Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SR_AD40BM0.1-A01N_A24-ENG.pdf

Overview

General Information

Sample name:SR_AD40BM0.1-A01N_A24-ENG.pdf
Analysis ID:1419164
MD5:aa8ff96636214fb017ed4d31f3e81540
SHA1:945ba0fc78217bd64a2c5f97f74a20708592c0d0
SHA256:3198b142e34be6ef581d4b9a8681960c41f57c27812132de08e06de750316e20
Infos:

Detection

Score:5
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Checks for available system drives (often done to infect USB drives)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
PDF is encrypted
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample is looking for USB drives. Launch the sample with the USB Fake Disk cookbook
No malicious behavior found, analyze the document also on other version of Office / Acrobat
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 7160 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SR_AD40BM0.1-A01N_A24-ENG.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2900 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6632 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1552 --field-trial-handle=1588,i,3979237204365230565,69821222064031274,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 192.168.2.16:49714 -> 23.196.176.131:443
Source: global trafficTCP traffic: 23.196.176.131:443 -> 192.168.2.16:49714
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownTCP traffic detected without corresponding DNS query: 23.196.176.131
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE59D.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE5FB.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE62B.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE64C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE67B.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE69C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE6BC.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE6EC.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE71C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE73C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE76C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE78C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE79D.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE7CD.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\Elevation.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIE59D.tmp
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dll
Source: classification engineClassification label: clean5.winPDF@19/42@0/33
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 08-35-37-986.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SR_AD40BM0.1-A01N_A24-ENG.pdf"
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\SR_AD40BM0.1-A01N_A24-ENG.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1552 --field-trial-handle=1588,i,3979237204365230565,69821222064031274,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 06011184B17684BE71E822C1A4E57BDE
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1552 --field-trial-handle=1588,i,3979237204365230565,69821222064031274,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 06011184B17684BE71E822C1A4E57BDE
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SR_AD40BM0.1-A01N_A24-ENG.pdfInitial sample: PDF keyword /JS count = 0
Source: SR_AD40BM0.1-A01N_A24-ENG.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: SR_AD40BM0.1-A01N_A24-ENG.pdfInitial sample: PDF keyword /Encrypt count = 2
Source: SR_AD40BM0.1-A01N_A24-ENG.pdfInitial sample: PDF keyword stream count = 81
Source: SR_AD40BM0.1-A01N_A24-ENG.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: SR_AD40BM0.1-A01N_A24-ENG.pdfInitial sample: PDF keyword /ObjStm count = 14
Source: SR_AD40BM0.1-A01N_A24-ENG.pdfInitial sample: PDF keyword obj count = 86
Source: SR_AD40BM0.1-A01N_A24-ENG.pdfInitial sample: PDF keyword /Encrypt
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE59D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE67B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE73C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE78C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE71C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE59D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE67B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE73C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE78C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE71C.tmpJump to dropped file
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE59D.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE67B.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE73C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE78C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE71C.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		2
Exploitation for Client Execution		1
DLL Side-Loading		1
Process Injection		21
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Process Injection		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading		Security Account Manager12
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\Installer\MSIE59D.tmp0%ReversingLabs
C:\Windows\Installer\MSIE59D.tmp0%VirustotalBrowse
C:\Windows\Installer\MSIE67B.tmp0%ReversingLabs
C:\Windows\Installer\MSIE67B.tmp0%VirustotalBrowse
C:\Windows\Installer\MSIE71C.tmp0%ReversingLabs
C:\Windows\Installer\MSIE71C.tmp0%VirustotalBrowse
C:\Windows\Installer\MSIE73C.tmp0%ReversingLabs
C:\Windows\Installer\MSIE73C.tmp0%VirustotalBrowse
C:\Windows\Installer\MSIE78C.tmp0%ReversingLabs
C:\Windows\Installer\MSIE78C.tmp0%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.204.76.141
unknownUnited States
20940AKAMAI-ASN1EUfalse
162.159.61.3
unknownUnited States
13335CLOUDFLARENETUSfalse
23.196.176.131
unknownUnited States
16625AKAMAI-ASUSfalse
34.237.241.83
unknownUnited States
14618AMAZON-AESUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1419164
Start date and time:2024-04-03 08:35:04 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:17
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:SR_AD40BM0.1-A01N_A24-ENG.pdf
Detection:CLEAN
Classification:clean5.winPDF@19/42@0/33
Cookbook Comments:
  • Found application associated with file extension: .pdf

