Edit tour

Windows Analysis Report
letter_Request in criminal matter no 23233051091.pdf

Overview

General Information

Sample name:	letter_Request in criminal matter no 23233051091.pdf
Analysis ID:	1467808
MD5:	02cf359bd3267133e2d5ea76f264eb31
SHA1:	230c1593e7f76fc0e05be2c18e7f5579fc373d43
SHA256:	71ad13ec19dc09f68b2f13ef02ef5462a6ad461ef0417b6bec1267479d0fdf71
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7488 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\letter_Request in criminal matter no 23233051091.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7676 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7864 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1736,i,16326239885150777202,8947239153147788887,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox View

IP Address: 23.200.196.138 23.200.196.138

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.1.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: letter_Request in criminal matter no 23233051091.pdf	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: letter_Request in criminal matter no 23233051091.pdf	String found in binary or memory: http://www.color.org)

Source: classification engine

Classification label: clean0.winPDF@14/49@0/2

Source: letter_Request in criminal matter no 23233051091.pdf

Initial sample: http://www.color.org

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7568

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-04 13-52-31-969.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\letter_Request in criminal matter no 23233051091.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1736,i,16326239885150777202,8947239153147788887,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1736,i,16326239885150777202,8947239153147788887,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: letter_Request in criminal matter no 23233051091.pdf	Initial sample: PDF keyword /JS count = 0
Source: letter_Request in criminal matter no 23233051091.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: letter_Request in criminal matter no 23233051091.pdf

Initial sample: PDF keyword /JBIG2Decode count = 16

Source: letter_Request in criminal matter no 23233051091.pdf

Initial sample: PDF keyword stream count = 23

Source: letter_Request in criminal matter no 23233051091.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://www.aiim.org/pdfa/ns/id/	0%	Avira URL Cloud	safe
http://www.color.org)	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.aiim.org/pdfa/ns/id/	letter_Request in criminal matter no 23233051091.pdf	false	Avira URL Cloud: safe	unknown
http://www.color.org)	letter_Request in criminal matter no 23233051091.pdf	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.223.209.217	unknown	United States		16625	AKAMAI-ASUS	false
23.200.196.138	unknown	United States		2860	NOS_COMUNICACOESPT	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1467808
Start date and time:	2024-07-04 19:51:39 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	letter_Request in criminal matter no 23233051091.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/49@0/2
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.43.60.134, 3.233.129.217, 52.22.41.97, 3.219.243.226, 52.6.155.20, 2.22.242.123, 2.22.242.11, 172.64.41.3, 162.159.61.3, 95.101.54.195, 2.16.100.168, 88.221.110.121, 2.19.126.143, 2.19.126.149, 192.168.2.4
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, identrust.edgesuite.net, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, a1952.dscq.akamai.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, apps.identrust.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: letter_Request in criminal matter no 23233051091.pdf

Simulations

Behavior and APIs

Time	Type	Description
13:52:42	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Input	Output
URL: PDF Model: gpt-4o	```json{ "riskscore": 2, "reasons": "The document does not contain any visually prominent buttons or links that could mislead the user into clicking on a potentially harmful link. The text in the document does not create a sense of urgency or interest that is typically associated with phishing attempts, such as 'Click here to view document' or 'Open the link to see your invoice.' The document appears to be a formal communication from the Police and Border Guard Board of Estonia, and there is no impersonation of well-known brands. The text does not connect any sense of urgency to a prominent button or link."}

