Edit tour

Windows Analysis Report
Document 35405 (2).pdf

Overview

General Information

Sample name:	Document 35405 (2).pdf
Analysis ID:	1419161
MD5:	4ff9fae10d7736c3572aa9e790956a1f
SHA1:	38b58154a27f443d3ee999e492ab25bd5cb3d5f2
SHA256:	366cf33daf5f3807960a5c3120a793385a038b40483c593c8f3e971879b01c20
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 984 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Document 35405 (2).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2508 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6512 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,14820674299548041102,12000682537271802868,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winPDF@14/42@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 08-08-19-922.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Document 35405 (2).pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,14820674299548041102,12000682537271802868,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,14820674299548041102,12000682537271802868,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Document 35405 (2).pdf	Initial sample: PDF keyword /JS count = 0
Source: Document 35405 (2).pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A915qv0id_1cblpso_4co.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A915qv0id_1cblpso_4co.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Document 35405 (2).pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Document 35405 (2).pdf

Initial sample: PDF keyword obj count = 60

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Document 35405 (2).pdf	0%	ReversingLabs
Document 35405 (2).pdf	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1419161
Start date and time:	2024-04-03 08:07:32 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Document 35405 (2).pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/42@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.196.176.131, 52.22.41.97, 3.233.129.217, 52.6.155.20, 3.219.243.226, 162.159.61.3, 172.64.41.3, 23.219.155.148, 23.219.155.165
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.172169464044792
Encrypted:	false
SSDEEP:	6:7VWgOq2P92nKuAl9OmbnIFUt8sVWntXZmw+sVWntFkwO92nKuAl9OmbjLJ:RWxv4HAahFUt80Wp/+0Wj5LHAaSJ
MD5:	1586AA8BD555878247B5DB68D2015F66
SHA1:	C80314FD894F65ECD01B8E966D53F0C000307904
SHA-256:	517B71E3C0A119E04DDDD479F9BDD01AE39EB218004E8218DE812A8B2D914790
SHA-512:	10816124E76C96DCE0FB524F0FE054BE88640122446A152F715C969FDD53B9577B8E6B69A5A2158BA83227D9E5031BE45D062232ABAB9C4235E2BDE3D40269AC
Malicious:	false
Reputation:	low
Preview:	2024/04/03-08:08:17.772 bf4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/03-08:08:17.773 bf4 Recovering log #3.2024/04/03-08:08:17.773 bf4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.172169464044792
Encrypted:	false
SSDEEP:	6:7VWgOq2P92nKuAl9OmbnIFUt8sVWntXZmw+sVWntFkwO92nKuAl9OmbjLJ:RWxv4HAahFUt80Wp/+0Wj5LHAaSJ
MD5:	1586AA8BD555878247B5DB68D2015F66
SHA1:	C80314FD894F65ECD01B8E966D53F0C000307904
SHA-256:	517B71E3C0A119E04DDDD479F9BDD01AE39EB218004E8218DE812A8B2D914790
SHA-512:	10816124E76C96DCE0FB524F0FE054BE88640122446A152F715C969FDD53B9577B8E6B69A5A2158BA83227D9E5031BE45D062232ABAB9C4235E2BDE3D40269AC
Malicious:	false
Reputation:	low
Preview:	2024/04/03-08:08:17.772 bf4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/03-08:08:17.773 bf4 Recovering log #3.2024/04/03-08:08:17.773 bf4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.129058208555339
Encrypted:	false
SSDEEP:	6:7VWQLI+q2P92nKuAl9Ombzo2jMGIFUt8sVWQR6VXWZmw+sVWQR6ViVkwO92nKuAv:RWb+v4HAa8uFUt80WK6Vm/+0WK6ViV5c
MD5:	9E3DB1B2BCA4036619CA0FB0DBAD8C25
SHA1:	C51C05CA6C62947B775024A0A4B463896ACE39E4
SHA-256:	7039BBF8D6AF5395F5A9D86365D217A8ED2D24DBC6A58AE2E84287CFC3028202
SHA-512:	662842A9F4C6CCD3E69C9DF70B1C36AE8862CA29EE291B5BE0D24309544851D80359C645BD730244BB08032A5B172B327DF1F9BCF2B38FA353AF395682F179DB
Malicious:	false
Reputation:	low
Preview:	2024/04/03-08:08:17.867 e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/03-08:08:17.868 e0c Recovering log #3.2024/04/03-08:08:17.868 e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.129058208555339
Encrypted:	false
SSDEEP:	6:7VWQLI+q2P92nKuAl9Ombzo2jMGIFUt8sVWQR6VXWZmw+sVWQR6ViVkwO92nKuAv:RWb+v4HAa8uFUt80WK6Vm/+0WK6ViV5c
