Edit tour

Windows Analysis Report
Trialog 28.11.pdf

Overview

General Information

Sample name:	Trialog 28.11.pdf
Analysis ID:	1579405
MD5:	6954e94ea779383b5c7a3274d652f5db
SHA1:	8c2be521875d64e64432b3e1b1e51a6057a6fe6c
SHA256:	92083136652655590249c43efa3a84b8378971982353b93ffadde232c73a055b
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7508 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Trialog 28.11.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7692 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7872 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1664,i,17986111413712263075,3581551862786602674,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean0.winPDF@14/51@1/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-22 01-20-41-487.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Trialog 28.11.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1664,i,17986111413712263075,3581551862786602674,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1664,i,17986111413712263075,3581551862786602674,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Trialog 28.11.pdf	Initial sample: PDF keyword /JS count = 0
Source: Trialog 28.11.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Trialog 28.11.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Trialog 28.11.pdf

Initial sample: PDF keyword obj count = 148

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Trialog 28.11.pdf	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.58.101	true	false		high
x1.i.lencr.org	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.1.dr	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1579405
Start date and time:	2024-12-22 07:19:39 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 0s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Trialog 28.11.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/51@1/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.30.16.138, 23.32.238.130, 2.19.198.75, 52.6.155.20, 3.219.243.226, 3.233.129.217, 52.22.41.97, 162.159.61.3, 172.64.41.3, 23.195.39.65, 217.20.58.101, 184.30.17.174, 23.47.168.24, 20.109.210.53, 13.107.246.63
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
01:20:53	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Input	Output
URL: PDF document Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "TRIALOG - CLINIC", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: PDF document Model: Joe Sandbox AI	{ "brands": "unknown" }

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	uDTW3VjJJT.exe	Get hash	malicious	LummaC, Stealc	Browse	217.20.58.99
	data.exe	Get hash	malicious	Unknown	Browse	217.20.58.99
	4hSuRTwnWJ.dll	Get hash	malicious	Unknown	Browse	217.20.58.100
	YinLHGpoX4.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	217.20.58.99
	gCXzb0K8Ci.ps1	Get hash	malicious	Unknown	Browse	217.20.58.99
	H2PspQWoHE.ps1	Get hash	malicious	Unknown	Browse	84.201.212.68
	H6epOhxoPY.ps1	Get hash	malicious	Unknown	Browse	217.20.58.100
	KcKtHBkskI.ps1	Get hash	malicious	Unknown	Browse	217.20.58.100
	1M1QoJF40r.ps1	Get hash	malicious	Unknown	Browse	84.201.211.18
	v4BET4inNV.vbs	Get hash	malicious	GuLoader	Browse	217.20.58.101

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.1506500752212725
Encrypted:	false
SSDEEP:	6:Pq2Pwkn2nKuAl9OmbnIFUt8omZZmw+omzkwOwkn2nKuAl9OmbjLJ:PvYfHAahFUt8omZ/+omz5JfHAaSJ