Input

Output

URL: PDF Model: gpt-4o

```json{  "riskscore": 2,  "reasons": "The document does not contain any visually prominent buttons or links that could mislead the user into clicking on a potentially harmful link. The text in the document does not create a sense of urgency or interest that is typically associated with phishing attempts, such as 'Click here to view document' or 'Open the link to see your invoice.' The document appears to be a formal communication from the Police and Border Guard Board of Estonia, and there is no impersonation of well-known brands. The text does not connect any sense of urgency to a prominent button or link."}

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.223.209.217	RGRET06N.htm	Get hash	malicious	Unknown	Browse
23.200.196.138	Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdf	Get hash	malicious	HTMLPhisher	Browse
	Complete with Docusign mark.pdf	Get hash	malicious	Unknown	Browse
	Agreement for Bmangan 5753.pdf	Get hash	malicious	HTMLPhisher	Browse
	http://62.133.61.26/Downloads/MOD_200.pdf.lnk	Get hash	malicious	Unknown	Browse
	AGREEMENT AND APPROVAL REPORT AERODYNE- RN & FR OF 2024-50254_6.5.24.pdf	Get hash	malicious	HTMLPhisher	Browse
	NEXT Oncology.pdf	Get hash	malicious	HTMLPhisher	Browse
	scan@azteccontainer.com_Mark.pdf	Get hash	malicious	Unknown	Browse
	March Order 60800.xls	Get hash	malicious	Unknown	Browse
	Frankdocument.pdf.lnk	Get hash	malicious	GuLoader	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	Vidar	Browse	23.192.247.89
	http://sharepoint-stonecuttercapital.com	Get hash	malicious	HTMLPhisher	Browse	23.38.98.114
	https://lantzlagetnet-my.sharepoint.com/:b:/g/personal/christian_lantzlaget_net/EfvDbyrsR1JBhKxhyaS6aX8BVyu8MWIYIqkyeRAJSRL2yA?e=6Phvc1	Get hash	malicious	Unknown	Browse	23.214.40.215
	205.185.124.50-mips-2024-07-03T23_47_54.elf	Get hash	malicious	Mirai, Moobot	Browse	2.17.90.178
	https://wellbeingcaresolutions%5B.%5Dfreshdesk%5B.%5Dcom/support/solutions/articles/201000067168-wellbeing-care-solutions-ltd	Get hash	malicious	HTMLPhisher	Browse	23.212.88.20
	95DVgihS4k.elf	Get hash	malicious	Unknown	Browse	184.26.133.196
	addvXQnjp3.elf	Get hash	malicious	Unknown	Browse	23.64.221.35
	d54Y7Ql8sO.elf	Get hash	malicious	Unknown	Browse	23.67.70.103
	Invoice - 13604562148823146027218688082530555300774892366170 - Pilatus-aircraft.pdf	Get hash	malicious	HTMLPhisher	Browse	23.47.168.24
	https://we.tl/t-dQx6fJKslT	Get hash	malicious	Unknown	Browse	23.211.10.211
NOS_COMUNICACOESPT	Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdf	Get hash	malicious	HTMLPhisher	Browse	23.200.196.138
	q9WhhN00yY.elf	Get hash	malicious	Unknown	Browse	89.154.182.23
	Complete with Docusign mark.pdf	Get hash	malicious	Unknown	Browse	23.200.196.138
	94.156.79.133-mips-2024-07-01T19_26_38.elf	Get hash	malicious	Mirai, Gafgyt	Browse	109.48.19.42
	Agreement for Bmangan 5753.pdf	Get hash	malicious	HTMLPhisher	Browse	23.200.196.138
	http://62.133.61.26/Downloads/MOD_200.pdf.lnk	Get hash	malicious	Unknown	Browse	23.200.196.138
	AGREEMENT AND APPROVAL REPORT AERODYNE- RN & FR OF 2024-50254_6.5.24.pdf	Get hash	malicious	HTMLPhisher	Browse	23.200.196.138
	owONvNMYXu.elf	Get hash	malicious	Mirai	Browse	79.168.120.120
	botx.arm.elf	Get hash	malicious	Mirai	Browse	109.48.20.29
	6RO84oS26Q.elf	Get hash	malicious	Mirai	Browse	94.132.93.157

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2593749908568315
Encrypted:	false
SSDEEP:	6:BOZMH9+q2Pwkn2nKuAl9OmbnIFUt84OZMMMJZmw+4OZMMM9VkwOwkn2nKuAl9Omt:E04vYfHAahFUt81eJ/+1eD5JfHAaSJ
MD5:	7A89B1A4DFF88E3CF82CDB11E6A25F1E
SHA1:	8203E076F6B9DD58524CE6219130E679001D2937
SHA-256:	B763D414BF2A8471974A4F2039F50D6C82921029680966D5A9F2EFED68973981
SHA-512:	C284B05662A7BFD6077DED7FC3FAC6B8FC5DCE90FD814DBB24381699A8EBDF45A871573C49C4F7DA70B2CE16747DFF7466345D53035B498AE09086A2ABF0E57E
Malicious:	false
Reputation:	low
Preview:	2024/07/04-13:52:29.679 1e28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/04-13:52:29.682 1e28 Recovering log #3.2024/07/04-13:52:29.682 1e28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2593749908568315
Encrypted:	false
SSDEEP:	6:BOZMH9+q2Pwkn2nKuAl9OmbnIFUt84OZMMMJZmw+4OZMMM9VkwOwkn2nKuAl9Omt:E04vYfHAahFUt81eJ/+1eD5JfHAaSJ
MD5:	7A89B1A4DFF88E3CF82CDB11E6A25F1E
SHA1:	8203E076F6B9DD58524CE6219130E679001D2937
SHA-256:	B763D414BF2A8471974A4F2039F50D6C82921029680966D5A9F2EFED68973981
