Edit tour

Windows Analysis Report
REGISTERED LEGAL NOTICE AND DEMAND.pdf

Overview

General Information

Sample name:	REGISTERED LEGAL NOTICE AND DEMAND.pdf
Analysis ID:	1467210
MD5:	ebc0c57a71d16d0c8e2f1972a676b802
SHA1:	a3f4f5230f1baa2f9de773f20c340eda3b9dab47
SHA256:	f524dbd0d47d9115488e8c70d1b5525ad073f937bf5cf14bc0c071644535c2ec

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 7104 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\REGISTERED LEGAL NOTICE AND DEMAND.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2756 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6496 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1608,i,6198725211634245139,16709137506503140447,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443

Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.52.160.183:443
Source: global traffic	TCP traffic: 23.52.160.183:443 -> 192.168.2.16:49709

Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.52.160.183

Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709

Source: classification engine

Classification label: clean1.winPDF@16/41@0/31

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1092

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 15-15-24-551.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\REGISTERED LEGAL NOTICE AND DEMAND.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1608,i,6198725211634245139,16709137506503140447,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 05774A92EFC2D731C3C71D4AAD5F180B
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1608,i,6198725211634245139,16709137506503140447,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: REGISTERED LEGAL NOTICE AND DEMAND.pdf

Static file information: File size 10483149 > 6291456

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
windowsupdatebg.s.llnwi.net	87.248.204.0	true	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.219.243.226	unknown	United States	14618	AMAZON-AESUS	false
95.101.54.195	unknown	European Union	34164	AKAMAI-LONGB	false
23.52.160.183	unknown	United States	16625	AKAMAI-ASUS	false
2.19.244.159	unknown	European Union	16625	AKAMAI-ASUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
87.248.204.0	windowsupdatebg.s.llnwi.net	United Kingdom	22822	LLNWUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467210
Start date and time:	2024-07-03 21:14:57 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	REGISTERED LEGAL NOTICE AND DEMAND.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@16/41@0/31
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 2.19.244.159, 3.219.243.226, 52.22.41.97, 52.6.155.20, 3.233.129.217, 172.64.41.3, 162.159.61.3, 87.248.204.0, 95.101.54.195, 2.16.202.123, 2.22.242.123, 2.22.242.11
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, a1952.dscq.akamai.net, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, apps.identrust.com
VT rate limit hit for: REGISTERED LEGAL NOTICE AND DEMAND.pdf

LLM Input / Output

Input	Output
URL: PDF Model: gpt-4o	```json{ "riskscore": 1, "reasons": "The document appears to be an official acknowledgment from the New York Department of State. There are no visually prominent buttons or links in the screenshot. The text does not create a sense of urgency or interest that is typically associated with phishing attempts. It provides information about a filing and includes contact details for customer service. There is no impersonation of well-known brands beyond the legitimate use of the New York Department of State's branding. The sense of urgency is minimal and is related to contacting customer service for any questions, which is standard for such documents."}