MD5:	375D6918766FD015A58DD5A0058FF777
SHA1:	361DB8802DCC04AD152A2689DD574AC34F6E04C0
SHA-256:	5CF02B7F0EA0C31307655FDF81FFF1493C4A687A5D7851A0FD312C5B43352974
SHA-512:	2D1CD62DAC95ADBFBFDCF4F5CA93F5EA9889F83F4E076E7F69E83EBED6941DFA0F9C5410AF2A293D75780FC5A59FB232B7B6DF439B7EE26734FB8F64277A45E2
Malicious:	false
Reputation:	low
Preview:	2024/12/22-01:20:39.100 1e74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/22-01:20:39.108 1e74 Recovering log #3.2024/12/22-01:20:39.108 1e74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.1506500752212725
Encrypted:	false
SSDEEP:	6:Pq2Pwkn2nKuAl9OmbnIFUt8omZZmw+omzkwOwkn2nKuAl9OmbjLJ:PvYfHAahFUt8omZ/+omz5JfHAaSJ
MD5:	375D6918766FD015A58DD5A0058FF777
SHA1:	361DB8802DCC04AD152A2689DD574AC34F6E04C0
SHA-256:	5CF02B7F0EA0C31307655FDF81FFF1493C4A687A5D7851A0FD312C5B43352974
SHA-512:	2D1CD62DAC95ADBFBFDCF4F5CA93F5EA9889F83F4E076E7F69E83EBED6941DFA0F9C5410AF2A293D75780FC5A59FB232B7B6DF439B7EE26734FB8F64277A45E2
Malicious:	false
Reputation:	low
Preview:	2024/12/22-01:20:39.100 1e74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/22-01:20:39.108 1e74 Recovering log #3.2024/12/22-01:20:39.108 1e74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.152929131412204
Encrypted:	false
SSDEEP:	6:kG+q2Pwkn2nKuAl9Ombzo2jMGIFUt8DcZZmw+DcNVkwOwkn2nKuAl9Ombzo2jMmd:kHvYfHAa8uFUt8DcZ/+Dcz5JfHAa8RJ
MD5:	DC27511183DCEA3C155ECF8E497B3E1E
SHA1:	34A52A3B19BCEEA043E8F202EB049E416B8583E5
SHA-256:	DA0A7B9C5FECFD4887BE9C96D19D24E3640FF6919788C864DCE75861D6079458
SHA-512:	259A25FD78B48C867117CF5DF07F049B2DF0FE988B31D5A1D025C627FA64FB6837A4DF40B1987852B094D5603DEAA5E179C12A516BE463819ACBBB6BB1DB4CF8
Malicious:	false
Reputation:	low
Preview:	2024/12/22-01:20:39.113 1ef8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/22-01:20:39.115 1ef8 Recovering log #3.2024/12/22-01:20:39.115 1ef8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.152929131412204
Encrypted:	false
SSDEEP:	6:kG+q2Pwkn2nKuAl9Ombzo2jMGIFUt8DcZZmw+DcNVkwOwkn2nKuAl9Ombzo2jMmd:kHvYfHAa8uFUt8DcZ/+Dcz5JfHAa8RJ
MD5:	DC27511183DCEA3C155ECF8E497B3E1E
SHA1:	34A52A3B19BCEEA043E8F202EB049E416B8583E5
SHA-256:	DA0A7B9C5FECFD4887BE9C96D19D24E3640FF6919788C864DCE75861D6079458
SHA-512:	259A25FD78B48C867117CF5DF07F049B2DF0FE988B31D5A1D025C627FA64FB6837A4DF40B1987852B094D5603DEAA5E179C12A516BE463819ACBBB6BB1DB4CF8
Malicious:	false
Reputation:	low
Preview:	2024/12/22-01:20:39.113 1ef8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/22-01:20:39.115 1ef8 Recovering log #3.2024/12/22-01:20:39.115 1ef8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\723712ed-7dd0-469a-a928-7ccb345c4972.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.971316048517525
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq32sBdOg2H9jAcaq3QYiubInP7E4TX:Y2sRds8bdMHhr3QYhbG7n7
MD5:	876E29ED1155AD270C65259ECAC84E82
SHA1:	21E5F36F5A8242779AAD826F33CB40D1F9DA832A
SHA-256:	F0FAE3D5F96CD6B2D979AC043E6F462A251AC966536776BF200BAC2B97A119D4
SHA-512:	4F8B83303C2A80E0CB4640BC22252428774094F180A86240EA28BDEDED533F2C0D1BA8C8D87DABCC03C1E6F7692EA67A7C3974157C7FDBC6D6538F5A940F8E18
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379408451524242","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":630869},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7a6c4464-d314-4dd4-a942-eb2f25e3970d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6ce1d7.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.251012134609116