SHA-512:	C284B05662A7BFD6077DED7FC3FAC6B8FC5DCE90FD814DBB24381699A8EBDF45A871573C49C4F7DA70B2CE16747DFF7466345D53035B498AE09086A2ABF0E57E
Malicious:	false
Reputation:	low
Preview:	2024/07/04-13:52:29.679 1e28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/07/04-13:52:29.682 1e28 Recovering log #3.2024/07/04-13:52:29.682 1e28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.189985883557801
Encrypted:	false
SSDEEP:	6:BOZWDQnVq2Pwkn2nKuAl9Ombzo2jMGIFUt84OZW2WYgZmw+4OZWYDIIkwOwkn2ng:EzVvYfHAa8uFUt813Vg/+1VII5JfHAaU
MD5:	144EFDD57AADDFBB68670951DF8290BD
SHA1:	17DED82B33784B6D0979C7CCBB8506DC6A53C2F1
SHA-256:	72C0F9ED002996062AD797127DAD9C81811CBAEDFA343C6B5060BAC9BB9B11DA
SHA-512:	0295680FE5AEE2FC82E5450A3D21018FF4D624FB4A8179E940CDDE34EA2F9D87C12E91B9255EE66B82B7DD86D043FED65A6506C88080AC8A693E9AC7FDF034F7
Malicious:	false
Reputation:	low
Preview:	2024/07/04-13:52:30.069 1f20 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/04-13:52:30.139 1f20 Recovering log #3.2024/07/04-13:52:30.147 1f20 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.189985883557801
Encrypted:	false
SSDEEP:	6:BOZWDQnVq2Pwkn2nKuAl9Ombzo2jMGIFUt84OZW2WYgZmw+4OZWYDIIkwOwkn2ng:EzVvYfHAa8uFUt813Vg/+1VII5JfHAaU
MD5:	144EFDD57AADDFBB68670951DF8290BD
SHA1:	17DED82B33784B6D0979C7CCBB8506DC6A53C2F1
SHA-256:	72C0F9ED002996062AD797127DAD9C81811CBAEDFA343C6B5060BAC9BB9B11DA
SHA-512:	0295680FE5AEE2FC82E5450A3D21018FF4D624FB4A8179E940CDDE34EA2F9D87C12E91B9255EE66B82B7DD86D043FED65A6506C88080AC8A693E9AC7FDF034F7
Malicious:	false
Reputation:	low
Preview:	2024/07/04-13:52:30.069 1f20 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/07/04-13:52:30.139 1f20 Recovering log #3.2024/07/04-13:52:30.147 1f20 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.96719361479114
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqUKhsBdOg2HOcaq3QYiubInP7E4T3y:Y2sRdsphdMHx3QYhbG7nby
MD5:	896E4A066285568C926C4B7B5BC53EDF
SHA1:	8E9521F96F4E78D26A90771D8E175D324ED20540
SHA-256:	52DCEFC49BC56035BF93BB8359AF33CB3C4A5A1A11A00B38F60766BD3DB62216
SHA-512:	37CA62143CC9A003B1591001CA45E8E9767DE2938ABB3C3545A7CBB889807B3E7DE9275A49F4BD76A2ACB5C1C084CFB4283F39AA3F9D914BCD84F7EB93B7979B
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364675562371084","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146649},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\cd7e82b2-5389-49b1-9412-ee040d0300aa.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.96719361479114
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqUKhsBdOg2HOcaq3QYiubInP7E4T3y:Y2sRdsphdMHx3QYhbG7nby
MD5:	896E4A066285568C926C4B7B5BC53EDF
SHA1:	8E9521F96F4E78D26A90771D8E175D324ED20540
SHA-256:	52DCEFC49BC56035BF93BB8359AF33CB3C4A5A1A11A00B38F60766BD3DB62216
SHA-512:	37CA62143CC9A003B1591001CA45E8E9767DE2938ABB3C3545A7CBB889807B3E7DE9275A49F4BD76A2ACB5C1C084CFB4283F39AA3F9D914BCD84F7EB93B7979B
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13364675562371084","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146649},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.252648040992717
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7ONEV/LNJVZ:etJCV4FiN/jTN/2r8Mta02fEhgO73god
MD5:	48D35717467D2446318C5AB92E6E2386
SHA1:	725540D7660A4B99CDF46D705CD0B09727614FD0
SHA-256:	4DBC3D4F8157209DBA7EB3D2ACE88E815B7A61389324EB896AEE736F129C8DE5
SHA-512:	7CEF21EC2B096C372AE0CF2B27F24BF65E845437BBCA833693B2AF1AFFC2ABAC04FA29BC48828BBE4DA80FAA05B6AAD1A2FAF1FDEC951008BBE1E29CF246444E
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.203054838862397
Encrypted:	false
SSDEEP:	6:BOZW22Vq2Pwkn2nKuAl9OmbzNMxIFUt84OZWc2gZmw+4OZWBqI0IkwOwkn2nKuAo:E32VvYfHAa8jFUt81Yg/+1wZ0I5JfHAo
MD5:	145511AA82FFB0FDB87F7AD397D5C432
SHA1:	FDF10D963CB95887763DAAF18E2878107E4340FC
SHA-256:	430385774DD5ABF89864AB435C0F0670D9F0B48A56F7FAEDE064EAB23B0CEE80
SHA-512:	B48684EF5C31BF1F986BE9A5FB1831877CED3F4960FB84D046E4FE4001FE393A7FE43BDBEEFD88C8201D4865EA8FE00F048586AA4C24E828657E93DD13DB8D63
Malicious:	false
Reputation:	low
Preview:	2024/07/04-13:52:30.139 1f14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/04-13:52:30.155 1f14 Recovering log #3.2024/07/04-13:52:30.226 1f14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.203054838862397
Encrypted:	false
SSDEEP:	6:BOZW22Vq2Pwkn2nKuAl9OmbzNMxIFUt84OZWc2gZmw+4OZWBqI0IkwOwkn2nKuAo:E32VvYfHAa8jFUt81Yg/+1wZ0I5JfHAo