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 23.204.76.141, 34.237.241.83, 54.224.241.105, 18.213.11.84, 50.16.47.176, 162.159.61.3, 172.64.41.3, 20.12.23.50, 20.166.126.56, 23.196.177.159
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, p13n.adobe.io, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, geo2.adobe.com, prod.fs.microsoft.com.akadns.net, glb.sls.prod.dcat.dsp.trafficmanager.net
  • Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):290
Entropy (8bit):5.198916841768628
Encrypted:false
SSDEEP:
MD5:E83DFEE4C809EDB6F7FAF3C3C28B84EA
SHA1:E51AA42B246E139DCB90B833E54AC4D3F1FD32F8
SHA-256:68A36D4C4CEBBD0C607BD5DE45736CD08751679664964E3F879D20E90E776009
SHA-512:7BD48A6174AC582127FBABAC5B36A8A3833A0220BCE737E4311DA28098B04153E495F120B38AC51800325A45BC0B7B424E8047E15BAA946BDF62FB21359EFA33
Malicious:false
Reputation:unknown
Preview:2024/04/03-08:35:35.134 19f4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/03-08:35:35.135 19f4 Recovering log #3.2024/04/03-08:35:35.135 19f4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):334
Entropy (8bit):5.14254485137875
Encrypted:false
SSDEEP:
MD5:36942C6F5E008B497F52A3DFAA5B5C24
SHA1:899BCCA4FAAA7CD1B90DAC3E728A14129A08EB52
SHA-256:01DD170B48C8D4DAB67DA90D2A9A8444B6434CCF0316B48357A258D86BF7B770
SHA-512:16D8FF913DCAAA0773AE017F87730A4D2D792B1A1FDFEB76CE1A48558457A8B58F87EFF9D88D9994F13D3DA7BA85490385D7D6C72441A8E3F6D2CB8236AFF06C
Malicious:false
Reputation:unknown
Preview:2024/04/03-08:35:35.039 1a18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/03-08:35:35.042 1a18 Recovering log #3.2024/04/03-08:35:35.043 1a18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\17aeaf4d-b999-4107-b68d-66ff83fa22c3.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):403
Entropy (8bit):4.972245210845698
Encrypted:false
SSDEEP:
MD5:E5E97A920F1A1CAAEDBB707715B7B2B4
SHA1:400FE4ECF9F4C0A0A4208D7C89B7340A6AE16C2B
SHA-256:4B9DF5CD16AEB256236E28CBDEDEAE338F3B3E0824898BDEAC5474A7E7FC3AB2
SHA-512:0FBCFFCC0805CA3E35AB0095AFCA1AFFDF35DFAF9DC7FADFB8917B49798222F60DCFFB89F4E666D77CEAC0CE1EF9F95D2DD369646DBDC5DEA80100F5E0236E02
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356686146606350","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":128445},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\962cc3d5-e632-41ae-894a-d11439f45ba1.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):403
Entropy (8bit):4.953858338552356
Encrypted:false
SSDEEP:
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF67f0c3.TMP (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):4099
Entropy (8bit):5.231232062611431
Encrypted:false
SSDEEP:
MD5:A97A07300AA4A07C34E848EDBEE5C5A7
SHA1:DFACEAD3737B4EA0C17E84250542F783AEC91469
SHA-256:A372F45E9E168152AA5847E661500D161544F9790C45B53AC288D540076D71AF
SHA-512:7F41B6DB4C4DC43E5CC01D656EC2ACEAC7FB06626B84450B94A70BC9E7F35B8571E61F13741C04FC09B02DB66FD7997E62368E1EE0C39205EE1EFC1B32EBF4E1
Malicious:false
Reputation:unknown
Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):322
Entropy (8bit):5.198429437438584
Encrypted:false
SSDEEP:
MD5:0C63303B575B09873406AFC5A126F96A
SHA1:A4FCA957C5777F29CBA23302328D9017764758CD