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7lfGluB8fllu6kZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gob
MD5:	9D566A59CD3122682B3D235D015628CC
SHA1:	07C2A37EAF3067896321844A6E9FF2621223668F
SHA-256:	5CA9F22B626C6745F9C8817BD7FE7C23E957DE6B82F5206365E3D1F08B698509
SHA-512:	E8223581F1CD0F1717B4064E9E411934A8000B9878B3AA7B3AA2DF86AB0225E8AFBF06869D6A5ED5887F2F45BC3D9147F35D09F8C133F05CB04DF8FE87E1E19A
Malicious:	false
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.19740897261888
Encrypted:	false
SSDEEP:	6:HB3+q2Pwkn2nKuAl9OmbzNMxIFUt8i+ZZmw+i+NVkwOwkn2nKuAl9OmbzNMFLJ:8vYfHAa8jFUt8vZ/+vz5JfHAa84J
MD5:	63F932E69D990B0C33A5062102CE1598
SHA1:	55F3BC5BABCB9279491D16AC046E14141986FC34
SHA-256:	C55E0FA704B394F46D70F38F815699F2AC7CDD783F18E26A74963052141DBC77
SHA-512:	253BDEA56D1536931046096124674B5FD818C45C32D3867D75504CC778229972EEF8953522AD5291EAA0D0867E82284842864E7E1C9090F7375BE3C3249FD43A
Malicious:	false
Preview:	2024/12/22-01:20:39.364 1ef8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/22-01:20:39.365 1ef8 Recovering log #3.2024/12/22-01:20:39.365 1ef8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.19740897261888
Encrypted:	false
SSDEEP:	6:HB3+q2Pwkn2nKuAl9OmbzNMxIFUt8i+ZZmw+i+NVkwOwkn2nKuAl9OmbzNMFLJ:8vYfHAa8jFUt8vZ/+vz5JfHAa84J
MD5:	63F932E69D990B0C33A5062102CE1598
SHA1:	55F3BC5BABCB9279491D16AC046E14141986FC34
SHA-256:	C55E0FA704B394F46D70F38F815699F2AC7CDD783F18E26A74963052141DBC77
SHA-512:	253BDEA56D1536931046096124674B5FD818C45C32D3867D75504CC778229972EEF8953522AD5291EAA0D0867E82284842864E7E1C9090F7375BE3C3249FD43A
Malicious:	false
Preview:	2024/12/22-01:20:39.364 1ef8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/22-01:20:39.365 1ef8 Recovering log #3.2024/12/22-01:20:39.365 1ef8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241222062043Z-162.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.5869850735967514
Encrypted:	false
SSDEEP:	192:6KJgWHJHwd95yOo5iwamEPafaAcwvzGHmcgz19UE:JyWHJH65yvZapPaJvzGGcgz19d
MD5:	9C91C4FC7D08D592856E9ACF81DD3FEB
SHA1:	4DD4EC417521D428657BF6B24BD0447F54C586BC
SHA-256:	FA42F3FF3145673BFA1DB4BA9FB2AF0E709F914B76386E07F770FEF3F104D95E
SHA-512:	C82EEE7AF4E2262C683D9276DB23DEC07DF0AB5BEA47E2F3AF22C4A2FD4A98A1BB96030C4CB092532DDE53FD555F9DBACDA8FE1CA5BAD99647FD048EC1AAE4F8
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.444732533618338
Encrypted:	false
SSDEEP:	384:yezci5tmiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rps3OazzU89UTTgUL
MD5:	C6F15E00910A8D1C97178048ABF12976
SHA1:	D36E73B87728AD278450551E1ACE88F2EEA09558
SHA-256:	6DAD9A01E4B3E799939116773241D82C7F7A43DC869F766925CDCDDF2922477D
SHA-512:	C49217F0E3F53BF2761E1785B62698D16F903905343A2A551C9547222489E3A163A72113A24604FAD406EBEAA2F543A62934048AD71174EEE654E50C3007BF77
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7706473555766635
Encrypted:	false
SSDEEP:	48:7MKp/E2ioyVcioy9oWoy1Cwoy1ZKOioy1noy1AYoy1Wioy1hioybioyyoy1noy1T:7xpjucFIXKQ3ob9IVXEBodRBk+
MD5:	DFA722E0C5BE5F903136B76D38A5DB38
SHA1:	A6C8644F3A628B7315661E64A5C954FF764207AD
SHA-256:	0ABA8AA15E4A4A85928B0DF619A70BBA953D79E2368830E48E81AAB048357046