Input

Output

URL: PDF Model: gpt-4o

```json{  "riskscore": 1,  "reasons": "The document appears to be an official acknowledgment from the New York Department of State. There are no visually prominent buttons or links in the screenshot. The text does not create a sense of urgency or interest that is typically associated with phishing attempts. It provides information about a filing and includes contact details for customer service. There is no impersonation of well-known brands beyond the legitimate use of the New York Department of State's branding. The sense of urgency is minimal and is related to contacting customer service for any questions, which is standard for such documents."}

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.1888342272042225
Encrypted:	false
SSDEEP:
MD5:	1818940670804CBA63695889F78BAA47
SHA1:	27ACF99B84C42A1561F8D39B1049C573EBE9F84F
SHA-256:	E6E3D43330D5E165914192501688DEF2D11AFF9CD16B0086BF8B5463035F97A9
SHA-512:	DC91A1A413EC04BB3857952110A3A698B7E7557AC915F08BB310442474FE60977AE9C19A0A06D754F9F6C8A532D838EEEB6248E99192FC44DBEC3F5D5F920C8D
Malicious:	false
Reputation:	unknown
Preview:	2024/07/03-15:15:23.065 175c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/03-15:15:23.067 175c Recovering log #3.2024/07/03-15:15:23.067 175c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.226916328782554
Encrypted:	false
SSDEEP:
MD5:	121517FCCC34A3B951BEE1C897386C51
SHA1:	0B51D1971379DAE9AE3814F2486F78529678A81E
SHA-256:	0C6113A2E0C4D72F6B0C08B4C771C2B93BA5FFC6A2EC0A13B6A922A1B91A32C4
SHA-512:	D94EF4E2D8EA06F537398AC43EE199A9BD63ED165418EE3A51CFA80715A3B4FAD65FFFCB1B41AB344FE8CA5E44BFBACE668A2DB1D480D576DB757BFA4220F7F8
Malicious:	false
Reputation:	unknown
Preview:	2024/07/03-15:15:22.960 1928 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/03-15:15:22.963 1928 Recovering log #3.2024/07/03-15:15:22.964 1928 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d86c453f-9133-4a2d-a44e-0f7169511ae5.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	403
Entropy (8bit):	4.953858338552356
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.2305266735202665
Encrypted:	false
SSDEEP:
MD5:	CD871E24131AB80B6C8DADBD3B8FC695
SHA1:	0D61F0F6AD6F54927772429E7B26FCE57031C592
SHA-256:	FE063F12C565CC78062B89B8CD48A50647EFA4934D99081CF38DFA22933C76B0
SHA-512:	F803F87A3B5DBF07738F2CDAEAE261DE843256FC999ABB1B11E9DB38D93624C72902AF0DCAE77CCD1D9DB7DCA39D729129332F11F0627DF07C2FE085A9270ABF
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.2228581457167165
Encrypted:	false
SSDEEP:
MD5:	3338A1E9D1A12C70CCA1493C9E0CC6E8
SHA1:	33019D3D293D634252870FF83E729F3E87FFAF30
SHA-256:	BF59FBA587BD34FFCB120A32FBC4BF9381F4B2A7D7E085291A683A7465698A5E
SHA-512:	9915D9CE133A8BB8E18AA976C9099DB572B17CD09E4AC64D7F15F2337DBFB429F3BE3B5AA4CCC4CE4D71FA53ABB43759ABF4A17DB3A44F96936C65574E47AE50
Malicious:	false
Reputation:	unknown
Preview:	2024/07/03-15:15:23.096 1928 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/03-15:15:23.098 1928 Recovering log #3.2024/07/03-15:15:23.101 1928 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703191526Z-162.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.5503780008845427