SHA-256:5D485E680469F4B1BC3F4FB3E08D86115FFFCF433446327EF0A1DF7387FCF847
SHA-512:0A78EE3781397BCAB532169AB004E9705F604F204607E0944AD9FA61337B316774ED94A753DD28032E3A9B9D2142E348BDCC1572DA357BCC50AB44A14C42BFBA
Malicious:false
Reputation:unknown
Preview:2024/04/03-08:35:35.175 1a18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/03-08:35:35.176 1a18 Recovering log #3.2024/04/03-08:35:35.178 1a18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240403063539Z-230.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:dropped
Size (bytes):65110
Entropy (8bit):2.3873512568659114
Encrypted:false
SSDEEP:
MD5:7BF7EEDC7F45DAC3E109745A6DF3FE77
SHA1:05D03B563ABCCD899ADDCF34B478C0BD5CD36ADA
SHA-256:DF6FCE7C4C9055A6CE692D76A381F8F91CFCBAFEE4C5A84D94CA20BAE7756A5E
SHA-512:6F757D3A9745396E9ED380D626490DBE0EB6C8100C5217F9F3FB4002FC1211545C9385BC17492BDF53CC449C0E51C61A7A57ECA0127E4916231E6B9A95698F0B
Malicious:false
Reputation:unknown
Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:dropped
Size (bytes):57344
Entropy (8bit):3.291927920232006
Encrypted:false
SSDEEP:
MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):16928
Entropy (8bit):1.2143690290588536
Encrypted:false
SSDEEP:
MD5:D4FF5FB2136BC7FDAE455299848362CC
SHA1:00304B872FE3098DFA17A2A1940A97B3927FAF6F
SHA-256:0D2D2C47C88F794645CC32F4F8D9147BB3574E2DEDDF4C78248120F36C4D590B
SHA-512:D6AF504ABFCB8C1F5931CE80AD4CFEC2785E1D62515C351FC6CC813A4790D12EA10C13D617E6E2D53D732AE6E59EB197E444F7067A0D2084E0B665470281C030
Malicious:false
Reputation:unknown
Preview:.... .c.....t..'........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.342491865342198
Encrypted:false
SSDEEP:
MD5:93329C09AABDCE87D4BB89052DF4A80D
SHA1:CF61B668E5D6057946F7B7B9B057CC1ABD9C6609
SHA-256:20F60109D1E91A6264F7C9E75B4C121E017D96F66B3D9A13C3CE6CBE9BC184C8
SHA-512:497652DD765C8451C40563390A826833B07B43B417FF0A27344AFF5A48CBB5A86EDA45F9D56BCF43CFD8B701D21BC93B53FEBB9DEA86993826372EE9716B200F
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.28905753983878
Encrypted:false
SSDEEP:
MD5:34279108F356BEBC72140D82E47EE20B
SHA1:FDDBA280B1141BEE9B7C23A916C2994B3BE98A9B
SHA-256:214AAB515EE2CACD384EC988BE47500FFA73AC14EF83C3EB1FD3DE5A0278F4ED
SHA-512:113F59021B07F7BBECE851BE8B3897F93BA089F4568511E0AEDC5070B60DEEA1A09EF7DA7D74740BF2B49DB91FDE5E9BE5E189AE4CB8864979DD800181447D77
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.267878614884379
Encrypted:false
SSDEEP:
MD5:706A80C0D68EA8F8B0BE5750C0E03B6F
SHA1:D15BBBEF334CFA8D1A09640C33E50A4372D631B7
SHA-256:C7D2B26E9D66BCA891264C9484B4A959C56478D9AD026F084BDE659C8CAB0B5D
SHA-512:FA21D9FB296890A5449B29AA1886DAC3F14FA6C8158CAF9749C9B8B8BC91206CD27796DE39E382A6CD85EEE0A96926B29233971034EB7EA19230AA6737D911B5
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):285
Entropy (8bit):5.330139720013896
Encrypted:false
SSDEEP:
MD5:0EA14C1D8DB6776BD4FE936B64519C45
SHA1:93FA15F4524530949D13714D80E8FD7A7882532D
SHA-256:EA5A25AB3070E201DEA14F870AC6AA60346F86C83C70631F2166DE7FF934FCE7
SHA-512:6169DDBEC0B006F6574453CF82FEFCAFC79BC08E4C99599DF7D51ABE55864128BB8216BE2EEE607C2D080DE616167E3E46A518E6A231D9F41CD64C96B0E21E00
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.2873778641922335