SHA-512:	8C1B571226AEDB2D24B74037E94938D950C421525C7FEE1E99B1F9AFD94066218CB8D0D246FDFA85A5AD435F9F9F13C03E6E2497EA67F05A63D1BF7D42C29002
Malicious:	false
Preview:	.... .c.....).c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.775162490582081
Encrypted:	false
SSDEEP:	3:kkFklXL1fllXlE/HT8kmljNNX8RolJuRdxLlGB9lQRYwpDdt:kKFT8v3NMa8RdWBwRd
MD5:	7EDF3C10DF8AD61F2EFC1FFFA9B7BEE8
SHA1:	551E916783942C8EA74C2A6704020CD250EF810D
SHA-256:	65DC53601C2D9800088A76DECE4006FE459820759F4117A7B0D4E09547F3C60F
SHA-512:	3EBE2DB31C68A81E157322B1FD75F4AE0A8891E87D48A4B40981B2AF5F79530E336381A9AD15B50DD0D7C95BD3A2354AA775D645C68E69B5ABB00A60DF5775E0
Malicious:	false
Preview:	p...... ..........j.9T..(....................................................... ..........W.....4..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.126098383860742
Encrypted:	false
SSDEEP:	6:kKE9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:vDnLNkPlE99SNxAhUe/3
MD5:	34FDA3F35716296E5B814314F47E3ACA
SHA1:	00866B4E78D50C08EEABE9ACF028EA3D8A69A6FF
SHA-256:	496609E160E2B5E98B72AC54B53534882F5A2A682BB266D216B2079FE1302E96
SHA-512:	00005DB9A4E9F6F0799CB6D4489CD164AF72C74198F6BB2F1BAC36F3A6C9EE6A916F04D083FF4C08E7B59C7252D58F1D1CB31223DA9FBC15D488DF3825814271
Malicious:	false
Preview:	p...... .........3s.9T..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7600

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	10880
Entropy (8bit):	5.214360287289079
Encrypted:	false
SSDEEP:	192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
MD5:	B60EE534029885BD6DECA42D1263BDC0
SHA1:	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:	52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7600

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	10880
Entropy (8bit):	5.214360287289079
Encrypted:	false
SSDEEP:	192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
MD5:	B60EE534029885BD6DECA42D1263BDC0
SHA1:	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:	52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.374606517612007
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJM3g98kUwPeUkwRe9:YvXKXk9SZc0vSnGMbLUkee9
MD5:	44442045A7DF5FEE21D93AFD2050E3CF
SHA1:	6C985B345F91C4B69A6A2DB48D5C7D993BACD5D5
SHA-256:	EEC26EF4604CF39D98D26DB1C2183B6C6E06558629E33D698DF46157A6E6E56C
SHA-512:	BEECDD60AAFDC87F37D7DAC6FB6072EBC06EBC19C74521A2DB5C75706E152DE7EB9ABF417B1564FA8440757B227650DF076760F5EACF9EDE9AD4F6E2E18804C2
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.324312892761136
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJfBoTfXpnrPeUkwRe9:YvXKXk9SZc0vSnGWTfXcUkee9
MD5:	C550573CE1D4261D1CB7B12688CC4993
SHA1:	3397E5C3C74643B7872319FF11B14ED2B65A6B9A
SHA-256:	7F02F138049C32D6AD6FB6A282FABA985D557A7A5C24C50C9842EA97F992903F
SHA-512:	95FFDA9EC9177E57DAF54C5655835E12AE2F01BF25CC2B17A03E9824FF2D0DC20BC602F209C749D764A885E969FF13535BF89F95D94B2137E1AF23D432A410E5
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3028612092871406
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJfBD2G6UpnrPeUkwRe9:YvXKXk9SZc0vSnGR22cUkee9
MD5:	6982C1122AB49DDF59541B6B6CA590A7
SHA1:	CAE5A1F1055F45CB84310EEB7376AF2B2ABB8F9B
SHA-256:	FFE4F3FBA6AA7094FDAFD063B9D618F988A542A3CF175EC1F98DA4B5EA17C333
SHA-512:	8F987CFBA2D1D18785036E3FC96F7D119CD7A7E3FA9FCAC074AB44F14076BCA45856269FA0B18364B520DF95B4F76C9C157C23EE3D7996D25F6464B5EC74995C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.3620115196420715
