Edit tour

Windows Analysis Report
24R-0168EG - COPIRG Initial Comments_5-18-24.pdf

Overview

General Information

Sample name:	24R-0168EG - COPIRG Initial Comments_5-18-24.pdf
Analysis ID:	1446059
MD5:	659c64bcfde894f10b9d7048041d6027
SHA1:	279f6bce6b46f6eb121149bd4c49a834eecf91f7
SHA256:	62336ada52c09834a43c1b36802cbdab7f76aa641ff0fca515bf0841ff26b465
Infos:

Errors Corrupt sample or wrongly selected analyzer.

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Detected non-DNS traffic on DNS port

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7544 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\24R-0168EG - COPIRG Initial Comments_5-18-24.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7720 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7900 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1712,i,16201907809471849769,3555753454863499032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://www.sacbee.com/news/politics-government/capitol-alert/article277266828.html#storylink=cpy" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=2004,i,17399066712668099153,11573633546265536389,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49766 version: TLS 1.2

Source: global traffic

TCP traffic: 192.168.2.4:54070 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 23.47.168.24 23.47.168.24
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.43.61.160
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.126.163

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Lv8oHE5THCpHAeu&MD=d3g1xeoH HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Lv8oHE5THCpHAeu&MD=d3g1xeoH HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.sacbee.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf	String found in binary or memory: http://neevia.com
Source: 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf	String found in binary or memory: http://neevia.com)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 54075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 54075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.43.61.160:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.4:49766 version: TLS 1.2

Source: classification engine

Classification label: unknown1.winPDF@49/45@6/4

Source: 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf

Initial sample: http://neevia.com\

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-22 15-28-22-595.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\24R-0168EG - COPIRG Initial Comments_5-18-24.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1712,i,16201907809471849769,3555753454863499032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://www.sacbee.com/news/politics-government/capitol-alert/article277266828.html#storylink=cpy"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=2004,i,17399066712668099153,11573633546265536389,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1712,i,16201907809471849769,3555753454863499032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=2004,i,17399066712668099153,11573633546265536389,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf	Initial sample: PDF keyword /JS count = 0
Source: 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A91ygbxy3_uqn6eh_5v4.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A91ygbxy3_uqn6eh_5v4.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf

Initial sample: PDF keyword stream count = 54

Source: 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf

Initial sample: PDF keyword obj count = 71

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://neevia.com)	0%	Avira URL Cloud	safe
http://neevia.com	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	172.217.16.196	true	false		unknown
www.sacbee.com	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://neevia.com	24R-0168EG - COPIRG Initial Comments_5-18-24.pdf	false	Avira URL Cloud: safe	unknown
http://neevia.com)	24R-0168EG - COPIRG Initial Comments_5-18-24.pdf	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.47.168.24	unknown	United States	16625	AKAMAI-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1446059
Start date and time:	2024-05-22 21:27:34 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	24R-0168EG - COPIRG Initial Comments_5-18-24.pdf
Detection:	UNKNOWN
Classification:	unknown1.winPDF@49/45@6/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document URL browsing timeout or error Close Viewer

Errors

Corrupt sample or wrongly selected analyzer.

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, MoUsoCoreWorker.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.43.60.134, 54.227.187.23, 52.5.13.197, 52.202.204.11, 23.22.254.206, 2.16.100.177, 88.221.110.59, 88.221.110.75, 88.221.110.64, 88.221.110.91, 88.221.110.89, 88.221.110.99, 2.16.100.176, 88.221.110.112, 172.64.41.3, 162.159.61.3, 2.22.242.88, 2.22.242.130, 2.22.242.11, 2.22.242.224, 2.22.242.122, 142.250.186.163, 23.197.52.12, 172.217.16.142, 64.233.184.84, 34.104.35.123, 2.19.122.199, 2.19.122.216, 142.250.181.234, 142.250.184.202, 172.217.16.138, 142.250.186.138, 142.250.184.234, 142.250.186.74, 142.250.185.74, 142.250.186.170, 142.250.186.106, 172.217.23.106, 142.250.185.202, 142.250.186.42, 172.217.16.202, 216.58.206.74, 172.217.18.10, 172.217.18.106, 2.22.242.136, 199.232.210.172, 142.250.185.131, 142.250.185.206, 23.196.230.25
Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, mi.edgekey.net, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, e49.g.akamaiedge.net, clients2.google.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.47.168.24	PIO88938MB.docx.doc	Get hash	malicious	Unknown	Browse
	http://jimdo-storage.global.ssl.fastly.net/file/a45fef49-77a5-4e4b-b081-f19dd1b9626e/b0aa30c8-07ba-4acf-a6e6-856aaa7da320.pdf	Get hash	malicious	Unknown	Browse
	http://6.imimg.com/data6/Rfq/2024/3/404696953/HX/AW/IV/217882449/square-breathing-pdf.pdf	Get hash	malicious	Unknown	Browse
	phish_alert_iocp_v1.4.48 (23).eml	Get hash	malicious	HTMLPhisher	Browse
	https://app.nihaocloud.com/f/bf027d5695e84bac920c/	Get hash	malicious	Unknown	Browse
	MDE_File_Sample_f29ce0d93859cca71356213c6e187a644debf0c9.zip	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://docvmentdrive.au1.cdn-alpha.com/wordplusnero/Payment.pdf	Get hash	malicious	Unknown	Browse
	qqeng.pdf.lnk	Get hash	malicious	RHADAMANTHYS	Browse
	D21 .pdf.exe	Get hash	malicious	Unknown	Browse
	D21 .pdf.exe	Get hash	malicious	Unknown	Browse
239.255.255.250	https://drivestorage.live/b/shared/lNyF6ygG	Get hash	malicious	Unknown	Browse
	https://public-usa.mkt.dynamics.com/api/orgs/73621b0f-9313-ef11-9f85-00224806e526/r/WKmfOruHV0W6ncX4hUVNngQAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fprinttechsurl.com%252F%253Fkvifjwdf%2526qrc%253Dbmitts%2540highlandfunds.com%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=iyIjxuY%2BqqaAcbuKe8o9oixwHYyorXvjpRbJyVpqnp8%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee	Get hash	malicious	HTMLPhisher	Browse
	https://clk9.com/enews/t.aspx?S=303&ID=167904&NL=23801&N=83374&SI=9532795&URL=https://nakshathraa.com%2ftet%2F37534%2Fz63jq6lifb%2Fc2hpcmxlZS5kaW5vbGlzQGFtY25ldHdvcmtzLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse
	https://tome.app/magic-inc-575/battalion-oil-corp-clwf4e8zj1eawod650qdnv0xx?page=kr1gn8q23ho9ojwq7i3rue30&d=DwMFAg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://bunmioyinsan.com/404.php?7-797967704b53693230746650794d394c5361334d7a632f50307973713163744c4c644776536a59334337616f384e4850424d705536475755354f594141413d3d=797967704b536932307465767143677379306c4b4c5333504e74444c4b63334e4c4d354c4c4b7255793873763079737131516341&em=bWplc3NlQGJyb3duaW5nY2hhcG1hbi5jb20=	Get hash	malicious	Unknown	Browse
	https://umn.adnxs.com/clktrb?id=092070&redir=//cloudflare-ipfs.com/ipfs/bafybeia2uvj3sitwpuaf4jgessydk6eoaspcym62bihuwbygggcbgd4nna/?*/oMTqwOWufzKCNnxPSr8v6y2ySjfHWwR+7bB3gi8sS7dz5VngVaYN21vSPDPIt+zL2eLaYM3MXtiohyqv#cGhpc2hpbmdAdW1uLmVkdQ==	Get hash	malicious	HTMLPhisher	Browse
	https://tome.app/magic-inc-575/battalion-oil-corp-clwf4e8zj1eawod650qdnv0xx?page=kr1gn8q23ho9ojwq7i3rue30	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	http://alladvcdn.com	Get hash	malicious	Unknown	Browse
	Airbornemx SWIFT COPY _ Wednesday May 2024..rtf	Get hash	malicious	HTMLPhisher	Browse
	http://curve-amm.com	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-invite	Get hash	malicious	Unknown	Browse	23.56.162.185
	https://cs-server-s2s.yellowblue.io/sync-iframe	Get hash	malicious	Unknown	Browse	88.221.168.23
	Quarantined Messages.zip	Get hash	malicious	Unknown	Browse	2.19.126.160
	http://sallywilliamson.com	Get hash	malicious	Unknown	Browse	2.22.155.216
	New Voicemail Vote.html	Get hash	malicious	HTMLPhisher	Browse	104.97.44.213
	http://phantym-wallett.weebly.com/	Get hash	malicious	Unknown	Browse	23.37.48.101
	https://innate-acidic-slip.glitch.me/public/zn0u.htm?/NATWESTB.ANKCR.CARD/info.htm	Get hash	malicious	Unknown	Browse	23.36.234.187
	file.exe	Get hash	malicious	Vidar	Browse	92.122.104.90
	https://bizzerba.com/?ksoxtyqh&qrc=eaastsales@tronicsamerica.com	Get hash	malicious	HTMLPhisher	Browse	23.38.98.103
	file.exe	Get hash	malicious	Vidar	Browse	23.192.247.89