MD5:	145511AA82FFB0FDB87F7AD397D5C432
SHA1:	FDF10D963CB95887763DAAF18E2878107E4340FC
SHA-256:	430385774DD5ABF89864AB435C0F0670D9F0B48A56F7FAEDE064EAB23B0CEE80
SHA-512:	B48684EF5C31BF1F986BE9A5FB1831877CED3F4960FB84D046E4FE4001FE393A7FE43BDBEEFD88C8201D4865EA8FE00F048586AA4C24E828657E93DD13DB8D63
Malicious:	false
Reputation:	low
Preview:	2024/07/04-13:52:30.139 1f14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/07/04-13:52:30.155 1f14 Recovering log #3.2024/07/04-13:52:30.226 1f14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240704175233Z-152.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	2.4888257274914984
Encrypted:	false
SSDEEP:	384:yV1O1CVMOfU1MgkgZ7N8hNN+Y50G6uJKeWRW+xGS/v1wU:2gWfI4gvQOYD6sKeW/xl3D
MD5:	5F15EA9D46D26EC5DF4E67AFC7FBC09E
SHA1:	9036EFE3D2D81C218FE8BDAE3539B52C02CC8BB4
SHA-256:	421F858D5CFBAB192418048E522137E3537C7A829E542B3E22CAC7BF2453A4F3
SHA-512:	63CC513D3DC2B64771B8E20EF9C1B3856FE156B51BA3E91DA0AB2D88D7B434A22CCBD366611CB928314628A224061A588BCADCCFAA188BC95D3376EBB15E5D78
Malicious:	false
Reputation:	low
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445107661278455
Encrypted:	false
SSDEEP:	384:yezci5teiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rxs3OazzU89UTTgUL
MD5:	7F69676A726A2AA1C8FEC4AAE557BB60
SHA1:	D46AA1596B72CF5740989B526BDD7BAD928F6534
SHA-256:	50AF6CCCC56E0B66C33BA430D99CBFC7B75AA94AE3EB7FFA0B45E94D3D8EC763
SHA-512:	E3BDFB649A112417377252B681C4E566DB8495C400DFF1B3B98B21BC9266AECC52060A170DBA9CE53BEACE4F89178503D9111945F9004692348AE59D19D21B16
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7752277472202462
Encrypted:	false
SSDEEP:	48:7M3p/E2ioyVNioy9oWoy1Cwoy11KOioy1noy1AYoy1Wioy1hioybioyVoy1noy1h:7cpjuNFoXKQkub9IVXEBodRBky
MD5:	6E673C334C8827C5E6F7B7AE2062F36D
SHA1:	9C4002E82092368A610B667D8F64FA4DB6E37DB4
SHA-256:	19B8D63F9141134A621C5AE9549D98B2CA826A990EFB9C86EED88B5CE4F0075D
SHA-512:	300229DEA46E1BB2541BFF8D9DF5CAF736DF347A95BE3A1D2873C08E15CD9AB6D14EC02BC014DE6C09A3770617443640BDD0643EA5F1D1182C17855442642EF7
Malicious:	false
Reputation:	low
Preview:	.... .c.......j................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1379890379152853
Encrypted:	false
SSDEEP:	6:kKRew3l99UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:5ewqDnLNkPlE99SNxAhUe/3
MD5:	8DD397900EF5DD03F7C146621F3CACA4
SHA1:	972626659B0432BEF2307E0ECC51605F0400E9EE
SHA-256:	3DEC84AE3E4BB42778D1819C712D8C6D482B3BD6C4782362CCA75FBC2443F69B
SHA-512:	2B39F678C2598EAEF6552FA9A5BE7E2D1BF6D2AA9F165142822F4C2537EB238B38CF83922956381180BCAC3D630B61B157331CD24C68645EC428DC60933AC69D
Malicious:	false
Preview:	p...... ........$...;...(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.004603700617524
Encrypted:	false
SSDEEP:	3:kkFklLDsVXfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7ln3:kKjVLxliBAIdQZV7I7kc3
MD5:	563687D60BA85378C94668CEE31B5993
SHA1:	874B4DE69887E0F79A4372521C4076616EAABE28
SHA-256:	18F637CAF1FE174A021FB05F14C6AB4EF865EA71B84352FD753ABF8921370946
SHA-512:	937E52D038DA0E27CB8A1577DE1B59228667BE60F321A9D000075D1812520B238647A3563CD345B4385FEF30530DBC11A296B89B0FF8B492F1C3375ABFFE5372
Malicious:	false
Preview:	p...... ....`...:...:...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7568

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.339189997309588
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJM3g98kUwPeUkwRe9:YvXKXBIPQlZc0v7ZusGMbLUkee9
MD5:	3B0C1D0A6526B3B2A681CB5090EBE4CE
SHA1:	885A1571576C81F54C8213D27FBA83A66EA83116
SHA-256:	32B87C3F0CD7012EFEAFC0937DF6018498C0B6054DBF56C8BF55BB6762DF635B
SHA-512:	DDFEC143D217A67AB72EA9C48A1B09B0572C1546278D595A1CF1597F17788D3512E10F6566415D564A7E4063F4206B116564895C174BFB5F528D0D6B2057B8B0
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.286881252553818
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJfBoTfXpnrPeUkwRe9:YvXKXBIPQlZc0v7ZusGWTfXcUkee9
MD5:	1E37F53B84A98E9AF6AB016E1F3D4B51
SHA1:	9732CC66B4AB1BF0EA0C97F4A8A8BD2C7D3E1201
SHA-256:	8F1DFF51C5A040401C4020C806C39928FF87F14D15E5FADBA14328921A0D53CA
SHA-512:	3CE4358EC9FF0C81207DFD5EA92E4D28BD4DE99A84A94D7A91ADD0264983EDA5D123D02F9BFEC652A32383C81CAB7A5DC7CC4A9F7CED0929C6459777F9EB317E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.264291515264593
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJfBD2G6UpnrPeUkwRe9:YvXKXBIPQlZc0v7ZusGR22cUkee9
MD5:	462205EE971A9912B0CDE3EC45A09D74