Encrypted:	false
SSDEEP:
MD5:	4E022E57E441E3FCA7508FC4CE501418
SHA1:	802B7F6694D4383589C91B8E14454814E3508016
SHA-256:	08532F0201F281687C1AC1D0298E2344ABA21467598CA67EAF62AD41588424B4
SHA-512:	EF003D36F5B0239508EBBE1C145BD2823BD058FB50149871BD2EB6A01C4E7488C68F944CA89543C9A12DB7A2B576335D1F27DB56400B3E9E64BC225B81B89C29
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.215621719841361
Encrypted:	false
SSDEEP:
MD5:	9CD257E2206AB69CF3B2B942D8106C28
SHA1:	84EEBF6EEC7409057ECA5EDB0AA3BFC49273FB21
SHA-256:	67DD943226A89CE1E33A05026B77C24E9BAF444AFE48087DCC675BB75E8DB9ED
SHA-512:	B83BEC27436AE2BB57AA1FDF379D6035A181A25025C5FB5B2DD68BA8F2B445B0B18C85D8A9B89AF76528A37ACB9512457121140E77968F3FA28DC14BE10A21C6
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....v.6?........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Reputation:	unknown
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	290
Entropy (8bit):	2.955633975018605
Encrypted:	false
SSDEEP:
MD5:	775F500CBD496E9F650486D67F6175D3
SHA1:	4A9A621B6ECE2A4BBBE43CCEDB54A0162BC22ABF
SHA-256:	A16E84471E7684CB1F14F21AC7EF89CDA82F90478637C526B04796596091370C
SHA-512:	D3640EE0E58C7A082CD29068ABF8624CBB11C7D199AB0B09789A986EE686D9099548BF452A1D7799F4BF1A268BDD62682BEE737B1AB894B36FFA786DFEE04500
Malicious:	false
Reputation:	unknown
Preview:	p...... ........v..}...(....................................................... ........G..@.......................h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.0155357938800775
Encrypted:	false
SSDEEP:
MD5:	B80956DA3C4F0538F4F6804D3EC04226
SHA1:	85D9CEA1A5C1984F5C95B4158733F1939F8CA362
SHA-256:	6159A93824996F7FDEBDE3138821D3CDB23319F8E0E3395BAB5D0061B0824AF8
SHA-512:	E009D68E70083E30E6936335D9D1D03BEBBDF13E2E99100972A14AF5D1D7CCF4D49A71E463457476F053824578C3A5420D10A6A1116A2B21CDB5F6DD914CA48A
Malicious:	false
Reputation:	unknown
Preview:	p...... ....`.....a}...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1092

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.379402045396587
Encrypted:	false
SSDEEP:
MD5:	2054A2679622E022FA817A40166C2164
SHA1:	CCE7CA98B07AB6B61DD366BDF62EDAF747446ECC
SHA-256:	AD1723BF16BD26C8EECEEDABF125E848AADA0A1B15A1F135AE130977D0092CA3
SHA-512:	BA5A042B375E96D9BF315D4DB2EF9407640BB68A5FCD8E0EB9AEC7356C010A0DFAB24D3E24217BA009DFD1383661CD0B0C04D05BF094370626754388C60A2021
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.326519824465379
Encrypted:	false
SSDEEP:
MD5:	B5F81A397BEEE23D849B1D8335077D4D
SHA1:	82620766D5FFF0BF1BCAD32E930B22A9514CAA41
SHA-256:	244D52F44080A919D2E42D34C0D429A6B557854B02CC2F6E877E7978F0049F77
SHA-512:	BBF552015EB8542CF2A68A7D09E83F20ACC29C28E522FA1EF2344865FC294CF23AEE765ED2FAE3C431B1193D05374BB79CE4FA88DC2DF7BD5BC96E072780D567
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.305787618380048
Encrypted:	false
SSDEEP:
MD5:	CC26B5F334E501516D7132E3052DC714
SHA1:	49A5A49A1987114AE7B15F986EE00BAE5C4453A7
SHA-256:	5B2519DDD85338168C8DF5CA15C109A768CE9673F1FFF0048E602D96C1E6E083
SHA-512:	C4D82B96778FE7EA7662628D5D47F87A01523FB28E973E88EBE6869D8C20806BD54F7C66FC2003870C2625D701B4584CBFB9EFB0F878CAAA501FD48C7EF42E4F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.368344994105279