MD5:	9E3DB1B2BCA4036619CA0FB0DBAD8C25
SHA1:	C51C05CA6C62947B775024A0A4B463896ACE39E4
SHA-256:	7039BBF8D6AF5395F5A9D86365D217A8ED2D24DBC6A58AE2E84287CFC3028202
SHA-512:	662842A9F4C6CCD3E69C9DF70B1C36AE8862CA29EE291B5BE0D24309544851D80359C645BD730244BB08032A5B172B327DF1F9BCF2B38FA353AF395682F179DB
Malicious:	false
Reputation:	low
Preview:	2024/04/03-08:08:17.867 e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/03-08:08:17.868 e0c Recovering log #3.2024/04/03-08:08:17.868 e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.060771069027548
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZsjd2sBdOg2HXcaq3QYiubxnP7E4T3OF+:Y2sRdsLJbdMHW3QYhbxP7nbI+
MD5:	0B5BEDAE031DB562F5A33E559964169C
SHA1:	BF86FB30E89793745AB58EDC81001166E29505FD
SHA-256:	D9848448A949058EC14A9E51B0F84109C7D1BB68C6F2049EB6806A5D0B818055
SHA-512:	B662C6B2744EB272CB3888EA5B5635DDB8A8C0436040D8B1AFDF2A908BEAE816AC80C09E8AEBCA6B8266082A6BA427ADFC3C848D16EA7F9C63E506E0B46C3550
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356684509736751","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":129148},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\aa63cbc8-6676-4579-b62a-474db838b9af.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.060771069027548
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZsjd2sBdOg2HXcaq3QYiubxnP7E4T3OF+:Y2sRdsLJbdMHW3QYhbxP7nbI+
MD5:	0B5BEDAE031DB562F5A33E559964169C
SHA1:	BF86FB30E89793745AB58EDC81001166E29505FD
SHA-256:	D9848448A949058EC14A9E51B0F84109C7D1BB68C6F2049EB6806A5D0B818055
SHA-512:	B662C6B2744EB272CB3888EA5B5635DDB8A8C0436040D8B1AFDF2A908BEAE816AC80C09E8AEBCA6B8266082A6BA427ADFC3C848D16EA7F9C63E506E0B46C3550
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356684509736751","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":129148},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.238890546925695
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUQpoJt1++UWJt3o:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLR
MD5:	A5B850C310B32743A2ACB14AACC11C41
SHA1:	B210DD9A748E9158A1BA472D83D11BC0382D7EE7
SHA-256:	B4B63E7CCC9995189DACB23AF1F93C879C6C9BC6C3CE7CC2280C8621FD48069E
SHA-512:	65D1DC8A0D328C1CDBE514C8EBD71175FFF7E69EBDD2193CC72D02F562477F556E7F4620EF25133B264E48D83BC7A4C9C443C95E83F81C407E5C8C500B2C1E48
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.143275869605203
Encrypted:	false
SSDEEP:	6:7VWx+q2P92nKuAl9OmbzNMxIFUt8sVWVGFmWZmw+sVWvVkwO92nKuAl9OmbzNMFd:RWx+v4HAa8jFUt80WVm/+0WvV5LHAa8E
MD5:	CD7AF09DE1178F21DD2888CEC284E9C4
SHA1:	CFFE6033A4FA09CBB4DF00FE314D1B14CB897520
SHA-256:	F9F10AD9A4C9BDF1828F8C655BEB50C16B3C3C6CBF965A9BE1531125C350C3C0
SHA-512:	92B9D22835D3A2852F066A03A622811E21CB677B5713CF463923AA01EDCA40549B34561FD92DF21776FF812A177DA844083E1B373C666C041A07DE8BBCE2201F
Malicious:	false
Reputation:	low
Preview:	2024/04/03-08:08:17.919 e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/03-08:08:17.921 e0c Recovering log #3.2024/04/03-08:08:17.922 e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.143275869605203
Encrypted:	false
SSDEEP:	6:7VWx+q2P92nKuAl9OmbzNMxIFUt8sVWVGFmWZmw+sVWvVkwO92nKuAl9OmbzNMFd:RWx+v4HAa8jFUt80WVm/+0WvV5LHAa8E
MD5:	CD7AF09DE1178F21DD2888CEC284E9C4
SHA1:	CFFE6033A4FA09CBB4DF00FE314D1B14CB897520
SHA-256:	F9F10AD9A4C9BDF1828F8C655BEB50C16B3C3C6CBF965A9BE1531125C350C3C0
SHA-512:	92B9D22835D3A2852F066A03A622811E21CB677B5713CF463923AA01EDCA40549B34561FD92DF21776FF812A177DA844083E1B373C666C041A07DE8BBCE2201F
Malicious:	false
Reputation:	low
Preview:	2024/04/03-08:08:17.919 e0c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/03-08:08:17.921 e0c Recovering log #3.2024/04/03-08:08:17.922 e0c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240403060821Z-155.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.1197295883984177
Encrypted:	false
SSDEEP:	96:QqMzNpM/MuMvEMMM1/MMMMMiEJEMMM3Gh4M9JaW6MQnMEMmMMRMrWMMFXWMMErhG:huN2Xxge9LaI/Gf
MD5:	033F4032395A1D74208179F7FA73E311
SHA1:	C3B795776DE57D3D4E8C1FA1E104D3B62BB2B736
SHA-256:	237829B14154F7621EDB8A3C747834CE4ADF007D29A5E17AD51AEB3F9A86C8B0
SHA-512:	96E468FFABB51FCB006F12083168A7470FE078C57AA6A7C4D8E7F48576BE87DB350B658B5B647E1B625EABF7A0A3C6C957635A623E4FF2A14C686D62A5D650A3
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5640