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJfPmwrPeUkwRe9:YvXKXk9SZc0vSnGH56Ukee9
MD5:	8A706F2AF1365D329D86B5FE405E7569
SHA1:	2BE75339F292C0B21BBCC42B64B2F879D4EA620B
SHA-256:	6F38D6840701DBCAE5061F532358AA711687198A99CA4EC6D98F54E8666D9602
SHA-512:	1E028ED43C911BD202B5E0A66D10D2C7D9BA830A86400FAD9CB9ED437550CC15DA1B49359C01DA057DF47B16BD9C43D98EB856566A125473447153F63C7A00CF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1123
Entropy (8bit):	5.688889678339156
Encrypted:	false
SSDEEP:	24:Yv6Xk9SzvSspLgE9cQx8LennAvzBvkn0RCmK8czOCCSMr:YvNKDhgy6SAFv5Ah8cv/A
MD5:	ECA0660FC11C58A0916F6CDD6180B9D9
SHA1:	D0971663E7008F1DE4F550DEA0FA889642233B1B
SHA-256:	1EF7DD388BBBA2498CED888DD5B846260387AE1E91CEDBCECD028A2A23661379
SHA-512:	DAECCB3017CF50B9F109B4A0C5DF554027D7C552320E3F2BBDC3FA02BFA22B4E4A069CC74162368F3500DAD1A1E7BF5594CC0256419541E71287A9A8F82108FD
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.307597819131288
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJf8dPeUkwRe9:YvXKXk9SZc0vSnGU8Ukee9
MD5:	D6ED1DD034AA8E10934E9ED358A9AAC3
SHA1:	F81994AFC024733F850C25133BFDAB74542C3F25
SHA-256:	0F1FD89A60238869F0D6066A6FB8187DB2A3606C3C222695A54D6F4C96183621
SHA-512:	422EA96A934B7837ABF7B4CF822CA26728C0432BBB0FBEAC8E17CD8427499CF2D7E0E5FD7AD465B8933D4F2C15217FB20D5188B34785718D2C3EE02C3D66B796
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.3114203949700265
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJfQ1rPeUkwRe9:YvXKXk9SZc0vSnGY16Ukee9
MD5:	CBFC4F80E97FAB7031A8EF668415102D
SHA1:	E57BE82171C275209C5BBDA3369CF83851633C45
SHA-256:	1D90B9159F3DF28099620942651522F675080C8E691C7805E916A67D5BCF19B2
SHA-512:	DD5A9562AB8782F3D2D333506EBEAB350F93E6871522139CD00EE8146C4D57FA15CECC680AE24D4972FD684A48EFBC79966AFC9A91AE379C3990EE10CF20A9A6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.316900903188698
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJfFldPeUkwRe9:YvXKXk9SZc0vSnGz8Ukee9
MD5:	88525E89F9EAFC657D2A6F74AC9B2CE3
SHA1:	03910928994016C1BD0935E2A7A09999F6576BC1
SHA-256:	D56AD3DB3F68F21E62E0DA9D19F25FEBF404E905ADEB4462B3C38151676F4D7A
SHA-512:	CA663A9E115556AA274DDA98C314D57007ED7A31EE4FF4B568624434E25471616A9B9772D0F9069B2D79B5FE5443D3A765C59FF7DA052FD01045DE9254AF4F26
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.332962429035274
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJfzdPeUkwRe9:YvXKXk9SZc0vSnGb8Ukee9
MD5:	1BEDF4CCD75AD4C66EC9420DBE44D76E
SHA1:	E2603812AD011C160422BA9EE90240FDB1438172
SHA-256:	8142C0368F0292D7E40997A99F6E9A27C32EA421F4E8CA4192B3AB3147C970DA
SHA-512:	D9C17A1472EB3AB4992482B6E6A13C0D5BBF654A8897EC5344465CBEFE88F3873EF6A83C5CCDD6F0E6878FAC3668A6763336DADD661151F4D08D514A0AE372F8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.313888500005157
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJfYdPeUkwRe9:YvXKXk9SZc0vSnGg8Ukee9
MD5:	659960CE729884DDBD4BA8AEFBAA8781
SHA1:	82A45DCBFADB8921C505775970312DAEE0B283FF
SHA-256:	E209B0AEED0EFF2B331ACA9E3E9762E9423A8762BC266C5E50304EFB3CF56B3A
SHA-512:	54399D3C56A2AC34C40D10E8E0B9A1239C7FD19E2F6E4D1DBFDEE4CE0CEA33E2CA83D3DACFE0A3EB0BAA7938BEBB4390D7E2DD83498FCE3E42AEA7B0EEB6C242
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.300482379600832