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://drivestorage.live/b/shared/lNyF6ygG	Get hash	malicious	Unknown	Browse	23.43.61.160 40.127.169.103
	https://public-usa.mkt.dynamics.com/api/orgs/73621b0f-9313-ef11-9f85-00224806e526/r/WKmfOruHV0W6ncX4hUVNngQAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fprinttechsurl.com%252F%253Fkvifjwdf%2526qrc%253Dbmitts%2540highlandfunds.com%22%2C%22RedirectOptions%22%3A%7B%225%22%3Anull%2C%221%22%3Anull%7D%7D&digest=iyIjxuY%2BqqaAcbuKe8o9oixwHYyorXvjpRbJyVpqnp8%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee	Get hash	malicious	HTMLPhisher	Browse	23.43.61.160 40.127.169.103
	https://umn.adnxs.com/clktrb?id=092070&redir=//cloudflare-ipfs.com/ipfs/bafybeia2uvj3sitwpuaf4jgessydk6eoaspcym62bihuwbygggcbgd4nna/?*/oMTqwOWufzKCNnxPSr8v6y2ySjfHWwR+7bB3gi8sS7dz5VngVaYN21vSPDPIt+zL2eLaYM3MXtiohyqv#cGhpc2hpbmdAdW1uLmVkdQ==	Get hash	malicious	HTMLPhisher	Browse	23.43.61.160 40.127.169.103
	http://alladvcdn.com	Get hash	malicious	Unknown	Browse	23.43.61.160 40.127.169.103
	Airbornemx SWIFT COPY _ Wednesday May 2024..rtf	Get hash	malicious	HTMLPhisher	Browse	23.43.61.160 40.127.169.103
	http://curve-amm.com	Get hash	malicious	Unknown	Browse	23.43.61.160 40.127.169.103
	https://theambrose.surveysparrow.com/s/The-Ambrose-Group/tt-JE6PR	Get hash	malicious	Unknown	Browse	23.43.61.160 40.127.169.103
	https://skyasldights.ru.net/x4bQcxNS/index.html	Get hash	malicious	Unknown	Browse	23.43.61.160 40.127.169.103
	https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-invite	Get hash	malicious	Unknown	Browse	23.43.61.160 40.127.169.103
	https://link.mail.beehiiv.com/ss/c/u001.CEz1YkosQOgW_2I8tJTUL2rOicXJM7RxHjhrRWDeG5g4TuF3JnRWze3ceZ9WwqET/46i/a2N64yc5RA-IsZ3qpS7tjQ/h6/h001.j_JgYHgZoY9wighPNvNrp_oY-YX91EMEgYGT_rGLcUU	Get hash	malicious	Unknown	Browse	23.43.61.160 40.127.169.103