Encrypted:false
SSDEEP:
MD5:E473B0B4083681F3DABAF88A9C66E515
SHA1:58D843543D75B00C45ADC2A08F5EE89CB8E89E45
SHA-256:BF0A7308E274832C2E0AF5EA363F72D8079380B12859CAE1D0896F6DDAC76875
SHA-512:B7D6A2ED3F0B06732F044E3138D862BDC1C0B2C7EA00D99A9C86CA57BD98EAA6345B5426E517511149D533F7DBDA9140CE4D0A0F2F28CA25C01AE053B0E0D47A
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.274306934150969
Encrypted:false
SSDEEP:
MD5:B4A5A927A5E2B61C78CAE5A7BE69D9C7
SHA1:964C2A4EF8C11EE5518043B6E19E07FAE788D11C
SHA-256:3C505B7D380FD56C2AFBF130F882FC8056E7BF45CC595501B67F138E94589DC7
SHA-512:0F856EE82360DBADD52BF34A4BA07D5F70A693786749F616BAE06576A1D07EBEAD7A9626D1F7CE25D78A5BA8A6806FAE147CEDECD924AF241C4847D6C9390141
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.277513955543785
Encrypted:false
SSDEEP:
MD5:9D1E067E5D639E2DEB80CFF4FFCA8338
SHA1:DC728B542DC0D63C88F5504F150B98DA66EEFA37
SHA-256:1D0D427DF082FC780AC2026CBD306B030BAB21277FCCD6DA2925FE36E7C5998E
SHA-512:90E11FFA65382FD48C1A91C4BB356CB3C50B4D9FB5A649C98BA59FBCE804C1FB080E98885B24D82DBA4A4537C0577279611188FA2CAADABB1F3A2B7A0C3ED6E7
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.282774118830573
Encrypted:false
SSDEEP:
MD5:02D2E0BAC9EC1D4CCA9B9B265154C957
SHA1:83696CBA015DC23275CF2F77C65A06EC47DE8CE5
SHA-256:D8C504C24C327E3519B967EAD120C2D1CBB1195FD4890F1F85B59CB8887EFB6D
SHA-512:5F7D016A56538658E86692D6F87B653F11D06940FD72E3B2B77D7F5720F9D7ADF4DE0B8BFF3A2F90B327567676F01D71A419AAF94FEFD771C2EFA1706AD73F63
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.299547465707525
Encrypted:false
SSDEEP:
MD5:FC6EDFEBD8E5BCA3BDF0126737002E3A
SHA1:3EC5C18143374FEF711DC248BA2BA36FC6CEAEC5
SHA-256:09059574136CD94219B070BA5B0E5FAE6EA41F9215B7B7327EADD3A05A65751A
SHA-512:9C586C3D0724DD7F6A76C526452C3AB71540518B87E6EE00FE9A3AC332D634B3739AA974C735B8CCE245ABD525CA40A0FA19E97AC471110287B5011F1CB4744A
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.280320137499715
Encrypted:false
SSDEEP:
MD5:05B9DE7FB60FBA8DA610FAFD955F6DF5
SHA1:9A5EC78E28A76736E9239281EFB203990D360ABC
SHA-256:2FC27CF2E6ACA29E19F1678DD4DF39250A513E2FB6E8A765C728BCDBFF04BB0D
SHA-512:08749889357A0889EAD195080F9276E12A5E3AECD8425E0D86D2DEF14538F7827F2CADE3EF6D81DD1A41856AD30E7EB5CFF878B5131D767F674176C14701B8C2
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1395
Entropy (8bit):5.76394853064917
Encrypted:false
SSDEEP:
MD5:47AD3C6DCA31EA398EF3B84A47C141EF
SHA1:0FE2D72C890B492FDB51493E8E322BB299E127C9
SHA-256:4FCF95437979AFE7244394815CAA81A7A69BB5B06383906491939FF00B2447E2
SHA-512:177BE5CBDD33460E3B58CDDD9FE51441B8B00EF733B3F37C1B9D381F1F38797841073598F8AE0CB2C73AC793C02900A8677A163BCE7973813B0B32206BFE074B
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):291
Entropy (8bit):5.264002491960522
Encrypted:false
SSDEEP:
MD5:734FC20D08DFA08732F54D7082A531CD
SHA1:712CA82149CFC730C138311EF735F7FAA23B1B1B
SHA-256:DEDFD390CDE3E8400A8973B293C58E83050A8D351261CEECFA7467EB91901596
SHA-512:AC0CD7F1FAFD41E5462102961C975F254B649F3A62F2A3AE2F1EFC820BDDF8F0ACCEE8C6406CA0CEC20B1596F184EFDD0865E49981E62F0085A414EDA9C47485
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):287
Entropy (8bit):5.267686690341544