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJf+dPeUkwRe9:YvXKXk9SZc0vSnG28Ukee9
MD5:	8751FD0D095FEA730FCE5007BA2338CE
SHA1:	CE9C3AF4DB11401FB4EE74B83865401AC9267F84
SHA-256:	4C52883621600721748966345093F744A3C2AF9A0BDB2F9A9970F2CFBF0CD5FA
SHA-512:	F4CB52145434EBFB3C3BCEDCF3A00BFA1408DAD831D5921E6A35BFD96CC78AFFEEB70827641239525DDB8F5D9831A470351D495CBF1081A23CFB5EC214FB095E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.297340144070738
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJfbPtdPeUkwRe9:YvXKXk9SZc0vSnGDV8Ukee9
MD5:	4434C106A7B895DD3B0890215936A013
SHA1:	0684D5D239ED7E32751D9663A16CA77A6F6F5809
SHA-256:	E09F7B59D64B6BD2B19A892C5B9CDF76633A691317DCE7855D97ECB3A967D9CD
SHA-512:	B02C165E1B676387BE96251923667FAFE7FDA438D567439B6C9B8866F690F41FDA666DC91E8121041DB0D2E969EE0514E7D1D3219B7A9FE88ADB0895697FFF42
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.302183834287406
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJf21rPeUkwRe9:YvXKXk9SZc0vSnG+16Ukee9
MD5:	B88AA90CC69DD9229FDAC036AF0103D3
SHA1:	70F40C748F34B7110FABEC85AEC82C7B000CEE87
SHA-256:	63BB3894963E46840BDF081CA2C685C28BF6E549A237535FBCF2BEC07EA669EC
SHA-512:	E885B7599EBCC01A90C1E7B59C6DFA4181CDC8327B66AFEDC1B3C55B7CF1F837D9845E3C19E4DD4726AB3B457278A0A42EFD73F9CE36BC0AF1A281A944925415
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	5.668286991874669
Encrypted:	false
SSDEEP:	24:Yv6Xk9SzvSYamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSMr:YvNKjBgkDMUJUAh8cvMA
MD5:	9DD3A4006B673B458707F99FA8BC3FAC
SHA1:	3EFAFDA3BF9BEF6CD60CE1AA363C9A8B9717C2F9
SHA-256:	27318311525EFA9942B9B376D7A3C8DE75C863428E48904DB0FFFC6841BB1B64
SHA-512:	DE2F2A77172423B56D985244BE69C3553D820C7213E20A7B05B8EFB626265EA154AEACBBC616FFB47903C51936A37C7C8EA7454C694CE1F242FAC29659AB6397
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.277874079862258
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJfshHHrPeUkwRe9:YvXKXk9SZc0vSnGUUUkee9
MD5:	C965D7D23AB2FDDEFE52BC65B65DCE30
SHA1:	E1C39DF815D7C8A97F080FF52FBC2FC3C7A806A8
SHA-256:	9C44DF67DE26AE3CAB9BF807C8FD7544B00710E5E49D5F12E99FFAB7AB00DEEA
SHA-512:	C0E5477143ABD84C39A093D713331D1DBF81B9B1B2C44EA76036C678FF4922225813DB0A7901739D014CA4D7E57D39692EFE91F2B7657517333520221ED4659F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.288378224813213
Encrypted:	false
SSDEEP:	6:YEQXJ2HXStl97VoZcg1vRcR0YFUoAvJTqgFCrPeUkwRe9:YvXKXk9SZc0vSnGTq16Ukee9
MD5:	2326F2E72F602819A345D68159A5FD96
SHA1:	FCE62F16CFC1A842C3CB8A983636CFF66A29FB47
SHA-256:	6DCE6D6D6B9D6E594FC125F5EE501C314B413740E0AFCBADB00880431DEE26AD
SHA-512:	CC913A0489CF71CAD8B32C09AE87A166D330242C1A200696579B17E56BC8E90C8D38FFAAD52ABE0AE3A79174CC6F80F14629542CBB9A448603C490644C88DC7B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"bbad5854-9f7b-435a-947c-ee6892d41c92","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735026063837,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.1339885586542655
Encrypted:	false
SSDEEP:	48:YxXXcZ+60OPZ65ujd1zrg39SBTth90JTbnDEWS9zQcH:d8SB6+g7Tck8
MD5:	AD2DC414F562B31496663BD53BD994C2
SHA1:	5CA65BAF72760C24F0E081E92B1A8E96CF1FD0CD
SHA-256:	EF4F5DF6F1C413A0012791482093CD7AD2734F853F815661AC3DDBCE3AB1C771
SHA-512:	72F5928106FA7538BCB933BE5421F1956D96AA15F5481C6C51E0ECF24DEDB8B3CF3182517B00AC357CEBE4A7FCE9AE2FCB3E4368C13E3F98F701D9132DD58004
