF
SHA1:	9D75C05F81467BFC609AAE7EA7511BC2AC864DB5
SHA-256:	A239A0B2D09F27B55DFD66EFE3362C69F5CB9598755979E4B3D31E405055CDCD
SHA-512:	4569FE6DEB3C2E3680AD47A77D4A3BCD2E5027C50CF9BDCC2A42F53B09FB7F9BE9874BDCEB0A97A5487CAB01E39EF88949C15CAE605BAA65DD218293ABDB33BF
Malicious:	false
Reputation:	unknown
Preview:	.... .c........#......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	66726
Entropy (8bit):	5.392739213842091
Encrypted:	false
SSDEEP:
MD5:	A9B530D6441EAC024D6E1727B4603F79
SHA1:	B48B9083BD4AAC21D64A6F7717E922BE4E1CEC39
SHA-256:	9202C74BA5A76FB83ED03DAEE0A25AA160BD6E9B753A670D78DA6FACF4F356E9
SHA-512:	67453699975F9B9ABE92438F9E5542C04AAA03869E74E887A619C813E76B8F36E39AD26CC8A663A2F128BD5333862C3ED170B78061CE79735B1C3604C0DABDC8
Malicious:	false
Reputation:	unknown
Preview:	4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Temp\MSIbf6cb.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.51161293806784
Encrypted:	false
SSDEEP:
MD5:	DDA1A718DB249F62C862A0B4D38CDE35
SHA1:	DA1AB2641E6C52EEEFE8B9D3CBC73A7F9150902A
SHA-256:	C9CE0172ED8BAFD86360381FC13ED75628D6C20C587CC452DD590C43DB1F3729
SHA-512:	B85E89073D65D05458A160CCC89A4E715E55219282B5047B48C4CAE43C18520B14569021326A9A17C5EBAC6C7246056702FC7EE1D73AAE255AF9FB3E2F70D93E
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.5./.0.3./.2.0.2.4. . .2.1.:.4.2.:.3.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-03-15 21-42-27-521.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.423484849085922
Encrypted:	false
SSDEEP:
MD5:	484C2D7DA938FCE151FBF4C291610097
SHA1:	533CBAFE3A73818575F3639B96A0CF42D89B0BD7
SHA-256:	FBB7553B2FBE37A3ED02BED10DA9DB6B2BD445FADEF5A749E021B9A95135FDCF
SHA-512:	47180907611B089C771DC6949A1CAB53D98437C5B4CD8A22BF8DEA89135B9C872D3A119AAA8F5416B24DDBDEEFD2E1A83E6FEE7723807A2B7CA9F4E47433B746
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\68b2718c-7a38-4cfe-8d14-974bcd20d58d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\70843390-6630-4efa-b537-e7fbd522d352.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	59EE5E2FB56A099CAA8EDFD7AF821ED6
SHA1:	F5DC4F876768D57B69EC894ADE0A66E813BFED92
SHA-256:	E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75
SHA-512:	77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE
Malicious:	false
Reputation:	unknown
Preview:	...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=.R........4..(WCMQ..u]]R...R......5...N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]\|..7;.5....^..7(.E..@..s...2..}..j.......t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...zBs\|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5\|:bj[.._R{gi...^

C:\Users\user\AppData\Local\Temp\acrocef_low\88d80aeb-9712-420b-8aad-494b4cf3c3fe.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	35DD2EA7D068970C0D346B42DBA2C0D0
SHA1:	252F01E009F748D4F3F4638AC43ECE5983E5484D
SHA-256:	9CFAF7F7042A9FD32EE060F6C160A3DD6DF165856E18834886992A44666EED21
SHA-512:	0E806CA0499701AA9A7FD4B0E08DC2FFDAFB84DE1035D74F2C3C150A9E2161443924F1B68C8FD59A622BF983FEBD5FC1939EA34CD320268CA0EEC8145593E113
Malicious:	false
Reputation:	unknown
Preview:	...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.\|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..\|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...\|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U\|}../xS}.q..B\|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