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.190526187088527
Encrypted:	false
SSDEEP:	6:DsMdQvQ+q2Pwkn2nKuAl9OmbnIFUt86sMdQoARpgZmw+6sMdQoARpQVkwOwkn2nC:DkvQ+vYfHAahFUt86koARpg/+6koARpP
MD5:	A0AD80E6B281672C4B759FB03FCEBE9F
SHA1:	88105297CC5CB1D73AC591E4E82158754CC3963C
SHA-256:	20D7F55BFFE3B377A215CC9EE91BFDE070582EAB85A56D047B180CC32210DDF3
SHA-512:	9412DBDE01B4D9397E260ACBA7C77398CBFD445E49E67B8FA53CA646E602ABFF30ED7AEC60E5B4B5B31CF190BB9261F35661190A3A1AA2A3333168E071E0C33D
Malicious:	false
Reputation:	low
Preview:	2024/05/22-15:28:20.384 1e4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/22-15:28:20.386 1e4c Recovering log #3.2024/05/22-15:28:20.386 1e4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.190526187088527
Encrypted:	false
SSDEEP:	6:DsMdQvQ+q2Pwkn2nKuAl9OmbnIFUt86sMdQoARpgZmw+6sMdQoARpQVkwOwkn2nC:DkvQ+vYfHAahFUt86koARpg/+6koARpP
MD5:	A0AD80E6B281672C4B759FB03FCEBE9F
SHA1:	88105297CC5CB1D73AC591E4E82158754CC3963C
SHA-256:	20D7F55BFFE3B377A215CC9EE91BFDE070582EAB85A56D047B180CC32210DDF3
SHA-512:	9412DBDE01B4D9397E260ACBA7C77398CBFD445E49E67B8FA53CA646E602ABFF30ED7AEC60E5B4B5B31CF190BB9261F35661190A3A1AA2A3333168E071E0C33D
Malicious:	false
Reputation:	low
Preview:	2024/05/22-15:28:20.384 1e4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/22-15:28:20.386 1e4c Recovering log #3.2024/05/22-15:28:20.386 1e4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.164712061326076
Encrypted:	false
SSDEEP:	6:DsMdEe9q2Pwkn2nKuAl9Ombzo2jMGIFUt86sMdErZmw+6sMdEhkwOwkn2nKuAl97:Do8vYfHAa8uFUt86or/+6oh5JfHAa8RJ
MD5:	16E3604EE84A4C7502EBDBB2ADC1207C
SHA1:	62BDF168360E7175959BBAB650962CE59A381FAC
SHA-256:	A8F0EC509077BC9EF01DB157B1A044E34F42A0CCC371E81427D1EAA23AB7DF62
SHA-512:	07BD296159A70ACCB484E40A8F092EA304FAC1C9936C4DDAC76CFDF2EAAEA153175FD44F364AF3C6020BBB5DAAD10339B673C99D79A8EAFB6E52EC0F57C7B76F
Malicious:	false
Reputation:	low
Preview:	2024/05/22-15:28:20.414 1f10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/22-15:28:20.416 1f10 Recovering log #3.2024/05/22-15:28:20.416 1f10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.164712061326076
Encrypted:	false
SSDEEP:	6:DsMdEe9q2Pwkn2nKuAl9Ombzo2jMGIFUt86sMdErZmw+6sMdEhkwOwkn2nKuAl97:Do8vYfHAa8uFUt86or/+6oh5JfHAa8RJ
MD5:	16E3604EE84A4C7502EBDBB2ADC1207C
SHA1:	62BDF168360E7175959BBAB650962CE59A381FAC
SHA-256:	A8F0EC509077BC9EF01DB157B1A044E34F42A0CCC371E81427D1EAA23AB7DF62
SHA-512:	07BD296159A70ACCB484E40A8F092EA304FAC1C9936C4DDAC76CFDF2EAAEA153175FD44F364AF3C6020BBB5DAAD10339B673C99D79A8EAFB6E52EC0F57C7B76F
Malicious:	false
Reputation:	low
Preview:	2024/05/22-15:28:20.414 1f10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/22-15:28:20.416 1f10 Recovering log #3.2024/05/22-15:28:20.416 1f10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3452bb7e-2c26-4a6b-8071-7125973b318f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.967961042110297
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqDnsBdOg2HEtcaq3QYiubInP7E4T3y:Y2sRdsWIdMHEc3QYhbG7nby
MD5:	38AF3B266AA35AFB3432F851C8A334D3
SHA1:	488FD4B73E8E2E407340EAC7561EBDCA7EE9CC33
SHA-256:	16B14364898FB007E82FEBB4DFAB09DFED7802D0F93C74A148A7220502E9F318
SHA-512:	ED9C5CC665C17DF4FFBFDAB94D934130BEA48F67EC6E4F983C6D20F1AB64BC55DB04FFA85E750E7DDCABE3F90B6BF15E74C8E1276ED846E93E4F3900E0EFD95A
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13360966112739662","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":150668},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967961042110297
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqDnsBdOg2HEtcaq3QYiubInP7E4T3y:Y2sRdsWIdMHEc3QYhbG7nby
MD5:	38AF3B266AA35AFB3432F851C8A334D3
SHA1:	488FD4B73E8E2E407340EAC7561EBDCA7EE9CC33
SHA-256:	16B14364898FB007E82FEBB4DFAB09DFED7802D0F93C74A148A7220502E9F318
SHA-512:	ED9C5CC665C17DF4FFBFDAB94D934130BEA48F67EC6E4F983C6D20F1AB64BC55DB04FFA85E750E7DDCABE3F90B6BF15E74C8E1276ED846E93E4F3900E0EFD95A
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13360966112739662","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":150668},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.253808748802583
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7n7C0hfuZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goY
MD5:	ECBE49D045333EE2EFFAA4C2336FEA57
SHA1:	DBE77C907040A559DFF968F051BB67A63D74E517
SHA-256:	FA08514A54547E4138F3F7D8EB5E805134206A183B2A448DC67CB4D487CEAF2B
SHA-512:	A8E7EF98E554285543624336189FFF09BC92453C792927AE7EB23EF8D85BFF2D9C0D4AC76B2D42B12B3764075771128BDE2CBCF36368FF9D87BC630F7FD43B77
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.153698171574131
Encrypted:	false
SSDEEP:	6:DsMdUGq2Pwkn2nKuAl9OmbzNMxIFUt86sMdU4EZmw+6sMdUAMAkwOwkn2nKuAl9c:DgGvYfHAa8jFUt86g9/+6glA5JfHAa8E
MD5:	88E74CC5C68D20E9653001115D6AD521
SHA1:	BB67D31B88EEA77E194E2E589E5289C7BC8EEE53
SHA-256:	810229E905A19595ADEBECA5D4430258BF7422DF734FE64991A7C2CDE3460F96
SHA-512:	6258868CE2B19C4209B9B194CC31F940098E5265C2C6DE5F39FDE936A99169AE3A4967BB31F9890CEA9689A0FB0414B92AA19048271BEFEDBB50B9CD0AE84B5A
Malicious:	false
Preview:	2024/05/22-15:28:20.722 1f10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/22-15:28:20.724 1f10 Recovering log #3.2024/05/22-15:28:20.725 1f10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.153698171574131
Encrypted:	false
SSDEEP:	6:DsMdUGq2Pwkn2nKuAl9OmbzNMxIFUt86sMdU4EZmw+6sMdUAMAkwOwkn2nKuAl9c:DgGvYfHAa8jFUt86g9/+6glA5JfHAa8E
MD5:	88E74CC5C68D20E9653001115D6AD521
SHA1:	BB67D31B88EEA77E194E2E589E5289C7BC8EEE53
SHA-256:	810229E905A19595ADEBECA5D4430258BF7422DF734FE64991A7C2CDE3460F96
SHA-512:	6258868CE2B19C4209B9B194CC31F940098E5265C2C6DE5F39FDE936A99169AE3A4967BB31F9890CEA9689A0FB0414B92AA19048271BEFEDBB50B9CD0AE84B5A
Malicious:	false
Preview:	2024/05/22-15:28:20.722 1f10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/22-15:28:20.724 1f10 Recovering log #3.2024/05/22-15:28:20.725 1f10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240522192824Z-158.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	2.137100598942702
Encrypted:	false
SSDEEP:	96:jMDs9uMMtjM9mXCz49MMMlHoM+LILZVN9NMMMZMMMMbYMMmbcFlMK93MMAME7M/u:sdJnAAjI8mlgMNNomjJ8AjjQIsrZi32P
MD5:	0F80C65912DECF2AA7F6AAF321CE7E16
SHA1:	41DC3FFDC4FB158F8E8F181E3E3503FBADEE990F
SHA-256:	4E50663957AC1E6A76B7BFD3BB8AE6AD020F2A551A6B02A70BF0572C65C0A7A0
SHA-512:	697D3EDB0DDC46FB380C48E4447EE0C0F2428F54C76D20C320F03248A5AC3821AB04E03643B9C0809948D21ECB8D863FBE1250CBF86AD7C60805198D8E262EAF
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445237563594202
Encrypted:	false
SSDEEP:	384:yezci5t0iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rjs3OazzU89UTTgUL
MD5:	E6140EC2D65159E99963800686174D6D
SHA1:	78FA5EB811EFC4E4384B3AB43C097C0F2606B97A
SHA-256:	15DA885F4A640D87809F5A5AB12122F1128F10205955BD100C5252C70D17BB74
SHA-512:	471F06FECDC785CA27FDAE331A6817985F98FE63BB6CFD9061C52E4FD0B3AC41DB85BECAAD2876D182A590B57383B2EAD052890EDE0D30115FD624B4461D192D
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.774582495710844
Encrypted:	false
SSDEEP:	48:7Mop/E2ioyVE5ioy9oWoy1Cwoy1XCKOioy1noy1AYoy1Wioy1hioybioyJWoy1nr:77pjuE5FOqXKQgUjb9IVXEBodRBkhn
MD5:	55AC782AA1AFEF6B9751BBA3714F32E7
SHA1:	85B9B24B8340BF4CECE69330FB53C88FCA1CABEB
SHA-256:	22287926BBFD28E74D57A07F2C97FA1A329FD94C6BF85B60EBFD9CA41F42A057
SHA-512:	3F64CBB1F0A33F0069288936ACB68DBD3AE7AF47FBA0804C8103467625E8B74BBE65C5977434FAF7A0220C660E110584C05A4464EFB74248BA0AEDC33AEDECCA
Malicious:	false
Preview:	.... .c.....<.+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7600