Encrypted:false
SSDEEP:
MD5:90C92F9F7A2B4B48E5B2F996F03E8E58
SHA1:C1C51DD4E58849C8AFDC82A231410DDE61646459
SHA-256:F3A597B265E52D9E6FB01EC085DB9494CCAE7D2A637C883836F9C9ADC56F7C32
SHA-512:D3A6A50994A9F48E8E3AC9028F68A77C0C321B988F1B1F7794CD3D70C6334F0F7BD7564CE3A904503E8B5BA3F08D353243BEE090646321AAA95E91E3ED3FB6EB
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.287432743782986
Encrypted:false
SSDEEP:
MD5:41439F8210A72375AC0E9EF67712D9E6
SHA1:7EC72A56118507BE614E914B94AFC4BE94F1B4EE
SHA-256:D249CD03E7265B36A98C8E68E277D6CE8EF3539B4FE87DF0A28E308C63108F06
SHA-512:21EF4DFB4BC5A4607EFC2C7F4B7B175A19F2307FEDA10230E78CA45F4FE00081A6E9B13B2B4302FBB42180750425BB0C36A0F90F92344184BEB1101CC7BC3423
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):286
Entropy (8bit):5.242114748896878
Encrypted:false
SSDEEP:
MD5:66F77AE5488B6E268C32A98745D90CBF
SHA1:6F568BFA7191AE6A0E4A15C31D8BFB95BD8372DC
SHA-256:FBF28B0813660159A78E27E881FE114E41EB120C7D6B3421CE933FC4C6E92D1D
SHA-512:4D96EBA1D08ACE23929F7127803B7B2A82965AC9FAE61322B702F904D3F3FC792465AB5C9AF48D05945AFF271D478D38EB315A33E713D308D4054826B8453AAC
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):782
Entropy (8bit):5.356498495895757
Encrypted:false
SSDEEP:
MD5:2E44D20EBF32E182C8CA7E76798E597D
SHA1:AFDD87D8D099436C835AB95C5973CE408D81B2A5
SHA-256:358DE31ADDB9161653AA83555CD3372609422D2EA7658BE416E26F18D7B4B791
SHA-512:B3E15B603B6EE082DC2B5864AC8FDFDFA1389B56673AADA46F7D5A076FE6A91F895C2B85E46D149B21BEBA0F214AA932ADE4B4A41D2915595B36934757F71B50
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"a2cca303-e30a-4b30-bd18-3eb210edda8f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1712301011359,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1712126141394}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Reputation:unknown
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2813
Entropy (8bit):5.12235879939367
Encrypted:false
SSDEEP:
MD5:2C824E7070AFFAB8F4F7DCF09B8E0205
SHA1:CB0192250FB749593B9B205B99D34F3D2AD08D31
SHA-256:F8F240333833DE0621A26B75BF24118EC4A7A55ECD163122BEAE6BB767E6DFCB
SHA-512:0B048DD43C04C81E61802E078F03FD5E7692311AE6305D422A296615A9572E50884FA747C882B2225560A513BC0933D3268EC744DBFE7040396E5AB38F7A080A
Malicious:false
Reputation:unknown
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"01950c083f44a66b9e5fb3d9aefff95c","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1712126143000},{"id":"Edit_InApp_Aug2020","info":{"dg":"400a53dfd838253655625e5e855e9070","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1712126140000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"3037a6f69544ff40c7cbc18470cb9439","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1712126140000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"05706b04c40cdc694591aba5f97c0ffb","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1712126140000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"62d4d0a23056b6c21136362630220ee1","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1712126140000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"0c1ec8e0356d94101a530f72f5a7d262","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1712126140000},{