C:\Users\user\AppData\Local\Temp\acrocef_low\dbb6d35d-7ac6-4cb8-9095-61fd02c3dad5.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Windows\Installer\MSIF46B.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	850392
Entropy (8bit):	6.206852111668413
Encrypted:	false
SSDEEP:
MD5:	02BF4F9572D87DB0A85662B792E0D3FE
SHA1:	A7E2CF47C9EC8A812457055DE5CBB92E230AC14B
SHA-256:	0D94E8ED592846BA7B7D035F08D753BB89514D230AD0B494E50D86DD5220AB34
SHA-512:	5CCEC1878AC317AC9CBE8E108CB3F85DBAD9688F9010319079A9F8EB43050A72D4A43EE8E53C773FE85AE4B68FA6DF7D3DC75E2E023A584967837622FCD9E0A5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......-8..iYmIiYmIiYmI21nHbYmI21hH.YmI.6.IhYmI.-hH9YmI.-iH{YmI.-nHeYmI21iH}YmI21kHhYmI}2lHkYmI.-hHcYmI...IkYmI21lHzYmIiYlIpXmI.-dHdYmI.-mHhYmI.-.IhYmIiY.IhYmI.-oHhYmIRichiYmI........................PE..d......d.........." .....2...................................................@............ A........................................0<.......J....... ..........lQ.......)...0..T.......p.......................(.......8............P..X............................text...L0.......2.................. ..`.rdata.......P.......6..............@..@.data...t5...p.......L..............@....pdata..lQ.......R...f..............@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..T....0......................@..B........................................................................................................................................

C:\Windows\Installer\MSIF57B.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	497112
Entropy (8bit):	6.438361119688651
Encrypted:	false
SSDEEP:
MD5:	4F89DA665E512350058C520174611135
SHA1:	0A4720B834E50D7DBB850F112E322D6FC64334B1
SHA-256:	EC2FF4D9ABD96A9E42E01DD98BDEFF390C05729FAC3FEE50AEB6D88398B1E653
SHA-512:	981DB94F68C3366909CA1D032E622C53420B1E9AF81BD2C30F8482082DE4539F269AC87D67AFBDC890AE2096CFF0CD3A4F1EDF0EE0D98767FC7330425D9E3BCB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6qS.X"S.X"S.X"G.\#X.X"G.[#V.X"G.]#..X"..]#p.X"..\#C.X"..[#Z.X"G.Y#Y.X"%z#"P.X"S.Y"..X"..]#W.X"..X#R.X"..."R.X"S.."R.X"..Z#R.X"RichS.X"........PE..d......d.........." .................h..............................................\|h.... A.................................................................@...S...l...)......(.......T...............................8...............8............................text...p........................... ..`.rdata...G.......H..................@..@.data...x)..........................@....pdata...S...@...T..................@..@_RDATA...............Z..............@..@.rsrc................\..............@..@.reloc..(............b..............@..B........................................................................................................................................................................................

C:\Windows\Installer\MSIF59B.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	211408
Entropy (8bit):	6.337608794464878
Encrypted:	false
SSDEEP:
MD5:	0FB71A79C1269E2BA50FB92EB92866D6
SHA1:	7292A917707D174F7F98BBCD7E248000EBCFE9E0
SHA-256:	E9E4ADFA160CE9BBEDA6A083C42562FDB33A8C9261F85EDC682528333813B7B6
SHA-512:	0C2E80768302FB009298B288B06BB9E62DB91FBD04163F0FAD707F9CC84445985CF811839A6C6CF022817F4405276B63B7BA46C5C67E24FD5A90CF976FFD4144
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.O.w.!.w.!.w.!.c.%.\|.!.c.".r.!.c.$...!...$.T.!...%.x.!...".~.!..cZ.u.!.c. .\|.!.w. ...!...$.r.!...!.v.!.....v.!.w...v.!...#.v.!.Richw.!.........PE..d...=^.c.........." .................v.......................................`............ A........................................`...X............@..p................)...P...... ...T...............................8............ ...............................text............................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@_RDATA.......0......................@..@.rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

C:\Windows\Installer\MSIF5EB.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	498640
Entropy (8bit):	6.435753543146649
Encrypted:	false
SSDEEP:
MD5:	1566E699EE42EAA571700F3AD30B2DBA
SHA1:	D2B11F53310AD7118B6893C46EA815F9C7BF9CE2
SHA-256:	4BC5FC5CD0AE661B4FFE6AD9E12E55B233F471BA84F40CBA7BEB0CEA8822E831
SHA-512:	52F8B86486BC22198CDE10F91D4588A7A939580327E8BA03B254D5A2C915B039775AFE696FE2014AAECF83EF514D3123C6EC68244B40603AA5D980F7E4C1BA1B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................N.......N.......N................:..........:...L.......L.......L.,.......D.....L.......Rich............PE..d....].c.........." ...............................................................3_.... A.................................................................P...Q...r...)..............T...............................8............................................text.............................. ..`.rdata...S.......T..................@..@.data...H)... ......................@....pdata...Q...P...R..................@..@_RDATA...............`..............@..@.rsrc................b..............@..@.reloc...............h..............@..B........................................................................................................................................................................................