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.393838695026302
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJM3g98kUwPeUkwRe9:YvXKXSEnEZc0vlcGMbLUkee9
MD5:	D306EC5BC4AD13EF0929FA68A9808C56
SHA1:	8587381768EA87807791AAAF6755DF008ED7595E
SHA-256:	EAE25D2DB181862079483DA695D98C555D524009063C323A6B64AA816A6145F7
SHA-512:	CBA9D9A86B8BBB8A1C4B7120755FC986CDEAF5A8FF95CC5FE17D25DB5F19435465CAFD44802A82CC195023DDAEF12E1A620998CE725D1FDE6BA5533C06140B40
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.345607293783349
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfBoTfXpnrPeUkwRe9:YvXKXSEnEZc0vlcGWTfXcUkee9
MD5:	E15E2044F51AB21CABDD4459CF81757D
SHA1:	DC5CAFB3536C922BDE07C6A86A02D51B2A443EB0
SHA-256:	A17BE0DDEB054160DE46CD628D1E94369A360D65CB5523A8306FD1477F077FD4
SHA-512:	E0C5DE8D9D3B0A404EEBCC4BEF72F7AA215F809B0CA346FCECE6444764B2A2B15AF90B2E754F529FF284065F8E812062F572692E5A82CC499BE3BFE2C25D8C28
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.32400661265178
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfBD2G6UpnrPeUkwRe9:YvXKXSEnEZc0vlcGR22cUkee9
MD5:	330FF99ABE9F326734EA5BFD08968987
SHA1:	284C306E45E02BE2880E8B52B9AA6D222B484899
SHA-256:	C022779C759B93AB2FB6DC5BFF73367FE32E2439B39E3116E5B4610115C0B530
SHA-512:	12854F945E5711D5DB1DBDA5528B94CF81887D2A72A60B7762016760DFCA5BBCD26CAE0529F1ADD5B32077FFAE88A35FD3F26CA8BC7934087C785489B954A2A9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.381918510298974
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfPmwrPeUkwRe9:YvXKXSEnEZc0vlcGH56Ukee9
MD5:	E91F49CED8611ED7BFED1FDB88A38702
SHA1:	D317C6FA9A25753D0C74BD3183644C983C58C45B
SHA-256:	FFBEF3622ACBDEBDA8601010DD75A291150A9F52FB54B753CA64D0DDC3942BDB
SHA-512:	356278E38849149E525EF42F3A82AC454D8C9B302B479AE2CDB51481D177E76BEB6517BB4FD1E302FA82BA541F6979CEBB56D0F44D37E10BA4B4B78F035A4C13
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.34693471339842
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfJWCtMdPeUkwRe9:YvXKXSEnEZc0vlcGBS8Ukee9
MD5:	C711D64441A23653E2685A32AC610D60
SHA1:	4AEF9DF1A2935AEE4A3258ED3AE85FAD322939D9
SHA-256:	93350E90A809F35E1EFFB6EE41854182180D191056C9FAD3A766E6B61670E59B
SHA-512:	FBA8FA0906454D329B7EBE629AC26FC1361F2520AFD35C8C845835F09DF107AE41527E41BE040A31B3F1F18549A1949A8889A7213F285A0C0A794D093E8CE229
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.334098557766389
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJf8dPeUkwRe9:YvXKXSEnEZc0vlcGU8Ukee9
MD5:	B2CCD0ED780B12643DE64897BE12EEBE
SHA1:	D52229CC63D7549C7B701709EE937CB707F17E12
SHA-256:	AE92047BA55734E98BE1F7C13C5DAF3A739042832BAE2FF29568DB455002017E
SHA-512:	A043D2F099B372808F31210D9B85B170CB331B235B197400E3DB402809E07F07088E8B6E674C910A852E877B44FC14E9DB6D98F1CA7142139BA1246548C28D27
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.3376100382866145
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfQ1rPeUkwRe9:YvXKXSEnEZc0vlcGY16Ukee9
MD5:	9CD93B591FE7C28DEF2DD75F8512E030
SHA1:	0A7FBFE90AB963F8BA9CC5C7395F0EB7B7846662
SHA-256:	70AC135060AB746C00EA076186DB0582F07AC757DB4093E5C61172D97DA2A652
SHA-512:	22FBD7A780C122B964056005676B7008BDFBAA9D41355D465B92EB9CF02E4CF811B46A27A225F3CE041A887C1A776FA42325B20A8906DAEFD22658774A2FB592
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.345168116259127
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfFldPeUkwRe9:YvXKXSEnEZc0vlcGz8Ukee9
MD5:	80F0782AF65E218EEE499AC021833DB3
SHA1:	DD1963BFCBE54CC9DEB769A033033550AD7D863D
SHA-256:	FC2D538C9BF3BC56DF27B4B82B45EBE61992C33C02E42F197C25892FC8181B71
SHA-512:	BCD61313E9A4BEEA46B99715507B1BF4BFDABCEDBA990349CA95373AE10216C16664491D18F88660C4143065D94198B4906DF923912853C12F70FBF05495DF7D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.74594765404826
Encrypted:	false
SSDEEP:	24:Yv6XZnEzvlEKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNr4:YvCMdEEgigrNt0wSJn+ns8cvFJx4
MD5:	43F4602DAC13F2EBA5079C2182ACA0B2
SHA1:	8EBD7A1FC8228C1FA2B2A1530656177A5F3017CE
SHA-256:	A797B52947981A2599353E0817687D7A3951A1037CDB3F081D8E1E1BD668CE2C
SHA-512:	3E59547D4AD163ABC35A5229B38E00E8604DDF73974FB7DC1C11FA2E3298D675E9D175A7ED42D32AC958719C5DE06DDAF8E18EDE34FB4E896A9B6E198DC7E292
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3404952238948935
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfYdPeUkwRe9:YvXKXSEnEZc0vlcGg8Ukee9
MD5:	AD23016CF1F0E7119F7248D39FD7C6D1
SHA1:	36C40DD2D39FC6EE3541BCD985DD377E93D93A89
SHA-256:	EB7A19A9AE73187EEEE857C19FA38EC2062FAAA0636A31A24232A43CC060E316
SHA-512:	E808BB1E52D37CC81D8A18347759F06E7AC6CFEAFAB51F8C026548F75ABB97EDF595C505BC70FB7A9F06A949EBAC7F3A72A29FFDB961196BCD8259371813877A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.783308196484163
Encrypted:	false
SSDEEP:	24:Yv6XZnEzvlrrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNz4:YvCMdrHgDv3W2aYQfgB5OUupHrQ9FJl4
MD5:	96029FF656995CB9225B13A07CB06CF3
SHA1:	C460BB5B97E5424CA110FE8F4E5578165E35DEFA
SHA-256:	70486754FB02B193BADB92F5C60C3322A71A4DD3360172D2D82787960B68FA7C
SHA-512:	E5B6F313D002253E8A505A599197BD4CD226981365FA8252322E49E4E9EAEDCBEB7998014EF1C0FD1934909A421729D62389535F008589B38835215D21005DF9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.3237640038787575
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfbPtdPeUkwRe9:YvXKXSEnEZc0vlcGDV8Ukee9
MD5:	C965200462EDB1F040C51F19844C3A01
SHA1:	9B2BA79CBE5AB469327089CF6082A26748D05FD9
SHA-256:	6FD5084F87C52FFCBF51CBC68320D914910C0A25E353C457B0732B1B16113320
SHA-512:	10142D3BE29142FCB3133B4E0E63C841A6D66C0CB192036AEBDDE9499FC0041D5858E2AC6E583A58BBC40920D6EDCA6CB240FE3459BD3A15821CBB40C69639A1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.328326220796813
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJf21rPeUkwRe9:YvXKXSEnEZc0vlcG+16Ukee9
MD5:	9E8AF5DA76EB86EEAC73FD2B5CD39AE6
SHA1:	4B98725909DAF8D27100735B6EA7A0FBB66484D7
SHA-256:	83BBC8382DD118E01AD68304FA17904D117920DC9E0B0C1220842463C57550E8
SHA-512:	B78E90AB6D5E6F2261992B2DCFB2E4B1EE1C87651A07902CF622A4BAAC096B5A2E2D3DBCBE06815C1B759397D41E8AF6A5F29DA43CA96DAC3DC28D6C5E84703E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.346724329612095
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfbpatdPeUkwRe9:YvXKXSEnEZc0vlcGVat8Ukee9
MD5:	902172825FD562E1E224E08A8C5A29A0
SHA1:	EBB92073869493C14F9ADDE6D7E40C829D29B2CD
SHA-256:	CB051272688A1BA0C3D117AAD1E042F382F7CFB98107029C91A083EB199B2C22
SHA-512:	813018DB62B21B25E13D6A9207745D60EC13ADA9B2E5F095145E775F286708E74E25C465C82D574CA24363D2644A4B5464D2C032F1F16E0C907ED2CD2F0C077B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.306437802160699
Encrypted:	false
SSDEEP:	6:YEQXJ2HXE3X1YLJHH9VoZcg1vRcR0YaToAvJfshHHrPeUkwRe9:YvXKXSEnEZc0vlcGUUUkee9
MD5:	483D285AE8634893C92E8AD5FE93A105
SHA1:	7FD11C294BE03F347071513315B2D4A9BDFAD9E2