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:dropped
Size (bytes):12288
Entropy (8bit):0.9874046361526946
Encrypted:false
SSDEEP:
MD5:D46B97CEAB6767833187708D9D8E3EF8
SHA1:31F3CA0189DCC7C94FDB1BB24398D787F4CAC194
SHA-256:1050F1D37D0C518AEE8C9D81DE44A09F6E46BA5D46390FECF63FBC59D2032E54
SHA-512:4DB2C32CA192656765229F718B713241F0FEFB2E57E42A3526DF54F4BCD6C22934748DC72D0C4518B9A99A3CC36A31754BEB0EE165D2C7FBB073852F1F91AB68
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.3416138682843353
Encrypted:false
SSDEEP:
MD5:4B20B784873CA04CB46D4C117AB51FA6
SHA1:2757A3AC903B40ACFF282DF262C4820C8781F1B4
SHA-256:3CCBCB938B961ABAFB919B5A18FE07A6D05DD20AB019E87FBDE46E07A92BAAEC
SHA-512:BE584581B685B5BA52419EC3F74E18DA4C2E54E6A04DA8817CF0FF73E34565C4F87437C86060496951B7E3960D48BB5442DD21D1B84AFDF3682D3E3000993ABA
Malicious:false
Reputation:unknown
Preview:.... .c.....B..k......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI6e82d.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.5329345335875004
Encrypted:false
SSDEEP:
MD5:6F2F65ED326FE33FEABFBB66E851EAAA
SHA1:734418543D90E647379F469A4B4614DFD819B90B
SHA-256:F88D51F9216EC37A98ED7CB6F5603F96BC8C06FD5B14EB01FD379866F4CCB2EB
SHA-512:048285E2339814D907AA1824D995CE6B211B185875A13CEAA76742EF4F61C2D26863866A87392AAA90C336AC72BDF20A7BA058A63833ECA39F21B2CDFC4506D1
Malicious:false
Reputation:unknown
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.0.4./.2.0.2.4. . .0.8.:.3.5.:.4.3. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-03 08-35-37-986.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.353642815103214
Encrypted:false
SSDEEP:
MD5:91F06491552FC977E9E8AF47786EE7C1
SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:false
Reputation:unknown
Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29752
Entropy (8bit):5.4214785911315335
Encrypted:false
SSDEEP:
MD5:2F828A3A3C5EDBA53F754FA1B5DA5F24
SHA1:F17A96FEF30F87A240EC98B3C69A00E8B6BD545E
SHA-256:74F81B9146F8DC57AE1CD689ED3B1DF2271E867710F4CD4B468F67894C4238CB
SHA-512:E6FB169D29F42D0AA6116C7DA09DB04EA94F323989B7EE956CF3F4D0F45AD99F08A3AD936A6AE7FC8A9ECC9177BBE78D14F30AFC7C1B12A0CDD70C8B9EA90AF2
Malicious:false
Reputation:unknown
Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\492ed157-413a-4ee3-b501-37a035f4c6e0.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:
MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:false
Reputation:unknown
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\632c6907-a28e-472e-b716-81f1f99b8a8a.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:
MD5:5C48B0AD2FEF800949466AE872E1F1E2
SHA1:337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:false
Reputation:unknown
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\cefa1696-13ff-4d16-b4f5-7cfed40ab00e.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:dropped
Size (bytes):1419751
Entropy (8bit):7.976496077007677
Encrypted:false
SSDEEP:
MD5:FFA982D6F2F9B46A1DECDD28BF3EF0E1
SHA1:B1D05ED9BD6A80BD0E3377E9F62B47EF83FCC0C8
SHA-256:93D954FA4BBEDCDFBC7BF14FA1BB3986056261F4A5035C3CFF229FF16D12B78B
SHA-512:BF2931508F2039FFF4A74EC9B2FF2706FCF05DC5D56E22CA9C74B7C4AF9E8B4173419791DE648FD77AE7C4B441734E7C70C964A2B91C816FC98C9BA78BEB7879
Malicious:false
Reputation:unknown
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\df71efca-8896-4f9e-95ba-9bbacfa62d43.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Reputation:unknown
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Windows\Installer\MSIE59D.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):850392
Entropy (8bit):6.206852111668413
Encrypted:false
SSDEEP:
MD5:02BF4F9572D87DB0A85662B792E0D3FE
SHA1:A7E2CF47C9EC8A812457055DE5CBB92E230AC14B
SHA-256:0D94E8ED592846BA7B7D035F08D753BB89514D230AD0B494E50D86DD5220AB34
SHA-512:5CCEC1878AC317AC9CBE8E108CB3F85DBAD9688F9010319079A9F8EB43050A72D4A43EE8E53C773FE85AE4B68FA6DF7D3DC75E2E023A584967837622FCD9E0A5
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......-8..iYmIiYmIiYmI21nHbYmI21hH.YmI.6.IhYmI.-hH9YmI.-iH{YmI.-nHeYmI21iH}YmI21kHhYmI}2lHkYmI.-hHcYmI...IkYmI21lHzYmIiYlIpXmI.-dHdYmI.-mHhYmI.-.IhYmIiY.IhYmI.-oHhYmIRichiYmI........................PE..d......d.........." .....2...................................................@............ A........................................0<.......J....... ..........lQ.......)...0..T.......p.......................(.......8............P..X............................text...L0.......2.................. ..`.rdata.......P.......6..............@..@.data...t5...p.......L..............@....pdata..lQ.......R...f..............@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..T....0......................@..B........................................................................................................................................