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.3227855716307
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJM3g98kUwPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGMbLUkee9
MD5:	2946635432A28931D8C4A2A18C4C0F5D
SHA1:	FE5D87598D513FE717B2B79056C73362B0D024EA
SHA-256:	B8ED97C58915FE5A8C7C655333BAD44C5C4963CDD78A5F16D603A039F269EA51
SHA-512:	0DC2CD693FEB22A6A6AF415ADFA76BCB186908A1EE13B746FCF4ED826FFA68AB811EFE63A7EE5D919DE2331D2750E59AFA5C680757540FC44FC587B1CC543416
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.259028489771053
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfBoTfXpnrPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGWTfXcUkee9
MD5:	990F43CED77EDC8FCC4CBB0767942597
SHA1:	F1A3AE3C2D43BAA78998E1C4A035C83D8E58C1EC
SHA-256:	D7456AE71B4F5CFD65FF1E6C75EEC7BBC99C5803F8BB259C4F5D1BBEDF242203
SHA-512:	32906FF175BF59D1CC4F9FA30DD7D696F6D8DFB2042815350F39B61D5AD23B58BA771173D5885134FDC15DE4AC439229E542511B2DF412465D8548B895623D65
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.238107953976015
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfBD2G6UpnrPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGR22cUkee9
MD5:	B652946F68EDF9F82475F33AB50DEBD5
SHA1:	8E5A13FA979A0E3FDDCEEEECCA7DA0934DF1A824
SHA-256:	0E6781D9685E6CA43321C57ACC68457E9488C8F76A63534F598DA2C809AFDEB0
SHA-512:	BA6C90D3809384E436AF621DC39A872C27DD91F83845A8981E1D97B0D043A22241CB978D40837269AEF484397FFC33170F50A2B296D55510DFDC446BECB90573
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.30025466631318
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfPmwrPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGH56Ukee9
MD5:	611FD5C0C29A3FC83542AACD659C5ACA
SHA1:	5786748025FC2382BDACB3D46DE1FA374F20385E
SHA-256:	57E2A98CEF355CBC62E03440C6D1D55BE46E5694E2283E6027672949795F043B
SHA-512:	FA43DE9875CBE5481A34B3CE435A4859DC3989F7A9780A547546814308D4EE27C90C4E60A56CB9E435ECFAD2C479501AF5C384CA73886236C83112B50C56ABEE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2580505668580155
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfJWCtMdPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGBS8Ukee9
MD5:	AFA92D174E08B199FC9C4EF81CD675E5
SHA1:	97178BCE623122142010197DCF3DFAFA6F34F9E8
SHA-256:	BCAC941362BBAA17475EAA89B9F318ED99CDB286970F412F4884FF17F8F83E3B
SHA-512:	530A4A508D634A41B70B00BDEAA627208C31035DFC45B44A1372E4CE3C77FC19A2AD486C5AA1B58ECCF42187E3D9466C6EC282D0C025593027FEFF6C1172C2C9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.244261738082369
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJf8dPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGU8Ukee9
MD5:	F76D0EC348E78BE6FEE5815D2FD8424C
SHA1:	BD0677BE4052B6FD7EE93EE8F7D6E85FDED8E0CF
SHA-256:	275B2343B2A1AEE945912B01051E1B01CE59FCCC674528616E412C302F028F10
SHA-512:	D74CEF000A998860CF07E8ED17D4BD0DCF78A3BE484C2B1721F9C2662995D94DB3A9006CD30FDFD4FD560179C0F455CA9DF9D6828478DED4DA39D4F13728EF71
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.245273005199397
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfQ1rPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGY16Ukee9