C:\Windows\Installer\MSIF60C.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	modified
Size (bytes):	530392
Entropy (8bit):	6.45816181579208
Encrypted:	false
SSDEEP:
MD5:	063D4491FF8D8146B167EE4B24E304FC
SHA1:	D7178B029828DB23A115D224DCA3130B7ED9537B
SHA-256:	0A100DC7F447CC980491199F5D0583FA7D44D8FE7A1632482567C617F10FE54D
SHA-512:	834ADB66F6E12D9DE5AEDE21EFF716EE6893B9F168FBE835AD6FD7434800CF2C38B9ACA555C828041E07F866D12684536ACF996A82E11C53B48ABF6A005F0CD8
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......{. .?.N.?.N.?.N.+.J.4.N.+.M.:.N.+.K...N...K...N...J.0.N...M.6.N.I.5.=.N.+.O.2.N.?.O...N...K.<.N...N.>.N....>.N.?...>.N...L.>.N.Rich?.N.........................PE..d...g..d.........." ..... ...................................................P............ A.........................................q......\r.......0...........T.......)...@..........T...........................@...8............0...............................text............ .................. ..`.rdata..pQ...0...R...$..............@..@.data...h)...........v..............@....pdata...T.......V..................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	454234
Entropy (8bit):	5.356157191408417
Encrypted:	false
SSDEEP:
MD5:	3F799246356EE410356A179747527B71
SHA1:	E12EA53BA55554B7D8270992E7D1A2943D7DF681
SHA-256:	9A0C538935BD8AF53F9429E97B4FCB74732B5CBE4FBAB060BB3E488216B67742
SHA-512:	92760A1CB955201FFE910E31BA1D65FEF45E652A8BCE06F6185FC9A80CFF314142F92C02C03444F83941A650828CDC1BCAD8998247F88B642CB1817BCA85CE04
Malicious:	false
Reputation:	unknown
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

Static File Info

General

File type:	PDF document, version 1.5, 1 pages
Entropy (8bit):	7.9915650291816025
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Datalogic Falcon X3 Reset.pdf
File size:	260'317 bytes
MD5:	537741a4c5c8176d00591224909e685c
SHA1:	ca9175fde36cd386fb02fe58b3022bf001f88765
SHA256:	94a9a0eb0dce68c65c58fca3c4f757dd185b5ae295ab66959c435ec241574afb
SHA512:	812911e10a2e49f5725b3cc55e4662bfa9cbca4a0a1ee18ce726ffe3127a1c40454ea4edf523b07e2c861dba98e74ef8948e3ab0a95f9bb3496a599414606260
SSDEEP:	6144:ZBwWKRsUNGOi8FXHTCSMq7DEesuDnx5pXKuW:ZBw3rXFXz1DEeBDQj
TLSH:	E044023C03752EF8A723D512F10ABD2ABD9C710D324C98AB16B897658175FDAD931AF0
File Content Preview:	%PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 13 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R>>/ExtGState

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	7.991565
Total Bytes:	260317
Stream Entropy:	7.991840
Stream Bytes:	256580
Entropy outside Streams:	5.262447
Bytes outside Streams:	3737
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	17
endobj	17
stream	8
endstream	8
xref	2
trailer	2
startxref	2
/Page	1
/Encrypt	0
/ObjStm	1
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
9	0f1d07a793170707	46800672274c4c94a4016efab222876f
10	c0c133232b030717	2bb68e4779563456e2061ebd888aee31
11	232b0b0307171796	52a1a44b14ff5706ec8544d95f74cb96
12	f1c087bdf0e49141	e2c44a143c2ac52ff2088e1a46c3fa44

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Datalogic Falcon X3 Reset.pdf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Spreading

Software Vulnerabilities

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\027135d7-6839-48d1-b602-c8df0dc01df8.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\75e3faf6-ba4f-47c5-8b78-5cb3250c6f28.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6d03b7.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240315204229Z-157.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6928

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6928

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Windows Analysis Report
Datalogic Falcon X3 Reset.pdf