SHA1:	E01FA89862EF82CB8AF3D21B61166BD135155FC9
SHA-256:	AE98C255D278DDD0AF9E045B5E371AA910DC0A0937A48F0D8FF369D4574C896A
SHA-512:	1065E3CF377C1E4AA7C04CE5043E04E45B842CE702D8C6915955252EE96C28BBB5A49598553AA7644CCFF88A7E0BC1298DD04F9B1F58657EDF5696F61B2F140C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.325352314416761
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJfPmwrPeUkwRe9:YvXKXBIPQlZc0v7ZusGH56Ukee9
MD5:	3C6D1EBE05B42E08AA555D22F0943E7E
SHA1:	F60C1DB852402CBAC58A6841F815FDB457B5069D
SHA-256:	852DF22C814756D52AE7A3FEA58F6DF94BE17089DE6EE8F202AC783915264C47
SHA-512:	CA9E3F3F4A4E41ED4C48FA32E507C786C4F3DE0A28562EEBBEDA2770059133383DBAA6D9CD217A6ED809CD7794A33A7AE6BF2C91AEC6E70B05807A41510A67BA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.286707965313445
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJfJWCtMdPeUkwRe9:YvXKXBIPQlZc0v7ZusGBS8Ukee9
MD5:	B08500144699BE2B5D851F1FB9897D60
SHA1:	996F65D7027C61851C3CF2A01D3A2D7DE85FC216
SHA-256:	0F665C9329EA0AFE4A5C52F57788D9D7A08BFB71346572B7D5F3324B1CAA17F0
SHA-512:	EED243EDAD7A48D7604B5D486908C65A9A9FF1DF64CFE2F58DE3CBD7626BFFCFB2CF8C88C8297A27E888EB2F74F4C876F02EB574F0374B52E904B06602FEDC78
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.272097289880373
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJf8dPeUkwRe9:YvXKXBIPQlZc0v7ZusGU8Ukee9
MD5:	94D97BDDEC9D29EEF8E2A8A5D7DB4D1B
SHA1:	983B34D7BB90FDEE905804DD48CFDD3F12BD9A66
SHA-256:	D436597D34A982BF4C27A92DD0028DD3CD67985AA4D70BBFC6FD9542E5E219FD
SHA-512:	610586063E3DD3D0542EB98B8E57D9D04C52C033E9F6A18F24466E33836C2945551B99C5240B7BA66134EE1F493AF80A2EDD5E871081DC3CB972333D18669C52
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2759755998025675
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJfQ1rPeUkwRe9:YvXKXBIPQlZc0v7ZusGY16Ukee9
MD5:	4DBC2DB633BD6F06ADA82FDAC892B8AB
SHA1:	D31AD81C4DCA5C2EE6E1844E9703E84B2D8688B8
SHA-256:	61F13EC3AA4C77CF192D20C5A3884983CA3D17805C07EC99B550FF72B2DC99A9
SHA-512:	013DC6A3C1F687229A5F64AB76FE2DBE412A68E7D4ABC77E18801CE12C487315016AC15A96389DBB0CC07FD30F6E0E4D49C402E71D625DB93AD15E56470F47C6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.283660857578921
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJfFldPeUkwRe9:YvXKXBIPQlZc0v7ZusGz8Ukee9
MD5:	DE341380C6B89333480BE7053AD5AFBD
SHA1:	01F0D96791BE131BB58D0516722A3777976C60B8
SHA-256:	792086E5954CCF8E53E26FADFE36735E1B3916B0080B07A13A845A7A80206062
SHA-512:	7243BCDDA96567D3729CAA6C3BE489964CE726754AFD149AA223DA1EFA53D667FE6876B45C5171592440199ED475DBC8BEB672665BD6415E610C76D752768C90
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.73461542586613
Encrypted:	false
SSDEEP:	24:Yv6XB6Qlzv7DKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNlz:YvE6QJvEgigrNt0wSJn+ns8cvFJrz
MD5:	2F681F4A6532A8DC0ACB4845B30D5233
SHA1:	36AE62DE46FC65052E35F4577232A06D3859A21F
SHA-256:	0E643F48C21242021F4CBDD9B824CA0428F0880FA7A34B78FEC148DF8FBEF390
SHA-512:	04381A874FEA33C4436F2836658B0CF389F27A1C4D699785484AABBCD987F8EA2707A6FA3FFA6ED706511DFC86CF8C6B5A61F5D7658E5236E7835ED783DAB0CC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.279643284653327
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJfYdPeUkwRe9:YvXKXBIPQlZc0v7ZusGg8Ukee9
MD5:	7B984D0C2207A281F854EE948C92C71B
SHA1:	FE519C72E6EA59FAACBF467DA0022ECDE2E0A803
SHA-256:	FD36B0083396F0866A9C412C0C13149DD590CDF626259E7771516FA68B668FA0
SHA-512:	C560D2962E078AC7BBEC624F1AA902D3081542D69345021D5AF6981B47FB8F16E417CFEB1CFC1F9EC4D36495EE19CD5F0427C92412B61DB288924F682BBE7BE2
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.7737832547499695
Encrypted:	false
SSDEEP:	24:Yv6XB6Qlzv7erLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN9z:YvE6QJyHgDv3W2aYQfgB5OUupHrQ9FJL
MD5:	CB769BDF93699072065A0A4D963AE385
SHA1:	EFBA74D01BF75FAC2244F02CBC6C4DC3E1E3C813
SHA-256:	368B85353C6AEC37874D9B3EB59F8664FB528BF59FF51EE3D938616FD3EEBBF2
SHA-512:	9DF448C58F39A30D71464668C300D534A030EBEC05945297E95F678A4D8B493492406E0861EFFD94C9075FF590F8997F06D20B820A82BFF527C14BD1B7AC325D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.263330291023732
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJfbPtdPeUkwRe9:YvXKXBIPQlZc0v7ZusGDV8Ukee9
MD5:	192DC42CF8F01EEA6A0596D30A623E17
SHA1:	8858D636308F9981992DC931FA9755991A7BADB0
SHA-256:	960013EDA45328C4937FE04AB0F080067CBAF9F8437B7A38AE4CC59C8483234A