MD5:	FBFF380D5E55CE5A5BE33B29B4DEB671
SHA1:	F889A6FEACAC0C7D3D81BAA0C806C8DA3AFC20B5
SHA-256:	D973D81B4E54DE2F57886A863453F208CC47460D22804E2CE372E0514B61B4A4
SHA-512:	7214B2CB58640E9DDDD02F50D91CDDDE761A40D68A2DD6BCB7867A4486CC12BAADED0FAD8192434743FE4A573AE793D594FBABE3737E69B9B75D20C9FBFF18BE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.265783967012294
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfFldPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGz8Ukee9
MD5:	943B60445F70E3996ED5AFDE14DCA135
SHA1:	F13B14397B58A8DC866DD93ABDDB6291F8C8ACD5
SHA-256:	38CECCE3203ACAA9B3A7FEC747127469159122E42D0812511D374662590B3323
SHA-512:	A6857249CF8A1B3905F639E4DF16DE1C421CCD45BFCC57238742AE60F5E1F26E8AF4E7AE99631A6593D8F6077AEB032CF90C88FBDE8A7E4C779D7E1A789F46ED
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.272032484865069
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfzdPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGb8Ukee9
MD5:	85BF629CAD0F7CFA8C7B6EC5DDD9E855
SHA1:	CC7CCE312C14C76307EE8E4990072C4C589A4652
SHA-256:	09878DD5E7975CAEF08A0192E5D7EC758174A407483BFF6A8B4E821B31EB7EB2
SHA-512:	751266C8E1111278D6748D7B12A618710D75EF72BB763D573C810AD5264ED376C0363BD7F6333C3F4BC87071D30F4B9836535A5F00F725734F941424C10537E6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.251693574295086
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfYdPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGg8Ukee9
MD5:	81C71F62CFA678D0B723765928301F21
SHA1:	6767B0B77B0CE25B7FBBCD90941A2DE65DF0D16F
SHA-256:	7E51AB1A2B59A3BC40147049FBCDB04F5BD11713C48BC141F3762D3D4563F0EB
SHA-512:	C3F345C321A3511E5342A0C1A7FFA9BA6EAB574DDDCFA8585A32301BD47699D276C9C07A9774517FBDC769B3CECC1A36FFAF756581C232CF140D7CFF6A982750
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.769713649135943
Encrypted:	false
SSDEEP:	24:Yv6XvBFDsFifrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNg:YvALfHgDv3W2aYQfgB5OUupHrQ9FJO
MD5:	41D4E90C943BCD840DD5B4D0A9050F7B
SHA1:	4DB2C3234B9C1DAA1AC14589F81E10742D2D35CE
SHA-256:	ADE9E6309E6557C6682FA5BB8531425330F373C800C05918E459F0EF2CE83D75
SHA-512:	9C69197D5C95E73CF2434BB241DE3CC906E63D740187525D7EF6BF8DFB2F8536E6ACCBD0FBD97DA50D35228358E5ABCD27966DC46E15C2A42127680080AE3F71
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.235572674894755
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfbPtdPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGDV8Ukee9
MD5:	40E15D30EA9504A6938FAEF85441D62D
SHA1:	05353DF7DDA48F59492E1EDEE309BC53CD38E2F4
SHA-256:	457CD39BE2A605A8C4EE96A61B11F617E162FC0CDF664577BA1955FA56662134
SHA-512:	067391552E14BEC16F985A1E88314E4E707B540D6692A6B05C065675B621CFE670EF01A349282E1DF71F394A4715137C56F5DEDE8B93B741CE355C06CE238023
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.236577261108019
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJf21rPeUkwRe9:YvXKXvXRF3TsnUYpW7wHG+16Ukee9
MD5:	7185BC66D4543C4A30100C9A76B9C5EC
SHA1:	C0C0F017AE841E8DD2EFBDAB83DCA439FAB66934
SHA-256:	BB49D44372366F97CB0DFD03754A9DF67889026BF4C63553BF82B29813FB53B8
SHA-512:	0B0632DF4FE83EAB29CC6142D869148F4BF43909F62DEE3FF6F07158A0178F0A4E547BFFEF432E6806C056C97894DABCA741A3D3FFA5E75E5E68EC95F7EA7050