C:\Windows\Installer\MSIE67B.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):530392
Entropy (8bit):6.45816181579208
Encrypted:false
SSDEEP:
MD5:063D4491FF8D8146B167EE4B24E304FC
SHA1:D7178B029828DB23A115D224DCA3130B7ED9537B
SHA-256:0A100DC7F447CC980491199F5D0583FA7D44D8FE7A1632482567C617F10FE54D
SHA-512:834ADB66F6E12D9DE5AEDE21EFF716EE6893B9F168FBE835AD6FD7434800CF2C38B9ACA555C828041E07F866D12684536ACF996A82E11C53B48ABF6A005F0CD8
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......{. .?.N.?.N.?.N.+.J.4.N.+.M.:.N.+.K...N...K...N...J.0.N...M.6.N.I.5.=.N.+.O.2.N.?.O...N...K.<.N...N.>.N....>.N.?...>.N...L.>.N.Rich?.N.........................PE..d...g..d.........." ..... ...................................................P............ A.........................................q......\r.......0...........T.......)...@..........T...........................@...8............0...............................text............ .................. ..`.rdata..pQ...0...R...$..............@..@.data...h)...........v..............@....pdata...T.......V..................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................

C:\Windows\Installer\MSIE71C.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):497112
Entropy (8bit):6.438361119688651
Encrypted:false
SSDEEP:
MD5:4F89DA665E512350058C520174611135
SHA1:0A4720B834E50D7DBB850F112E322D6FC64334B1
SHA-256:EC2FF4D9ABD96A9E42E01DD98BDEFF390C05729FAC3FEE50AEB6D88398B1E653
SHA-512:981DB94F68C3366909CA1D032E622C53420B1E9AF81BD2C30F8482082DE4539F269AC87D67AFBDC890AE2096CFF0CD3A4F1EDF0EE0D98767FC7330425D9E3BCB
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6qS.X"S.X"S.X"G.\#X.X"G.[#V.X"G.]#..X"..]#p.X"..\#C.X"..[#Z.X"G.Y#Y.X"%z#"P.X"S.Y"..X"..]#W.X"..X#R.X"..."R.X"S.."R.X"..Z#R.X"RichS.X"........PE..d......d.........." .................h..............................................|h.... A.................................................................@...S...l...)......(.......T...............................8...............8............................text...p........................... ..`.rdata...G.......H..................@..@.data...x)..........................@....pdata...S...@...T..................@..@_RDATA...............Z..............@..@.rsrc................\..............@..@.reloc..(............b..............@..B........................................................................................................................................................................................