Encrypted:	false
SSDEEP:
MD5:	EFB874AD6679F19FA0312F43189513B2
SHA1:	F55C50CABCED378C3A9B1EE132E73E8FFA4C84EB
SHA-256:	DA8464848AF29DE9B7EDBA9D6EE61AC3AEA5D0A61CA22E73649DF4A927EF381E
SHA-512:	5F7F96E091C01FF0393F9487394F81DFEAFD11CD522042757CB4B9A29F00A1EC777C2B7469A2D51A096C7000A1CF321D2EAAD33E850D00EAEEB5599D47C0C133
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.327465948214414
Encrypted:	false
SSDEEP:
MD5:	B2B76D465A9C4EA2674C293C4F5DE8EC
SHA1:	72D7E70C951784803F2B9350DEFCFBC5CE965400
SHA-256:	2EFFB8F15D8855A6DDE7891D91EAC824A7FA819D6C86390B14EA088BB156A0C1
SHA-512:	72F8C01EE6F023E9CD18F1CC899C16853C4C1DD848D89F8782F96BAFFC985A2EF70657495D9E8A6A585F4B3034D96BD10E6709857C30BDB9E74B3543FA2773B9
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.315311195239968
Encrypted:	false
SSDEEP:
MD5:	75D23186ED9310DC2A4CB29B1A84BF30
SHA1:	AE1A871F468B405BE7614603B949D942C415F450
SHA-256:	71B1C3ABA4774A8D1A5485CD9D9862B7750B87596A36A07D73FC8444D86530CD
SHA-512:	561027AA544E380399A9CF553E7347E0CC2C650C350A1A5D2A7CA4DD9C9BC05DEF96CC0BB4B6E99B6806242300BF6F8A4F738F081CA83C5C38231147469A1092
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.317222516472301
Encrypted:	false
SSDEEP:
MD5:	66677CFD885C3D908C4EA2681D73D852
SHA1:	50BECDCB7E42E114AA13CCB26FFB53449BCBA5EC
SHA-256:	D57F2F34CF0A356DC9D6F1BFED9791BB41EDAD9D66ED758E560311B36347C6AD
SHA-512:	5C491802C7F7C6A5AAADF46D56F1FC31E9E3E86013E359DED7E67D2C6D8FBA5B4AA27FD83B4BFDB96E4584D004E56DFF470159C84670D21A008485727A2A8120
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.324114241511067
Encrypted:	false
SSDEEP:
MD5:	87B80BD9FD22AFDD16A339F8F571710B
SHA1:	C7AB4F21B5C81870EABE9F34FB0511E67C02FAAA
SHA-256:	1BFB67660A568380811C0A051B02007D5289CB05AB8B7D8B0697A716A7401798
SHA-512:	65F939F8155F6E63425B7291DDBF2644B39D108FAAA788AFF531C5DD5F99A0E1B23DF7841F7D9FBDC0A0078D44FBF85BD929EDC16029BD2AD7333F18F6C4DB73
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.737829155311914
Encrypted:	false
SSDEEP:
MD5:	CFED8A7157642F79C42E6E1248EC7DB4
SHA1:	E325955B23392FB728A746A93FBFCA2955C7CF76
SHA-256:	C74C27C674E727AAE4F407C292D57FFDE9BFA37025E99AD3B414EB8D2C98FEEB
SHA-512:	822933B41B2C9A75EEA33E28BA5289C0331A4A799CA4A4975D6B3B6F815F3E2212513979662D297DC30F09B59C533528AD9DE5AFA4436A67A458E4C4B59634C4
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.320824360802402
Encrypted:	false
SSDEEP:
MD5:	1B6D0E27614EAFFE00A0B9BBCF74B08E
SHA1:	93E508F23894BF5723ADF00037267E90DFB172EC
SHA-256:	E45D2F5A0DE82654806AEB02B69B6729289E5ADBB8A2853EC3DF9F519B21D145
SHA-512:	3CA527843BBE874DCC576B410BDBE3E355252495509E7C040409CDD47001EDBFD192EC899BA3877ACF1C63729A3568D1B3D4DEF443D95E0A5AE89B49124D4A7F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.773838541010832
Encrypted:	false
SSDEEP:
MD5:	11CD01E50A9AE9A6F840BC76D1EFF4D6
SHA1:	D0A3171EC5BD7B9A3E0F9F5BEC176683E572B930
SHA-256:	C7CCE58678F29A3F49A17EAC92D90F43779DB7D0EF82EE17618774DF29DF4055
SHA-512:	AC2558AB7C0E1DB92ABB5D48AA1FC0CD8F782503E5124D556E6295CE5C542A97ADDD7FF60045B48A424FF6EF3A928DF4AF442B071F2E0826995A84ED672D5210
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.30422833572161