SHA-512:	2649D4E08CE8A34E2BA2F4E3B564E2AA8DEC559F928AB569496B84E091A94D13611CB70BF0EEAA15E41EDB3B7A22D9CB0CC6F3BD01D3E70751C784860DF91B11
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.267385595708792
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJf21rPeUkwRe9:YvXKXBIPQlZc0v7ZusG+16Ukee9
MD5:	E97055A5A686AF7BCB54484BB2E9126D
SHA1:	632A9B60EC4E43685C0C2FF64B549D50F9B75365
SHA-256:	7710164303C253F62E186F00A71AE29C890D5963772A0199027107FBC157EE85
SHA-512:	9A985A85C2D8523580CDF9024E4CABF1604FC1A06FDCA5AE8EE496E98E669FE4B99A8D990774ACCF7BFDFE4223C16E3E5D33BB619F0CA0E9E705D12BD4058F74
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.286478413411475
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJfbpatdPeUkwRe9:YvXKXBIPQlZc0v7ZusGVat8Ukee9
MD5:	F87EC62A4FADC08E512078A8047FE71B
SHA1:	10ED347278E458B1ACD64B08D7CC1ACEDC314E81
SHA-256:	118CE8F1D8DC20E91EB103D9C4F4D284C889BD17E8A438D4E60C668BCF19076C
SHA-512:	9F96D44FAE38B6287E167EDD69D6E615F454D8A5D09440F9727A87CD332767F6C8E5449E88B10E43DE5B895EB5C9D6673477763003EA7C4128A3AE53F0E4DA25
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.244285362445385
Encrypted:	false
SSDEEP:	6:YEQXJ2HXBfQGIXQKHVoZcg1vRcR0YOXZR8DoAvJfshHHrPeUkwRe9:YvXKXBIPQlZc0v7ZusGUUUkee9
MD5:	161613D655E2EC7382E1C73C77E2627F
SHA1:	F4C6799E10AB870A32CE3EEB45093F700A467718
SHA-256:	4E4298F1DFE8ADF3E8B7F23E830773D3C64675D1C4C03410DE6C1502FA95093F
SHA-512:	5F494675F36878FE45A69D21FB182EA582CAFF0DA3E90D3E307604F10D5B1EAA715543330067511E38718FD60D42C912E0BA1225E3918A096E99785C93B0E3ED
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.357212073877285
Encrypted:	false
SSDEEP:	12:YvXKXBIPQlZc0v7ZusGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWZQ4:Yv6XB6Qlzv7b168CgEXX5kcIfANhez
MD5:	667D9C5314144A7EE3C910EF21553DFF
SHA1:	F6C28489B7137C29210DFE5CF472361FA1413281
SHA-256:	307142AB28E2A816F7F0059EC082447CC0B3B86C36D8DBC9EDD5BB53C69EC397
SHA-512:	CA8E293D20ACF32C42F79B31E17217ED37068690A1F60C223F704B506147D1F3C2503B609EA48B8E505BF0A26196DB602A85E38783E794D15E43BA5AFDBABE4C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"60998e0e-98a5-452d-802c-cc2fc8289cf3","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1720291625742,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1720115555772}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.112917986970291
Encrypted:	false
SSDEEP:	48:YHIEzBMVD5ECsDa0l9UVMLT+Jdy+VncGMNxCBa9VwjA:yRoeeaT+nmGMiGb
MD5:	B3A7F0F34F232F450385755B5999D32A
SHA1:	E52BA19192CA2725AA5CB476BDCEC688B2F051B8
SHA-256:	F1748FEDC2B51AC89EF4080EAD7421D489F9A9EB0F7E0DB3E38584DA1FA48FC4
SHA-512:	C1880E7FDA766FCDB1AB720471FF3D7B55988E1DC2BCABE5B49DD4B6E8770348382E344F8EF739448512AEFC5CFE4EF80633B2949C02EC77376D1281D9F9FBA7
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cb7e9b155e175eb8ea95b13838963190","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1720115555000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"4325500ec13adbf97516cede302c6dde","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1720115555000},{"id":"Edit_InApp_Aug2020","info":{"dg":"32b76f007894f0e4f4ae39c98dbb3e87","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1720115555000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"336b205aef0b623fa423671e882e3a7a","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1720115555000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"b2e0e3a737a39f704cc247d962c2e579","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1720115555000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"eb6ef4f4af3b30dac9202776d2b27a07","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1720115555000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.18748235404459
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUZSvR9H9vxFGiDIAEkGVvpp:lNVmswUUUUUUUUZ+FGSItd
MD5:	07136C07300696A7B863650952362902
SHA1:	EA27F4107D1F625334CB9DF5D049540AB829A6BF
SHA-256:	FFED483F2C5A06A1B68164EDB14302E97F745C4AC6AF62E61704AE6E980292AA
SHA-512:	B7BFED0B24213A1045DE2EDB1D234560A4502008504828D718FBC8C43682A746D1F245CAC7A89E32E0747BB68805B3FE417D7488C2E1D14595D30B6DF40A01D5
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.607259472494477
Encrypted:	false
SSDEEP:	48:7MMKUUUUUUUUUURvR9H9vxFGiDIAEkGVvsqFl2GL7msZ:7AUUUUUUUUUUVFGSIt6KVmsZ
MD5:	C0E9DDE8F74B12B8FF8ABCB68C74BEA7
SHA1:	3DA83F8A04AEEB1FF575380021E1CEE108E16F48