C:\Windows\Installer\MSIE73C.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):211408
Entropy (8bit):6.337608794464878
Encrypted:false
SSDEEP:
MD5:0FB71A79C1269E2BA50FB92EB92866D6
SHA1:7292A917707D174F7F98BBCD7E248000EBCFE9E0
SHA-256:E9E4ADFA160CE9BBEDA6A083C42562FDB33A8C9261F85EDC682528333813B7B6
SHA-512:0C2E80768302FB009298B288B06BB9E62DB91FBD04163F0FAD707F9CC84445985CF811839A6C6CF022817F4405276B63B7BA46C5C67E24FD5A90CF976FFD4144
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3.O.w.!.w.!.w.!.c.%.|.!.c.".r.!.c.$...!...$.T.!...%.x.!...".~.!..cZ.u.!.c. .|.!.w. ...!...$.r.!...!.v.!.....v.!.w...v.!...#.v.!.Richw.!.........PE..d...=^.c.........." .................v.......................................`............ A........................................`...X............@..p................)...P...... ...T...............................8............ ...............................text............................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@_RDATA.......0......................@..@.rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

C:\Windows\Installer\MSIE78C.tmp

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:dropped
Size (bytes):498640
Entropy (8bit):6.435753543146649
Encrypted:false
SSDEEP:
MD5:1566E699EE42EAA571700F3AD30B2DBA
SHA1:D2B11F53310AD7118B6893C46EA815F9C7BF9CE2
SHA-256:4BC5FC5CD0AE661B4FFE6AD9E12E55B233F471BA84F40CBA7BEB0CEA8822E831
SHA-512:52F8B86486BC22198CDE10F91D4588A7A939580327E8BA03B254D5A2C915B039775AFE696FE2014AAECF83EF514D3123C6EC68244B40603AA5D980F7E4C1BA1B
Malicious:false
Antivirus:
  • Antivirus: ReversingLabs, Detection: 0%
  • Antivirus: Virustotal, Detection: 0%, Browse
Reputation:unknown
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................................N.......N.......N................:..........:...L.......L.......L.,.......D.....L.......Rich............PE..d....].c.........." ...............................................................3_.... A.................................................................P...Q...r...)..............T...............................8............................................text.............................. ..`.rdata...S.......T..................@..@.data...H)... ......................@....pdata...Q...P...R..................@..@_RDATA...............`..............@..@.rsrc................b..............@..@.reloc...............h..............@..B........................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File
Process:C:\Windows\System32\msiexec.exe
File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:dropped
Size (bytes):454234
Entropy (8bit):5.356163486568204
Encrypted:false
SSDEEP:
MD5:3E28AFC7E618592DAE47E86D06A61EA5
SHA1:6D88103FCEB01A6C5D1B12F852529D3CDC5CF5FF
SHA-256:AC789B15F2AE1D624D81F66D5CE74341478D1BCD47EE4150845D009526057D73
SHA-512:DD0D86855EE9FB9168898C2C66F6403CF57F49823EC122510B3B567FA1D8C92E83606AA901EF814945F3CCA29E0E2783A2864481AEEE35DD198652F746F23C90
Malicious:false
Reputation:unknown
Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

Static File Info

General

File type:PDF document, version 1.7 (zip deflate encoded)
Entropy (8bit):7.972853438205484
TrID:
  • Adobe Portable Document Format (5005/1) 100.00%
File name:SR_AD40BM0.1-A01N_A24-ENG.pdf
File size:312'541 bytes
MD5:aa8ff96636214fb017ed4d31f3e81540
SHA1:945ba0fc78217bd64a2c5f97f74a20708592c0d0
SHA256:3198b142e34be6ef581d4b9a8681960c41f57c27812132de08e06de750316e20
SHA512:ea641d2ce413298d8a50e86352011665e2b24cc64944737439963f76f8c3fbbc024274ffbdf06baf96122964b4090b6f93daa28879f6f6223c7921e0f4c4dfae
SSDEEP:6144:A72aVE4dnpNV/VfruI/K3LfK/nMuUY77zlNWqSTVF:ITVEKJVfKI/K3+vqubBST/
TLSH:086412ECA380189492A9C2F5B34C42E2222ED0FB7C45376AEE095B174559DE3E7E5CC7
File Content Preview:%PDF-1.7.%......843 0 obj.<</Linearized 1/L 312541/O 846/E 266121/N 2/T 312089/H [ 663 350]>>.endobj. ..896 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Encrypt 844 0 R/Filter/FlateDecode/ID[<541A29A77C090C4DA3D95554B18CE4EE><B3DA0EEDA453D9

File Icon

Icon Hash:62cc8caeb29e8ae0

Static PDF Info

General

Header:%PDF-1.7
Total Entropy:7.972853
Total Bytes:312541
Stream Entropy:7.999349
Stream Bytes:290436
Entropy outside Streams:5.313282
Bytes outside Streams:22105
Number of EOF found:2
Bytes after EOF:

Keywords Statistics

NameCount
obj86
endobj86
stream81
endstream81
xref0
trailer0
startxref2
/Page2
/Encrypt2
/ObjStm14
/URI0
/JS0
/JavaScript0
/AA0
/OpenAction0
/AcroForm0
/JBIG2Decode0
/RichMedia0
/Launch0
/EmbeddedFile0