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2590690401383995
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfbpatdPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGVat8Ukee9
MD5:	AC9EB5A36682202C8BC1DFC39A3BAC79
SHA1:	A5C66A0D569C2E62A032EB6471D43B451B044D73
SHA-256:	848CFE7A7225AC0234688BA65ACAE55CA519BAF96FE6AD6A6B4025BCD071A616
SHA-512:	C7CC6DC3714DDF326FA5FEF7365EB07458823A3412B568DEB19FCE6CF6C0AAE02777C9BADEDEAD28DD1F11DA41C34B06FE695991B2F65B445926B61AD68BBDDA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.212584118027046
Encrypted:	false
SSDEEP:	6:YEQXJ2HXvQORF3T+7HHx+FIbRI6XVW7+0Yq0QhoAvJfshHHrPeUkwRe9:YvXKXvXRF3TsnUYpW7wHGUUUkee9
MD5:	8C38FE2D714E52CA814F832458753592
SHA1:	A3B9E3F0EE02C527C59FB185DBCF0183DDD3071D
SHA-256:	DACBAC702ACE488E1123FC0941768E28F6997682BCC83021F5677CF0955C4714
SHA-512:	20705DB1E8817AA83AEC74ADC35BF747C96C25212E4E2C37535BEBAD063712C47A3832C5AB9EEEC91C8F094BDE62BA2ACD7D3DA7B2A691D77CA61BD7EB965537
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.354708997125623
Encrypted:	false
SSDEEP:	12:YvXKXvXRF3TsnUYpW7wHGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW0:Yv6XvBFDsFiO168CgEXX5kcIfANhd
MD5:	4200D4D1DFAF368C2A4B0FBB58B34FA5
SHA1:	B4D82C747089238B1FCADF7184EEC757C0B17CBA
SHA-256:	8232C01981B52C15487F676F48DC046067B6BB15504989CCC86BB95B93894679
SHA-512:	9CEF73E78338ABE19A3F475641E787DEF894C95428A72F3E9A374538FF35D9FBA53D1064C0428292AEDF6D6DE929F15FB4CBBD2CDB1FDF7A2DA44DB9016A9FEC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"72e49ebe-6cdb-4c7a-859b-980fbe042a74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1712302477607,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1712124502642}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2813
Entropy (8bit):	5.118252274127169
Encrypted:	false
SSDEEP:	48:YIdY9ZfUTTQhxuAuHkyfFx5VOHTDQw7ra6KBw8MuH9U59:lY9CfQhxuAuEyfFxezDQw7r0Bw83U59
MD5:	3773AA7E9129E98BD64D2DCBE0A4D84B
SHA1:	14C33F78DCC5CA0929F54D5DA5C8E33811BD7E07
SHA-256:	E21616660288BA28C083AF2ACD15185E27CD2F93ADA7E523221EC9211ECEA9E8
SHA-512:	784F74662379F99F5218FADE55C05F2F837A71D9D44362161315D1CFA75E1DEA8AA9DB999E7B7DCB44321E5409518E55CD79D26B57A93B6318B3114EC26159CF
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"4b6029128f9df309cc012a9efc1a017e","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1712124502000},{"id":"Edit_InApp_Aug2020","info":{"dg":"98c3fc3538f486c0e228126397e58cc4","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1712124502000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"2cea507edad6708b2bce955b9c9423dd","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1712124502000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"ced9d73b6f9f0df369e96eb19e68c119","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1712124502000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"191c4764168237185318aecdc9801939","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1712124502000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"7a87542101f5a92740e487624dc91f74","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1712124502000},{