Encrypted:	false
SSDEEP:
MD5:	CB9CEF9CDD52D7E4E0EB5028F92B9863
SHA1:	E4A7AC5F2B66E7CD2C10C018644E7119D97A5992
SHA-256:	2C6DA010056DFC019EA3CF919FFEC3DCA53676198DB4CA6EFE02D364B1E01F57
SHA-512:	6D755FF00C86E74C3FE1BD9CF0A87801097E35D7C9BCF8B93B0D2620209A44288D0F95134AA6F3631A4781244E4398B4B12C87E4AD08F4CE28661881E508FA50
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.3075835156756295
Encrypted:	false
SSDEEP:
MD5:	9A4774D85B3A55D8B928366DE1745BD2
SHA1:	BE2F4F24B950100FC3F71AA5F30C79A35F8AE32A
SHA-256:	B3B135A05A8BE5B6369F3FF75630D56495A13DC69BB8CD356215402800D3FDD7
SHA-512:	2EC811C8792D6453CEC03DF7E205725D4C3A619042DF13AFCBE20D81867A424E60245F918D903042C4E49D51DFD6D65508DE5DD673B937A91C8A403534BFA561
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.327936967085673
Encrypted:	false
SSDEEP:
MD5:	61930C24D5E6A43095F3B2AE9470B28C
SHA1:	7138524F293A857E3EA596A3B4E317426823B126
SHA-256:	26267F063C8A2C7D73AF72AE861A0FF31A0FDC9093726900FBD18EDD3CFC65BF
SHA-512:	1F802E8D92B95DF13BBE1509C0BD6E3E26FD9728690430B46D9A14476E74AF71E89BF73AC1F99F8B22BF73E42EBA8037DB491F4B215FC24C8B90873D030A601A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.283888509227868
Encrypted:	false
SSDEEP:
MD5:	6FBE3F44F1E5B4CAF2162C1F75B8D59D
SHA1:	CCA784C95B4863BC86A4F01725C91D6BFB3AFF17
SHA-256:	92AD630CDF3FB8323861EB06D8BFF93CBCF9FFD3B4401DF0D2FCE50A78F30050
SHA-512:	8F54FAC47A38EC6302831DBBF090886A1B94FA0433561DD60D80D56B2D76E8AE1C68BA3057E2257E5DB2E9DB53B0065DE935CEB612B0FBBF0FC2F8A35EBDD366
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.370541052700901
Encrypted:	false
SSDEEP:
MD5:	CEDEF9EC50BF5399F79060ED16CCF119
SHA1:	F4199E26E7022E4A7D932B84040CD81964E27EC2
SHA-256:	564445F21461D2BF675490986F410DC3E6022A3CF0229D21CFF5B0F9DD327767
SHA-512:	0B27500A6A250399637F266057EA6A994B259F4E0D913E1160EE4E2A70EF28A8AF1C4B145570836ECDBC41F533D88104E4AD5981AC2BF6C2F69C493FF51158AE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"f3f4202b-98de-44d6-b239-ba12e65e21c0","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1720211818596,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1720034128626}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.115908783389262
Encrypted:	false
SSDEEP:
MD5:	6C67828612E4D3A26B486026EA4FABC7
SHA1:	5836B3DE5CB27DB528E4958E212AF02D2CDD9BFD
SHA-256:	646C1AE9A427F520988661E8F67B1F2E4E49EDE75B942E8133FBDEE7B8FFD21F
SHA-512:	0334E562779662B6CC3DFE58F1E459EABAEA8D78D94C2F30FC0EB3E31143301ECAA43BB02144BD5F31949191B947E8ACEED015219BAACDE3094F3F02047D55D4
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"a1aae2e6206c52dc47a798c40894d149","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1720034127000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"bf2a51e41877d5cdc9fc4aacac1dd805","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1720034127000},{"id":"Edit_InApp_Aug2020","info":{"dg":"306d505d2ba0e57908a4d874c8fb27c1","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1720034127000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"4b0495299173828eb0e13df4d4a02ad7","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1720034127000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"8573de890e9f21d89bdc5feb4131b2d9","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1720034127000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"d7e2e0ad90a0e0b332e4661a4f02d0cb","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1720034127000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9880855340900577