SHA-256:	3BEED56ACE1E49545A352AE9D91BF15FC614D57402AC58E43EEA423674BFE00A
SHA-512:	43D710228D80B8C97905B1BB9C35EF8EAD35AE00429D7E38E87C29D5A5F208E5210D16FD65675CDCCBBC046A0143242DF98A59FFE5690B5921DD5785F1ADD671
Malicious:	false
Preview:	.... .c.......o.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI24305.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5248044522866877
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K82/aASH:Qw946cPbiOxDlbYnuRK//o
MD5:	774F8FCC99DC61522D633FC148384EF7
SHA1:	66FF86D815747A2FF066FBEB29121D581A2F1829
SHA-256:	F0175B2FDA92794A2E8AD04AC60EC912F3A8B000DE3B4D765BBE9435B9084825
SHA-512:	2BA7882885D39EC26623F55D52D6F01249F1B2E79527FB487CBC0E542C5C0EFCBA49AE9CA27EE9B4D8C0A72754BE3CC3BEC0838803BA62699AFD6BBD68952E65
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.4./.0.7./.2.0.2.4. . .1.3.:.5.2.:.3.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A916fbfnf_oedeph_5u8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	127214
Entropy (8bit):	7.992938944970855
Encrypted:	true
SSDEEP:	3072:uswQeDPMQviqN8xfRmKMPcSnWlG1SS7Zqc6DOR44IxtUsi5:uswtPMMrSx+0SWlG1SSO6cYsi
MD5:	997CE5ED3633E8FF84C2F7D1F0E48E53
SHA1:	D22617BDF6D8DCE13E5FCBE9BDD57A812EE1E237
SHA-256:	E06C221FB5B43F5A25220D326EB501573C2E0CC9FBB31007BF79054B6F613907
SHA-512:	CE187CD9CE4CAC28B91CD0B090A70B15E28BC59BE0CC2A1E58F4257ACBAD5C05B40D7E1ECC8F16B626BC51AFE6817E524A4326F09C3FBA85637285EA1F3291D8
Malicious:	false
Preview:	PK........,C.X...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........>.X..lz............message.xml.]Ys..~...r..S.c...-.K....v.Y.KEK...E.H.......Z(...V.N.... ..p.s....(...$...o..=:.D..A.....w.....#....8..4;nGq.<.}?.>.#?.........,.Bq..G..v08....G.=.i.....~..Q.......4.....h...`............Z... ..~(.X.g.>..;8=...7.x.G.....v.{..^.y}s...#u+.. ...s.$.2.._t...Gyuz....x...&gO..8..$.hp#.W.@..V...x.OW.c.........."S.x...>.Y....L..1..I<..vL.{$......#.i...7X\l....S..^..?.)..9tX..V.=.3qL.a...b.Bv.....X\|..O. y.5u.19...d..}{..q.d..p}......)..l..r.fk..<..v..(..o......-.f_....h..e ......Z....K.;Ka..cB<....:..x.(...v{(..!@.Z...Bg.n.<..PD.".+..0.A..5.Y...x....9.]..........d.2.h......<.j........~.+.g...8r.....].lS.9..RX@.;..........9.....8.A.......?tq....&....0..t..]...aW.....<.....Ka.=XO..C........~.F3.+.b..Y.\.,..Cq6.n..8..b`..b..{.8.......2o.S.J3U.bx;S..L..Y..L.v..LU.g....%..0U.....\...P>...Q..e..p0#yKN.H.Br..Nh r..D..?..Vuh..q)o.D.]#h.M.A

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-07-04 13-52-31-969.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.358787105555081
Encrypted:	false
SSDEEP:	384:A13E42dLe1IalvOWIbWvTxI51GfPJq6CkbrfJRhQxSI8+RqP/gb45+58hKMyVkc+:PUl
MD5:	37DA86B5F7865F5369C4BFE9CA71C2C5
SHA1:	88E61344985386D21484DF9DA1518EDB6CCFD2AC
SHA-256:	2DF9E644D4D3F9B4101D01255E080386496658DA1699B8B6562D0D3638AF6EFC
SHA-512:	E920CF364C0C1B20AD6DC6BE82B8AF2CA4CDA8563626A7C0F4E9576E79F605F44E5E64E89B476ADF0EA09163BDC9D77BC42D8F6CF3E848C9A8D17488C9B6821E
Malicious:	false
Preview:	SessionID=0008b337-755c-4fb3-8b91-6b33e9c287c0.1720115551991 Timestamp=2024-07-04T13:52:31:991-0400 ThreadID=7856 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=0008b337-755c-4fb3-8b91-6b33e9c287c0.1720115551991 Timestamp=2024-07-04T13:52:31:991-0400 ThreadID=7856 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=0008b337-755c-4fb3-8b91-6b33e9c287c0.1720115551991 Timestamp=2024-07-04T13:52:31:991-0400 ThreadID=7856 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=0008b337-755c-4fb3-8b91-6b33e9c287c0.1720115551991 Timestamp=2024-07-04T13:52:31:991-0400 ThreadID=7856 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=0008b337-755c-4fb3-8b91-6b33e9c287c0.1720115551991 Timestamp=2024-07-04T13:52:31:992-0400 ThreadID=7856 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.384878651260736
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rf:T
MD5:	52C4AE33CEBDC952682DA14CED93D596
SHA1:	3512BFB7E9433F7530C1A867C238EC152072D8E3
SHA-256:	496FB4463AD990727DD6B77F4D607D58B93D43DA3A0A3A88E869199CE4A38752
SHA-512:	B94220CD487D872992C278546F74482154CAF748680D364CBBE29307C81B7B2C4D33243B210576A737FDB5F214E2D1675EDCB735CF61EE162D5C91153A853250
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\0d339d7f-5e1b-478f-b4f1-def733ba3829.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\762810f4-f16e-4c3c-ba13-45268d4fbfb6.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\db04e0f9-683a-4666-8a43-ecb4abcdc805.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\e8fd05f1-373e-4de3-be20-681d0fc31256.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	85893