SHA-256:	03CA313F75BECB03DFF896ECEC4B2FDEB08148251CB7B9E46894BCBD979A8D9C
SHA-512:	B2DA824C07B3CD000FF83C816F1F77CE4E1DCEFFE59E18BD75E3ACC6BB1B1393CED9B7ACF201260E0E84868B3BA751F7E71C7CCF2AEF4346EC2C9A871A3CAB1C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.381240629703365
Encrypted:	false
SSDEEP:	12:YvXKXSEnEZc0vlcGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWfe1:Yv6XZnEzvly168CgEXX5kcIfANhW4
MD5:	B130FA4996885AA334F6A36C538107A3
SHA1:	FF389B64F7E7BD0D8588F75E2AB7D0800272CD8D
SHA-256:	F1370B5C2482563D747CEC9FD9EEC14CD40E7B15D159022F0F44B3FADCA6F805
SHA-512:	AD41AECC8153895529FD7FA3A05BBF6AC628C7512BFAE4D7AB18FE4FF7D41C45FFD3AEDCCE54E0C57F8B6C2263646CE854173730FEE33E7B114A6A7226EA6C68
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"9b1b039f-f625-4422-9f8c-185630b819b6","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1716580916740,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1716406106773}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.133544563489712
Encrypted:	false
SSDEEP:	48:YRFpIyb+emVkk5stES2YymPKCD7xROqv1tA4Dtdh9bLJVVNE:IlmVB7m/ROqE4X/Tg
MD5:	C8A6A318B481E65443DCE2FA55353BFE
SHA1:	80F6F1B68BBCC99BAFD6E56FA0BE408B4BC6A0E3
SHA-256:	72C72B0A29BA14ED05592B98E10618AEA04A075C6A513C15DCF8F332AD823AD7
SHA-512:	D6B0EE334E9456CA1CCBA8073D547EA970799228084863B27A3FEBD9A86B1B2C4510FBA0B8F98C9D46DFAB5C0BD39ED1DC9560F410647A20A1E98E03FCBA0BEC
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cba91ef66c202e0f420d73e54c31c649","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1716406105000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b2024a264be20d67d69d45caafa2c705","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1716406105000},{"id":"Edit_InApp_Aug2020","info":{"dg":"81700980eaee46e6208b9b04238bd5e2","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1716406105000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"35f98eb99f981df9d3af504d63235f7d","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1716406105000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"bad74af72f20b8fedbbfba7dca3bd8d0","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1716406105000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"82d999c801935b39f883869dc1efafe4","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1716406105000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 26, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 26
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.188260894629094
Encrypted:	false
SSDEEP:	48:Tll2GL7msETUUUUUUU4XvR9H9vxFGiDIAEkGVvpGZqx:fVmsQUUUUUUU4vFGSItW8x
MD5:	6925650E48385B0B16E4942AFC5F2A2E
SHA1:	8E4B2ED3C66B11E0546F9B28AC291B96E72616CB
SHA-256:	996BFDFF0A5F210335D74A82851715E69196145C944C1C6A97C3A0899743AFD5
SHA-512:	174124C3BADA15761736D879C85874CDCBF43510D2E2F5D9D6A1B4A782FB3EDF4E0A621475DA063926F4126A3F787F3B4EB4E0D695DEA4879AF0659C46B3F322
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6091591122645745
Encrypted:	false
SSDEEP:	48:7MYUUUUUUUU4FSvR9H9vxFGiDIAEkGVvpUrqGufl2GL7msD:7zUUUUUUUU4F+FGSIt4rKNVmsD
MD5:	4B0CEAF7592AEBC0F08156418242F95F
SHA1:	68FA422142ED4698F07B2E97B18DA15074AB5B36
SHA-256:	C8F035B541C22459D3BB8840B00731A08F9CFD9335F14152D9CB01CA3B49F687
SHA-512:	078B0337205ED434AD186565B6A3C28D7B2B3B9AAA14807CB5BD37D7A31EA6E8BCB1203A23FBF17568441BEA58776CEB5EABF5286B3C9DB93B3FBE1EBB81834A
Malicious:	false
Preview:	.... .c.......$T......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIcb5a2.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5079682350099546
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8lW6N9:Qw946cPbiOxDlbYnuRKz6H
MD5:	82F0BBD1B05319FFE1E6BF1A4D8A4B43
SHA1:	903D001A7457D89B32E5AFCBD6BC5E30A8F00C37
SHA-256:	36996D75FDCBB24BF1AF45ED4ADE0855BFD23F8674851C4FE6EB48A58DFF034B
SHA-512:	36583979B3D94216FF4546862C5625FA4A3A75131C6C7A3A629BD6AD73A25140A2F652E64C8CD0B12509B0A346B8F9F3EFFE8F91053E40630451A1CE395CFF07
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.2./.0.5./.2.0.2.4. . .1.5.:.2.8.:.2.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91ygbxy3_uqn6eh_5v4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.050645967482242
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOl6THTLLCSyAAO:IngVMre9T0HQIDmy9g06JXKLlX
MD5:	9B9DF942F9C39C1D037AEA182D5166EC
SHA1:	5BEFAD7E44CF4F3320B8490F93090CD49AE9D21F
SHA-256:	BDEE8023720FB89655D69050467209A33317F5A62F9FA07EE61D7DFDD80CA0B7
SHA-512:	ECAECAA6D4D2C9DC7CB473DEAE24D86C37DF165F88AE44DAFEDA504FE4B1D3A0724B9D16E5AFFAF1E4F0351988C9D3D93C83DF4458EE5A04B508AB636DA3DAC9
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<85444FF4FB56BD4FA6974DE96E30C0E1><85444FF4FB56BD4FA6974DE96E30C0E1>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-22 15-28-22-595.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.331654538073873
Encrypted:	false
SSDEEP:	384:uo+1msPFOn/JRGBFhjZVZHw1B2rJMKqI5Ga+IQAJ4nC35WtIIzp1u1urSpvsNgoV:088q
MD5:	4893F682C7EE165A8399492BADBDD5AB
SHA1:	04314DD6E787BDF237B323C7B626A68517955E72
SHA-256:	C68A041502F9EB33A5F17296A8B0D7CA714BEDF7945D1B6A24B75BA18AF71A77
SHA-512:	BA1BAC0930472B9E31CE96FD0899E1D1EC78687A66A89A0690010C8368785BFA5C11EAB6BDD2098E7C27E3EA79481FC9250644EA97345046FD9F959D646A63D3
Malicious:	false
Preview:	SessionID=a8f5a862-038f-4af6-98f8-f691a39f2290.1716406102614 Timestamp=2024-05-22T15:28:22:614-0400 ThreadID=7708 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=a8f5a862-038f-4af6-98f8-f691a39f2290.1716406102614 Timestamp=2024-05-22T15:28:22:619-0400 ThreadID=7708 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=a8f5a862-038f-4af6-98f8-f691a39f2290.1716406102614 Timestamp=2024-05-22T15:28:22:619-0400 ThreadID=7708 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=a8f5a862-038f-4af6-98f8-f691a39f2290.1716406102614 Timestamp=2024-05-22T15:28:22:619-0400 ThreadID=7708 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=a8f5a862-038f-4af6-98f8-f691a39f2290.1716406102614 Timestamp=2024-05-22T15:28:22:620-0400 ThreadID=7708 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.3813252891801735
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rP:7
MD5:	A3A79FA011F282AD82F7BE4BD769FD78
SHA1:	635C48C1051F6B1BF4BFCA482B646686A1646C5C
SHA-256:	5E00CB9D590D7217518A1306D8A040549768D040516C6598DE6E8FB679A17840
SHA-512:	F713441DD61356678C64A1091C3FA3BDE4F92E7C358B588E10DE248AA01B58E4435026223E12EEA39DDF1CDA928CF4A9DAE241228CAD76562D226CC5480BFB02
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\02c5947e-4235-4b0f-84fc-da63a662d5cb.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\43706847-9db2-46a6-abe2-02dcacbfb961.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\85e7c7ad-ead6-4aa9-894b-8414d7c9a8a4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\b7ce02d1-f135-423c-9068-bdf486b64df3.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