Encrypted:	false
SSDEEP:
MD5:	604CEAA6C00247917E679B254321082B
SHA1:	87E4175D2BB0E5EBD551019340FC6136C8BB9283
SHA-256:	8B9DE642A8B3912D1B282EFB83CF07641CC2AF37E49F78E8C3B8D6C4F00F89A9
SHA-512:	C0D94F129410E7B83E2705BA8E637872284D2BC61F9CDD346601CCD95F6F69361EB47461D671ACFCB4C234AE95A129A2D6268136AA7F22989E2D47D17C9D6584
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.345197183384712
Encrypted:	false
SSDEEP:
MD5:	F7371BC4EA8A6E42DD575F35176B8CDB
SHA1:	48E02BDFC938B6D9928FFFBB6A55088F355F36C7
SHA-256:	D2449B9EF741A2CF286F982BAF83511FC8048FC5790D7DCAFE012AE46C58C35B
SHA-512:	3752A10423310A044E2345A3BD2D3587F5E56F761DB197544C44C0C170689CAD41DC1F18DFBCFA6E77B199B94365DA79F2BEB30E42D76DF544F252EA8E15D077
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....J.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIa4477.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5309417490522437
Encrypted:	false
SSDEEP:
MD5:	D3D087E0F21CDB6AC2715540FB4860FB
SHA1:	0367014E5F21826A751389380DB715824A7BA62D
SHA-256:	254F5C5700EC03619BAB0E514C8556E1CE09F7C84138E29ED21D8F90066DA6A0
SHA-512:	8A1DD352630E4034B4DA6C3F124437C6C311B34C5268866BC409492DDF95497ADAC693A426276E9047C5B2ACC93DE4995FEB476F137D9263F601E032E5B4F94E
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.3./.0.7./.2.0.2.4. . .1.5.:.1.5.:.2.9. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 15-15-24-551.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.32985656213339
Encrypted:	false
SSDEEP:
MD5:	B4EDEE9A7C6A059D2E509D5C2C098032
SHA1:	498CBE41F5A94A63FCFE5EF36C0B0EEF80257E3B
SHA-256:	9E3982C43325C819F2AFA03181267E480934DD5EBBEFFDF11C9A535216CBAF56
SHA-512:	81F8C650D9DB8646E3542AA808775F515E22332DE7F304A89FC68E6E068BF0603AEF4DA2810BA0FD2257E0C51F0FD8A95920E782E7B4B9C06FCC30C2967572CC
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ff44d403-73eb-4ab5-8bb6-0d0f90cec41e.1720034124563 Timestamp=2024-07-03T15:15:24:563-0400 ThreadID=6280 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=ff44d403-73eb-4ab5-8bb6-0d0f90cec41e.1720034124563 Timestamp=2024-07-03T15:15:24:564-0400 ThreadID=6280 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=ff44d403-73eb-4ab5-8bb6-0d0f90cec41e.1720034124563 Timestamp=2024-07-03T15:15:24:564-0400 ThreadID=6280 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=ff44d403-73eb-4ab5-8bb6-0d0f90cec41e.1720034124563 Timestamp=2024-07-03T15:15:24:564-0400 ThreadID=6280 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=ff44d403-73eb-4ab5-8bb6-0d0f90cec41e.1720034124563 Timestamp=2024-07-03T15:15:24:565-0400 ThreadID=6280 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.4193994477024505
Encrypted:	false
SSDEEP:
MD5:	32676B3BFC77FD911C230189E655C2FD
SHA1:	48CB812CC8309A886CA460656B2E56965680758F
SHA-256:	8C23F5F2FE1E67EF260401A4E4050FA44C40F648D7C3F78FF2B4DF37BA94383D