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9843395123866714
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spwdq4zJwtNBwtNbRZ6bRZ4rdqF:TVl2GL7ms6ggOVpOzutYtp6PJ
MD5:	458F3AD1F3E948E64E064F246B8E332D
SHA1:	9B8FE2A2A5BC5D1FD7FC05E21B36212E599767FC
SHA-256:	59F9F00950B761C0D54FB0399916CCE7DA68039099C7AF2AD4C4577D7A5F7BC3
SHA-512:	973A2580D93F085074910DA988C15CC81080E44CA3A4EA37F52637D738E37EC6918F6F9CA9DFF99B816C0F56C5BCE4BF936BF720CD222E467BCBAF774A1452C3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3378317747068111
Encrypted:	false
SSDEEP:	24:7+txlAD1RZKHs/Ds/SpwdqPzJwtNBwtNbRZ6bRZWf1RZKFqLBx/XYKQvGJF7ursb:7MxlGgOVp1zutYtp6PMMqll2GL7msb
MD5:	BD9D5F9FC5932CE79F03D7B4F0269E78
SHA1:	C511A4DE058BE92159D1C6C6CE838CCB61DDCAB4
SHA-256:	E2526EB28ECFB5AC6CC2ED0A00DAB879C219723CFBB9F00B3385EB18AE953C94
SHA-512:	62D49C6B3BCEAA3466BAFCA954454C1B60CC842F75BCF87688035BCE808F325025396BF2081DC039115A1307803A3E69159A526FD803A276D506650D1758301A
Malicious:	false
Preview:	.... .c.....6.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI79061.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5274671434738973
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82b0H:Qw946cPbiOxDlbYnuRKXm
MD5:	F9A2CF6376FF20CB47874DABC17FA935
SHA1:	15AD06F5D9F22DE47B2E61DB0319BB5DF6E1DD96
SHA-256:	97DB3B87DA3E71D1477E437D7FEE140AA6A6E2E3E6DAECE986FAB25FC7F5E3A9
SHA-512:	AE2ABEFA2D1A667E77783DC931FA4DBE77B10875CEBF0CB9B7CD632F73251650EECA0FD7925509AEDCDC82E0A24FBEC2DEF102F61838EF27904DF5C5816D221D
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.0.4./.2.0.2.4. . .0.8.:.0.8.:.2.5. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A915qv0id_1cblpso_4co.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.073732355288162
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOzEcEhCSyAAO:IngVMre9T0HQIDmy9g06JXjrClX
MD5:	6DC48BE25B2515B345CE42A71F3729FE
SHA1:	FF6D484DFD54DD8D574535C1AC62885AF2D2D885
SHA-256:	0EA6B7817275F8A6A9E7DD2616D62FAA69B8A45C0274D9475F509C6F861ED943
SHA-512:	B6BD79BDCE732A3B93F6E28006EC9A5118F3A1072A5B213717363A21DF0FC7D2C5E02A2FC594DE018FD772EB6ED32FFCDC1A8BDBD60B5756A18700FC45AB832B
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<7BF3A9396181CF4BAA34453064E21ACB><7BF3A9396181CF4BAA34453064E21ACB>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 08-08-19-922.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.347419595292213
Encrypted:	false
SSDEEP:	384:nsw5IBg9kx/hXrI5zw/dnAFNaJKVnnIE8btXv9ng1a7xlRtLasRb+byfZ/5gzrrX:8QD
MD5:	0F081D91378A0799507766138FE0EFD9
SHA1:	94717DA39643C9A6686B7D851D4E55584AF1FDAD
SHA-256:	69AB651E2B54B52FF7B02E2D16893C267D0780EEB51484FBA13483B9C762BF62
SHA-512:	8CDAD1C903B6FFB004E06C7315E6611FC297C7F99112B790687A9554E303BC9EA62F51AF32261C37E30925031D358822BD0DED1635C670840368AEB464019889
Malicious:	false
Preview:	SessionID=ee6a64f8-4333-4de6-abd7-d277981b8ec8.1712124499943 Timestamp=2024-04-03T08:08:19:943+0200 ThreadID=3224 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=ee6a64f8-4333-4de6-abd7-d277981b8ec8.1712124499943 Timestamp=2024-04-03T08:08:19:944+0200 ThreadID=3224 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=ee6a64f8-4333-4de6-abd7-d277981b8ec8.1712124499943 Timestamp=2024-04-03T08:08:19:944+0200 ThreadID=3224 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=ee6a64f8-4333-4de6-abd7-d277981b8ec8.1712124499943 Timestamp=2024-04-03T08:08:19:944+0200 ThreadID=3224 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=ee6a64f8-4333-4de6-abd7-d277981b8ec8.1712124499943 Timestamp=2024-04-03T08:08:19:944+0200 ThreadID=3224 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.393508849573061