Static File Info

General

File type:	PDF document, version 1.6 (zip deflate encoded)
Entropy (8bit):	7.627921281099503
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	24R-0168EG - COPIRG Initial Comments_5-18-24.pdf
File size:	131'375 bytes
MD5:	659c64bcfde894f10b9d7048041d6027
SHA1:	279f6bce6b46f6eb121149bd4c49a834eecf91f7
SHA256:	62336ada52c09834a43c1b36802cbdab7f76aa641ff0fca515bf0841ff26b465
SHA512:	cc134de28b86c38d471ea3084277eb6c9aec93f25d892cb17de2b4d7134a1d27807ae890b4ac474b9c6b60c7d8e1da62cebd7ee21eb278fb905d1808a631eb66
SSDEEP:	1536:qzo6bPzjhLxOg2qY0iyhUYCUViysYnA5Fx6gqn8Ta4uFvHnJELgDM0w2USgHNsuy:UVviyhnCUViYAqyaD26mR1Frb0KrljM
TLSH:	BBD3BFDCA58AD4D820A3CFD0F30D89A6938E47635ECD447B765E4DC20B43E97E98E642
File Content Preview:	%PDF-1.6.%......121 0 obj.<</Filter/FlateDecode/First 18/Length 327/N 3/Type/ObjStm>>stream..h...Aj.0.E.27..H....q..J!...PB"J....@z......t...0..f........1....Ku.u}..\.v.H.<}u.....N1CX.C0.(.......s.8P.(....K..*.....Z..z...a._...2.<7{.=.ri.j......G.d..k\...