SHA-512:	2493145A1E109201A9456BCDC76A0AA16BC498696AB146099DE5D18BCCF5247BCEDA63C464BD4230EB98130C21B05A77736D39A6DEC20D181400336127BDA8E7
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\19ab12da-5296-49b9-8beb-5ccebb9aa76b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	CF199C0DF13EA982569ED42E93E899C2
SHA1:	8819BBBB5AE1810DAB7F9BC347D0CAE1C7DF5262
SHA-256:	85C89DE533AC6C8748763A3BFE37DADB538F0C46022DF8BE7BE8BA0403F1891F
SHA-512:	BC16452E081E7E80CF677A49CAF8F4F6106D56B2EF48113AE720DB0227EAE905A26A0122924A21D70AD3F09418F07775ADE0A016AF04781EE56B2060D3272D05
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\78274ed9-5eaf-4670-87ff-4af26d61d537.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\a843e125-ab33-464d-8ba4-1a7510747e5a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	207450D6B117C53B842582BEE9AAD59C
SHA1:	1461AD75274ACB600EF67AAD4621C3E949D894F8
SHA-256:	D92A0BDDEEE3AC93BFC5490300394E0C8FA0FC1DFADA8A36CA146EEF262142B7
SHA-512:	ACB129346A9A6A0E7B367439F8D937B6506E9097CCAFF9EAD9AAFA362CC47E0074CA0E9A09E1BDD5EDDFFE9C1C497113FE7EAF75A1505E0BBF59F61DFAA21410
Malicious:	false
Reputation:	unknown
Preview:	...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.\|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..\|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...\|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U\|}../xS}.q..B\|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

C:\Users\user\AppData\Local\Temp\acrocef_low\c2f3fedd-00e9-4baa-8722-58b20b08a2e9.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:	PDF document, version 1.4
Entropy (8bit):	7.80398279681686
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	REGISTERED LEGAL NOTICE AND DEMAND.pdf
File size:	10'483'149 bytes
MD5:	ebc0c57a71d16d0c8e2f1972a676b802
SHA1:	a3f4f5230f1baa2f9de773f20c340eda3b9dab47
SHA256:	f524dbd0d47d9115488e8c70d1b5525ad073f937bf5cf14bc0c071644535c2ec
SHA512:	206f1d2affea65d1ffd0b266765b43df0e27f77223fa68d269b1b9ff90acd33a0c556405131bab2ba815f274fb60cd90d7978ec943db5088bdb3ec112b141a5f
SSDEEP:	196608:ewl75blnaareqe/fLyXlbIb80FK+MBm+arf31AI:ewV5bxtI/egaMT1/
TLSH:	4EB6E0EFABDD40BA4D864370FD05458A9FAD584CAEF84790103B413FA98655CB2FA87C
File Content Preview:	%PDF-1.4.%......1 0 obj.<< ./Creator (Canon SC1011)./CreationDate (D:20200828210341-06'00')./Producer (\376\377\000A\000d\000o\000b\000e\000 \000P\000S\000L\000 \0001\000.\000\.3\000e\000 \000f\000o\000r\000 \000C\000a\000n\000o\000n\000\000).>> .endobj.2

File Icon


Icon Hash:	62cc8caeb29e8ae0

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report REGISTERED LEGAL NOTICE AND DEMAND.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d86c453f-9133-4a2d-a44e-0f7169511ae5.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240703191526Z-162.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1092

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSIa4477.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-03 15-15-24-551.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\19ab12da-5296-49b9-8beb-5ccebb9aa76b.tmp

Windows Analysis Report
REGISTERED LEGAL NOTICE AND DEMAND.pdf