Entropy (8bit):	6.4285188239971465
Encrypted:	false
SSDEEP:	1536:Lh3s60i02RwxwFnZNt0zfIagnbSLDII+DY:LVs/i0C4IZN+gbE8pDY
MD5:	B7A9A5A223B9DCE0E7D10E2B32A0BA07
SHA1:	FFB925FA80873CF50D8CB6DA530BA8CD7F0D9922
SHA-256:	4EF52E63D45F5230C47DBD3764AA90768F708B24885579375724473BB3FFB255
SHA-512:	A46488535961F26B7E41E1BA98E2015627917366BE08B172B0A5377E5A4EC1C0BD14F1A4E2473B5831A7538B3554E818FE3349DA42C0F40E03B3474EC77532F4
Malicious:	false
Preview:	0..O.0..Mg...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240403114831Z..240410114831Z0..L.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!......S....fNj'.wy..210602000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.5099882082938105
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRmyOFfBS9i7u8meIHKbw2O9TrU/Y/QmpFlT1xaOu8OAbsHqvNDVk:y2GWnSmyOtci7umNbQ9TrUw/QmxT1xsD
MD5:	152F65AAA856C44E87C8ED561AE43C0F
SHA1:	B6440383DBC4D3446E91CBB58EEB8C8BD6671F50
SHA-256:	48AC59FC9FA38016B6D5A4CB5D89A2C0CABCD8A0404AF29FBE995B4AA647A292
SHA-512:	106287A2EA36511D229E6991638D99B796B24B05D4BC8AE75BE5E9B79EA7A324330A26B3B4028FC4A8523FB82D7E3F9A793AE0E9C1F377939956C5667E44381E
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240401194722Z..240422194722Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H............._..T...?..G).L/..K..5...3.j(..G.D0...>...bH.p.O{..Y....^.]I.G......~r.Ye...Sy.....X...1........8'../...O...P;QO.-O.BUq......1s..(,....v....L.q..H.6j %..R.p..H..).;vt.....6...r]/.....4.%....G....J..3Y.....d....N....tu...q....2.wm..$...d...w...G?..h.?.+E...$d.........80X45[...A.7,.....s`...sS.g.]...].i...y].bu.U.......AP....T.d!...eB.`...u.....Z....&.....*$mY..q7.;.5..s..x.$.._..5.W..F?p@.+Ud-...&'...po$..4R7L.`.g.......J...........h...M(./>)..;.g....B..F.?>...Q{%.i.....!lm\|\|..cxb..

Static File Info

General

File type:	PDF document, version 1.4, 2 pages
Entropy (8bit):	7.919029579481131
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	letter_Request in criminal matter no 23233051091.pdf
File size:	108'906 bytes
MD5:	02cf359bd3267133e2d5ea76f264eb31
SHA1:	230c1593e7f76fc0e05be2c18e7f5579fc373d43
SHA256:	71ad13ec19dc09f68b2f13ef02ef5462a6ad461ef0417b6bec1267479d0fdf71
SHA512:	1e0bc4ac59939d9a4c0b260ab6f9ab433ec6e7657962303b6b7dea9d626cb3d3e381229d1725cc445c92186d88f6dc4d64bf4ed106014c598e0ee0f16cf0f90c
SSDEEP:	3072:Y/PlBNIMu3DZjpudXUApi78ov3MzsscaLuFQi:Y/ADZQdTpofMzRcaaOi
TLSH:	2AB3F160965E1489D89096F42AC27A8ACCAD74475ECE3CD2783C8D9D3F01FF0BE65B85
File Content Preview:	%PDF-1.4.%......1 0 obj.<< /Type /Catalog./Pages 2 0 R./Metadata 33 0 R./OutputIntents [35 0 R].>>.endobj..2 0 obj.<< /Type /Pages./Kids [4 0 R 19 0 R]./Count 2.>>.endobj..3 0 obj.<< /ProcSet [/PDF /Text /ImageB /ImageC /ImageI]./XObject << /XIPLAYER0 6 0

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.919030
Total Bytes:	108906
Stream Entropy:	7.947184
Stream Bytes:	102324
Entropy outside Streams:	5.225697
Bytes outside Streams:	6582
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	35
endobj	35
stream	23
endstream	23
xref	1
trailer	1
startxref	1
/Page	2
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	16
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7488, Parent PID: 2580

General

Target ID:	0
Start time:	13:52:28
Start date:	04/07/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\letter_Request in criminal matter no 23233051091.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7676, Parent PID: 7488

General

Target ID:	1
Start time:	13:52:29
Start date:	04/07/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7864, Parent PID: 7676

General

Target ID:	3
Start time:	13:52:29
Start date:	04/07/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1736,i,16326239885150777202,8947239153147788887,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report letter_Request in criminal matter no 23233051091.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\cd7e82b2-5389-49b1-9412-ee040d0300aa.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240704175233Z-152.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7568

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Windows Analysis Report
letter_Request in criminal matter no 23233051091.pdf