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.6
Total Entropy:	7.627921
Total Bytes:	131375
Stream Entropy:	7.948433
Stream Bytes:	97856
Entropy outside Streams:	4.922033
Bytes outside Streams:	33519
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	71
endobj	71
stream	54
endstream	54
xref	0
trailer	0
startxref	1
/Page	0
/Encrypt	0
/ObjStm	3
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 22, 2024 21:28:16.544872999 CEST	49678	443	192.168.2.4	104.46.162.224
May 22, 2024 21:28:16.888539076 CEST	49675	443	192.168.2.4	173.222.162.32
May 22, 2024 21:28:26.494107008 CEST	49675	443	192.168.2.4	173.222.162.32
May 22, 2024 21:28:27.468616009 CEST	49744	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:27.468647957 CEST	443	49744	23.43.61.160	192.168.2.4
May 22, 2024 21:28:27.468740940 CEST	49744	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:27.470577002 CEST	49744	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:27.470587015 CEST	443	49744	23.43.61.160	192.168.2.4
May 22, 2024 21:28:28.121143103 CEST	443	49744	23.43.61.160	192.168.2.4
May 22, 2024 21:28:28.121212006 CEST	49744	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:28.162930965 CEST	49744	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:28.162962914 CEST	443	49744	23.43.61.160	192.168.2.4
May 22, 2024 21:28:28.163239002 CEST	443	49744	23.43.61.160	192.168.2.4
May 22, 2024 21:28:28.215562105 CEST	49744	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:28.233289957 CEST	49744	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:28.274509907 CEST	443	49744	23.43.61.160	192.168.2.4
May 22, 2024 21:28:28.429470062 CEST	443	49744	23.43.61.160	192.168.2.4
May 22, 2024 21:28:28.429543018 CEST	443	49744	23.43.61.160	192.168.2.4
May 22, 2024 21:28:28.429591894 CEST	49744	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:28.446074009 CEST	49744	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:28.446099997 CEST	443	49744	23.43.61.160	192.168.2.4
May 22, 2024 21:28:28.446115971 CEST	49744	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:28.446121931 CEST	443	49744	23.43.61.160	192.168.2.4
May 22, 2024 21:28:28.587372065 CEST	49745	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:28.587418079 CEST	443	49745	23.43.61.160	192.168.2.4
May 22, 2024 21:28:28.587517023 CEST	49745	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:28.588145971 CEST	49745	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:28.588174105 CEST	443	49745	23.43.61.160	192.168.2.4
May 22, 2024 21:28:29.235418081 CEST	443	49745	23.43.61.160	192.168.2.4
May 22, 2024 21:28:29.235507965 CEST	49745	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:29.237020016 CEST	49745	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:29.237032890 CEST	443	49745	23.43.61.160	192.168.2.4
May 22, 2024 21:28:29.237462997 CEST	443	49745	23.43.61.160	192.168.2.4
May 22, 2024 21:28:29.238815069 CEST	49745	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:29.286505938 CEST	443	49745	23.43.61.160	192.168.2.4
May 22, 2024 21:28:29.518378019 CEST	443	49745	23.43.61.160	192.168.2.4
May 22, 2024 21:28:29.518454075 CEST	443	49745	23.43.61.160	192.168.2.4
May 22, 2024 21:28:29.518515110 CEST	49745	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:29.519239902 CEST	49745	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:29.519258976 CEST	443	49745	23.43.61.160	192.168.2.4
May 22, 2024 21:28:29.519269943 CEST	49745	443	192.168.2.4	23.43.61.160
May 22, 2024 21:28:29.519275904 CEST	443	49745	23.43.61.160	192.168.2.4
May 22, 2024 21:28:33.849703074 CEST	49747	443	192.168.2.4	23.47.168.24
May 22, 2024 21:28:33.849746943 CEST	443	49747	23.47.168.24	192.168.2.4
May 22, 2024 21:28:33.849842072 CEST	49747	443	192.168.2.4	23.47.168.24
May 22, 2024 21:28:33.850025892 CEST	49747	443	192.168.2.4	23.47.168.24
May 22, 2024 21:28:33.850038052 CEST	443	49747	23.47.168.24	192.168.2.4
May 22, 2024 21:28:34.519368887 CEST	443	49747	23.47.168.24	192.168.2.4
May 22, 2024 21:28:34.519701004 CEST	49747	443	192.168.2.4	23.47.168.24
May 22, 2024 21:28:34.519727945 CEST	443	49747	23.47.168.24	192.168.2.4
May 22, 2024 21:28:34.521186113 CEST	443	49747	23.47.168.24	192.168.2.4
May 22, 2024 21:28:34.521249056 CEST	49747	443	192.168.2.4	23.47.168.24
May 22, 2024 21:28:34.523339987 CEST	49747	443	192.168.2.4	23.47.168.24
May 22, 2024 21:28:34.523426056 CEST	443	49747	23.47.168.24	192.168.2.4
May 22, 2024 21:28:34.523705959 CEST	49747	443	192.168.2.4	23.47.168.24
May 22, 2024 21:28:34.523714066 CEST	443	49747	23.47.168.24	192.168.2.4
May 22, 2024 21:28:34.576216936 CEST	49747	443	192.168.2.4	23.47.168.24
May 22, 2024 21:28:34.897077084 CEST	443	49747	23.47.168.24	192.168.2.4
May 22, 2024 21:28:34.903734922 CEST	443	49747	23.47.168.24	192.168.2.4
May 22, 2024 21:28:34.903805017 CEST	49747	443	192.168.2.4	23.47.168.24
May 22, 2024 21:28:34.909751892 CEST	49747	443	192.168.2.4	23.47.168.24
May 22, 2024 21:28:34.909774065 CEST	443	49747	23.47.168.24	192.168.2.4
May 22, 2024 21:28:39.412045956 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:39.412101984 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:39.412189007 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:39.413187027 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:39.413204908 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.257781982 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.257987022 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.291285038 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.291302919 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.291516066 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.341839075 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.347606897 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.390501976 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.625221014 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.625243902 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.625251055 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.625262976 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.625282049 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.625426054 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.625426054 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.625452042 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.625494003 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.641814947 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.641886950 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.641907930 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.642065048 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.642863035 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.642879963 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:40.642900944 CEST	49748	443	192.168.2.4	40.127.169.103
May 22, 2024 21:28:40.642905951 CEST	443	49748	40.127.169.103	192.168.2.4
May 22, 2024 21:28:50.889106989 CEST	49754	443	192.168.2.4	172.217.16.196
May 22, 2024 21:28:50.889141083 CEST	443	49754	172.217.16.196	192.168.2.4
May 22, 2024 21:28:50.889286041 CEST	49754	443	192.168.2.4	172.217.16.196
May 22, 2024 21:28:50.889508009 CEST	49754	443	192.168.2.4	172.217.16.196
May 22, 2024 21:28:50.889520884 CEST	443	49754	172.217.16.196	192.168.2.4
May 22, 2024 21:28:51.540412903 CEST	443	49754	172.217.16.196	192.168.2.4
May 22, 2024 21:28:51.542557955 CEST	49754	443	192.168.2.4	172.217.16.196
May 22, 2024 21:28:51.542582035 CEST	443	49754	172.217.16.196	192.168.2.4
May 22, 2024 21:28:51.543534994 CEST	443	49754	172.217.16.196	192.168.2.4
May 22, 2024 21:28:51.544481993 CEST	49754	443	192.168.2.4	172.217.16.196
May 22, 2024 21:28:51.545561075 CEST	49754	443	192.168.2.4	172.217.16.196
May 22, 2024 21:28:51.545619011 CEST	443	49754	172.217.16.196	192.168.2.4
May 22, 2024 21:28:51.595755100 CEST	49754	443	192.168.2.4	172.217.16.196
May 22, 2024 21:28:51.595771074 CEST	443	49754	172.217.16.196	192.168.2.4
May 22, 2024 21:28:51.643110991 CEST	49754	443	192.168.2.4	172.217.16.196
May 22, 2024 21:29:01.433404922 CEST	443	49754	172.217.16.196	192.168.2.4
May 22, 2024 21:29:01.433471918 CEST	443	49754	172.217.16.196	192.168.2.4
May 22, 2024 21:29:01.433602095 CEST	49754	443	192.168.2.4	172.217.16.196
May 22, 2024 21:29:02.657542944 CEST	49754	443	192.168.2.4	172.217.16.196
May 22, 2024 21:29:02.657573938 CEST	443	49754	172.217.16.196	192.168.2.4
May 22, 2024 21:29:11.683943987 CEST	49723	80	192.168.2.4	2.19.126.163
May 22, 2024 21:29:11.684020996 CEST	49724	80	192.168.2.4	2.19.126.163
May 22, 2024 21:29:11.689876080 CEST	80	49723	2.19.126.163	192.168.2.4
May 22, 2024 21:29:11.689981937 CEST	49723	80	192.168.2.4	2.19.126.163
May 22, 2024 21:29:11.737859011 CEST	80	49724	2.19.126.163	192.168.2.4
May 22, 2024 21:29:11.737994909 CEST	49724	80	192.168.2.4	2.19.126.163
May 22, 2024 21:29:16.911473036 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:16.911514997 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:16.911598921 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:16.912028074 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:16.912051916 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:17.831126928 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:17.831747055 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:17.834647894 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:17.834656954 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:17.834980011 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:17.842369080 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:17.882512093 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:18.221396923 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:18.221429110 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:18.221448898 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:18.221482038 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:18.221496105 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:18.221548080 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:18.249001026 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:18.249056101 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:18.249080896 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:18.249095917 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:18.249131918 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:18.249154091 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:18.249178886 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:18.249212980 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:18.249226093 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:18.249238014 CEST	49766	443	192.168.2.4	40.127.169.103
May 22, 2024 21:29:18.249243021 CEST	443	49766	40.127.169.103	192.168.2.4
May 22, 2024 21:29:35.494647026 CEST	49734	80	192.168.2.4	192.229.221.95
May 22, 2024 21:29:35.494868040 CEST	49735	80	192.168.2.4	93.184.221.240
May 22, 2024 21:29:35.501015902 CEST	80	49734	192.229.221.95	192.168.2.4
May 22, 2024 21:29:35.501166105 CEST	49734	80	192.168.2.4	192.229.221.95
May 22, 2024 21:29:35.507302046 CEST	80	49735	93.184.221.240	192.168.2.4
May 22, 2024 21:29:35.507392883 CEST	49735	80	192.168.2.4	93.184.221.240
May 22, 2024 21:29:50.936218977 CEST	49770	443	192.168.2.4	172.217.16.196
May 22, 2024 21:29:50.936307907 CEST	443	49770	172.217.16.196	192.168.2.4
May 22, 2024 21:29:50.936408997 CEST	49770	443	192.168.2.4	172.217.16.196
May 22, 2024 21:29:50.936661959 CEST	49770	443	192.168.2.4	172.217.16.196
May 22, 2024 21:29:50.936696053 CEST	443	49770	172.217.16.196	192.168.2.4
May 22, 2024 21:29:51.571799994 CEST	443	49770	172.217.16.196	192.168.2.4
May 22, 2024 21:29:51.572175980 CEST	49770	443	192.168.2.4	172.217.16.196
May 22, 2024 21:29:51.572208881 CEST	443	49770	172.217.16.196	192.168.2.4
May 22, 2024 21:29:51.572537899 CEST	443	49770	172.217.16.196	192.168.2.4
May 22, 2024 21:29:51.572909117 CEST	49770	443	192.168.2.4	172.217.16.196
May 22, 2024 21:29:51.572968006 CEST	443	49770	172.217.16.196	192.168.2.4
May 22, 2024 21:29:51.613737106 CEST	49770	443	192.168.2.4	172.217.16.196
May 22, 2024 21:30:01.487942934 CEST	443	49770	172.217.16.196	192.168.2.4
May 22, 2024 21:30:01.488094091 CEST	443	49770	172.217.16.196	192.168.2.4
May 22, 2024 21:30:01.488171101 CEST	49770	443	192.168.2.4	172.217.16.196
May 22, 2024 21:30:02.752553940 CEST	49770	443	192.168.2.4	172.217.16.196
May 22, 2024 21:30:02.752624035 CEST	443	49770	172.217.16.196	192.168.2.4
May 22, 2024 21:30:20.210340977 CEST	54070	53	192.168.2.4	1.1.1.1
May 22, 2024 21:30:20.215320110 CEST	53	54070	1.1.1.1	192.168.2.4
May 22, 2024 21:30:20.215405941 CEST	54070	53	192.168.2.4	1.1.1.1
May 22, 2024 21:30:20.215473890 CEST	54070	53	192.168.2.4	1.1.1.1
May 22, 2024 21:30:20.268413067 CEST	53	54070	1.1.1.1	192.168.2.4
May 22, 2024 21:30:20.670128107 CEST	53	54070	1.1.1.1	192.168.2.4
May 22, 2024 21:30:20.677969933 CEST	54070	53	192.168.2.4	1.1.1.1
May 22, 2024 21:30:20.693268061 CEST	53	54070	1.1.1.1	192.168.2.4
May 22, 2024 21:30:20.693358898 CEST	54070	53	192.168.2.4	1.1.1.1
May 22, 2024 21:30:50.988548040 CEST	54075	443	192.168.2.4	172.217.16.196
May 22, 2024 21:30:50.988603115 CEST	443	54075	172.217.16.196	192.168.2.4
May 22, 2024 21:30:50.988676071 CEST	54075	443	192.168.2.4	172.217.16.196
May 22, 2024 21:30:50.989129066 CEST	54075	443	192.168.2.4	172.217.16.196
May 22, 2024 21:30:50.989144087 CEST	443	54075	172.217.16.196	192.168.2.4
May 22, 2024 21:30:51.680408955 CEST	443	54075	172.217.16.196	192.168.2.4
May 22, 2024 21:30:51.680747986 CEST	54075	443	192.168.2.4	172.217.16.196
May 22, 2024 21:30:51.680785894 CEST	443	54075	172.217.16.196	192.168.2.4
May 22, 2024 21:30:51.681123018 CEST	443	54075	172.217.16.196	192.168.2.4
May 22, 2024 21:30:51.681422949 CEST	54075	443	192.168.2.4	172.217.16.196
May 22, 2024 21:30:51.681509018 CEST	443	54075	172.217.16.196	192.168.2.4
May 22, 2024 21:30:51.731621027 CEST	54075	443	192.168.2.4	172.217.16.196