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbd:qUUQLgZQRN9RrAt+QRMViA
MD5:	D414E4C6A4F92B456C185F707581256F
SHA1:	B368A2FC26AF8062E18F3384A107088228A943BF
SHA-256:	8D8351B77041274FD3880C70B766B6AA2C9CA59942285481BC70789A7729C197
SHA-512:	26396100E464E549228912BA18C26EDC599C55595F3D034C0A920DD78435D6E2939F0D7B9FFA8063CDC04D28AD163043F25CAD113349605274A9C5B9294B56C4
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\3d142fe4-d541-4b30-a5a7-f073bb54bffc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\5451ae1a-1bd8-465a-b328-c88e819986fc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\9c162e0b-4aa9-4ebb-97b1-95d577da4ab1.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\a64138c6-ac07-450a-90c0-8babd7dff17c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:	PDF document, version 1.5, 1 pages
Entropy (8bit):	7.991199266962408
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Document 35405 (2).pdf
File size:	342'409 bytes
MD5:	4ff9fae10d7736c3572aa9e790956a1f
SHA1:	38b58154a27f443d3ee999e492ab25bd5cb3d5f2
SHA256:	366cf33daf5f3807960a5c3120a793385a038b40483c593c8f3e971879b01c20
SHA512:	3b04752ea93fb334f6477198523aff1665b563e40c0c689a6d471a088f8523f9727b24fa38ec6c8d2686e3d281832d28c96abe2ec6ee5ed1083160e2b9de8d6e
SSDEEP:	6144:JdCmmdsTkTEineK9uAQ3gMO9qYcBnvHCGGUvQQL57e8yf0SZcRczHq8SJwL:LCVwin791Q3gMOiPC+QQL54f0CEiK8SA
TLSH:	F7742336ACD02D2CEC938D018E737406576EFA1271DC1C89657E8A5066CEFC4EBA7396
File Content Preview:	%PDF-1.5.%.....6 0 obj.<<./Type /ExtGState./BM /Normal./ca 1.>>.endobj.7 0 obj.<<./Type /ExtGState./BM /Normal./CA 1.>>.endobj.10 0 obj.<<./Filter /FlateDecode./Length 83672./Length1 278920.>>.stream.x....`.....o.=gwg.d7.c.%\.Y ..FXB.a@.U........x......j.

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	7.991199
Total Bytes:	342409
Stream Entropy:	7.994965
Stream Bytes:	333016
Entropy outside Streams:	5.000969
Bytes outside Streams:	9393
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	60
endobj	60
stream	8
endstream	8
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 984, Parent PID: 1028

General

Target ID:	0
Start time:	08:08:16
Start date:	03/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Document 35405 (2).pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 2508, Parent PID: 984

General

Target ID:	2
Start time:	08:08:17
Start date:	03/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6512, Parent PID: 2508

General

Target ID:	4
Start time:	08:08:17
Start date:	03/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1736,i,14820674299548041102,12000682537271802868,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Document 35405 (2).pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\aa63cbc8-6676-4579-b62a-474db838b9af.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240403060821Z-155.bmp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5640

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI79061.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A915qv0id_1cblpso_4co.tmp

Windows Analysis Report
Document 35405 (2).pdf