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 22, 2024 21:28:46.524732113 CEST	49805	53	192.168.2.4	1.1.1.1
May 22, 2024 21:28:46.524847984 CEST	51594	53	192.168.2.4	1.1.1.1
May 22, 2024 21:28:46.549839973 CEST	53	49992	1.1.1.1	192.168.2.4
May 22, 2024 21:28:46.573810101 CEST	53	55608	1.1.1.1	192.168.2.4
May 22, 2024 21:28:47.067918062 CEST	138	138	192.168.2.4	192.168.2.255
May 22, 2024 21:28:47.831523895 CEST	53	49438	1.1.1.1	192.168.2.4
May 22, 2024 21:28:50.872828960 CEST	58530	53	192.168.2.4	1.1.1.1
May 22, 2024 21:28:50.872828960 CEST	53654	53	192.168.2.4	1.1.1.1
May 22, 2024 21:28:50.880167961 CEST	53	58530	1.1.1.1	192.168.2.4
May 22, 2024 21:28:50.888371944 CEST	53	53654	1.1.1.1	192.168.2.4
May 22, 2024 21:28:58.841779947 CEST	53	57756	1.1.1.1	192.168.2.4
May 22, 2024 21:29:04.911422014 CEST	53	63268	1.1.1.1	192.168.2.4
May 22, 2024 21:29:23.933033943 CEST	53	62485	1.1.1.1	192.168.2.4
May 22, 2024 21:29:46.072280884 CEST	53	65010	1.1.1.1	192.168.2.4
May 22, 2024 21:29:46.375808001 CEST	53	49599	1.1.1.1	192.168.2.4
May 22, 2024 21:30:15.211335897 CEST	53	58095	1.1.1.1	192.168.2.4
May 22, 2024 21:30:20.209882021 CEST	53	56362	1.1.1.1	192.168.2.4
May 22, 2024 21:30:35.289710999 CEST	52418	53	192.168.2.4	1.1.1.1
May 22, 2024 21:30:35.290069103 CEST	61751	53	192.168.2.4	1.1.1.1

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
May 22, 2024 21:28:46.683612108 CEST	192.168.2.4	1.1.1.1	c259	(Port unreachable)	Destination Unreachable
May 22, 2024 21:29:46.072427034 CEST	192.168.2.4	1.1.1.1	c224	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 22, 2024 21:28:46.524732113 CEST	192.168.2.4	1.1.1.1	0x58e3	Standard query (0)	www.sacbee.com	A (IP address)	IN (0x0001)	false
May 22, 2024 21:28:46.524847984 CEST	192.168.2.4	1.1.1.1	0x9433	Standard query (0)	www.sacbee.com	65	IN (0x0001)	false
May 22, 2024 21:28:50.872828960 CEST	192.168.2.4	1.1.1.1	0x6f75	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 22, 2024 21:28:50.872828960 CEST	192.168.2.4	1.1.1.1	0x51bb	Standard query (0)	www.google.com	65	IN (0x0001)	false
May 22, 2024 21:30:35.289710999 CEST	192.168.2.4	1.1.1.1	0xb29e	Standard query (0)	www.sacbee.com	A (IP address)	IN (0x0001)	false
May 22, 2024 21:30:35.290069103 CEST	192.168.2.4	1.1.1.1	0xbbd8	Standard query (0)	www.sacbee.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 22, 2024 21:28:46.562355042 CEST	1.1.1.1	192.168.2.4	0x58e3	No error (0)	www.sacbee.com	mi.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 22, 2024 21:28:46.683511972 CEST	1.1.1.1	192.168.2.4	0x9433	No error (0)	www.sacbee.com	mi.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 22, 2024 21:28:50.880167961 CEST	1.1.1.1	192.168.2.4	0x6f75	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
May 22, 2024 21:28:50.888371944 CEST	1.1.1.1	192.168.2.4	0x51bb	No error (0)	www.google.com			65	IN (0x0001)	false
May 22, 2024 21:30:35.425513983 CEST	1.1.1.1	192.168.2.4	0xbbd8	No error (0)	www.sacbee.com	mi.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
May 22, 2024 21:30:35.430296898 CEST	1.1.1.1	192.168.2.4	0xb29e	No error (0)	www.sacbee.com	mi.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

armmf.adobe.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49744	23.43.61.160	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 19:28:28 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-22 19:28:28 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=74531 Date: Wed, 22 May 2024 19:28:28 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49745	23.43.61.160	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 19:28:29 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-22 19:28:29 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=74449 Date: Wed, 22 May 2024 19:28:29 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-22 19:28:29 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49747	23.47.168.24	443	7900	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-22 19:28:34 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-05-22 19:28:34 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Wed, 22 May 2024 19:28:34 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49748	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 19:28:40 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Lv8oHE5THCpHAeu&MD=d3g1xeoH HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-22 19:28:40 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 032123b5-80ab-4507-99ff-0e1190c00ec3 MS-RequestId: 5c9aa764-e8a0-49bd-99a4-b304a6ab623b MS-CV: k41x0v3z20ifp77t.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 22 May 2024 19:28:39 GMT Connection: close Content-Length: 24490
2024-05-22 19:28:40 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-05-22 19:28:40 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49766	40.127.169.103	443

Timestamp	Bytes transferred	Direction	Data
2024-05-22 19:29:17 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=Lv8oHE5THCpHAeu&MD=d3g1xeoH HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-22 19:29:18 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_1440" MS-CorrelationId: 01866ca5-7071-49bf-8265-3d4608acf67d MS-RequestId: 7700ce81-15f3-4209-9a28-2d4f4e1daa7e MS-CV: F8wyU6IfT02dBalM.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 22 May 2024 19:29:17 GMT Connection: close Content-Length: 25457
2024-05-22 19:29:18 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-05-22 19:29:18 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7544, Parent PID: 2580

General

Target ID:	0
Start time:	15:28:19
Start date:	22/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\24R-0168EG - COPIRG Initial Comments_5-18-24.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7720, Parent PID: 7544

General

Target ID:	1
Start time:	15:28:20
Start date:	22/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7900, Parent PID: 7720

General

Target ID:	3
Start time:	15:28:20
Start date:	22/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1712,i,16201907809471849769,3555753454863499032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8744, Parent PID: 4480

General

Target ID:	9
Start time:	15:28:44
Start date:	22/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://www.sacbee.com/news/politics-government/capitol-alert/article277266828.html#storylink=cpy"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 8920, Parent PID: 8744

General

Target ID:	10
Start time:	15:28:44
Start date:	22/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=2004,i,17399066712668099153,11573633546265536389,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 24R-0168EG - COPIRG Initial Comments_5-18-24.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Errors

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3452bb7e-2c26-4a6b-8071-7125973b318f.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240522192824Z-158.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7600

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Windows Analysis Report
24R-0168EG - COPIRG Initial Comments_5-18-24.pdf