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"b2f6503de47f250a90b71bd1c681ec2b","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734848448000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e1eeca8d1a2a52d8927206c79aa4ce76","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734848448000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"ba740b9bf4e5338bbbb64f24cbba65c4","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734848447000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"4a033d509a77aa8f9256958f86c21bcf","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734848447000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"85073d75e6717eee6ef8d48f48a8912f","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734848447000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"85b120ddc1802a990b278111ffe13664","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1883409699465872
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUhSvR9H9vxFGiDIAEkGVvpR:lNVmswUUUUUUUUh+FGSItF
MD5:	92E9BC855AFB2A65B4DBE6E7826B00BE
SHA1:	B170E46632B3327D248ED3C2C48A6A0208DD895C
SHA-256:	A43294C49EAC285076C87D6CC859A1FEDD4E143CE36F47422DB06AF0ECECEFF7
SHA-512:	055F790F70515989CC73746F4DEFDE3F7FC941EB7616A3251D79A4C90730AEE3BB016B4E21DDD7D96433C1DC1B695E31FE691A0E9BEB32888D289605F7F848FC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6086006904027825
Encrypted:	false
SSDEEP:	48:7MS/CKUUUUUUUUUUpvR9H9vxFGiDIAEkGVv+qFl2GL7msh:7jxUUUUUUUUUUNFGSIt0KVmsh
MD5:	867B1D7240A3D29F95D18468D69E04FF
SHA1:	EA4CCD7C1E5E35565748EC07283E9C9CC282D269
SHA-256:	1414E3DF2102F558C95E4C101AD066A01BFDEFD8CB5F4256A42ED05042693E11
SHA-512:	D43BC2EB8093A381CFAD604BFBE0199E471312BFAAF3DDE671614CD2D66940597A0307C990623055C713DB031C8A0C705857F6A3EE8A39618693A9C7578528A7
Malicious:	false
Preview:	.... .c........O......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	66726
Entropy (8bit):	5.392739213842091
Encrypted:	false
SSDEEP:	768:RNOpblrU6TBH44ADKZEgTxviNH+UhwssKpzlzhqG07tqQBDPYyu:6a6TZ44ADETxaBBzUG07sQBDPK
MD5:	82E279182AB27A74ADD1843A96181D6F
SHA1:	FA87BEB97C3427C4AFBF08A3F1359C97AAE4BA45
SHA-256:	B3CFE023965014680944C042EF9EB28C8B3092AFD12948B97C3922805E2F86E7
SHA-512:	F22EE47250D318B1751483B9EBE958A53F40E9FC90FB40760A18BF9CA36C4254B2B489E8DDE0C5A13A40661D30782D1D969D45B774BDBB3C6C8B81DACEC51E60
Malicious:	false
Preview:	4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Temp\MSIca50c.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.4917080724083283
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+iue:Qw946cPbiOxDlbYnuRKA
MD5:	0466FA92F0769DF5C0C769131777DFED
SHA1:	FBDFE683BB178A4CF6F1C8E9CC5EBFD52A9735FC
SHA-256:	CA750B434F5A80C64EB2F3212FEEABE9B92421643FCE3A2ED3104AEAC301DE27
SHA-512:	C04BF61B1CD85AE6288AFB147AECBC031D9D273584B0DF3468A18D1A7864B9AF1953A79EBD831F83071FDB36FADF2E7965132956A8A21EBFD12AFD5FCA1C1CCB
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.2./.1.2./.2.0.2.4. . .0.1.:.2.0.:.4.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-22 01-20-41-487.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16581
Entropy (8bit):	5.319084775600658
Encrypted:	false
SSDEEP:	384:u/DGDz6w8et876VoJ/ETxLod92VILQwCs3QkyaKABrJQSWUIOXYYeTenSkCSItFa:TO5h
MD5:	B7DE6B36E606FE2A592E49B796B0D74D
SHA1:	A87247CC1C8E516067A8A26533239FAFAD0E95AA
SHA-256:	35F77BC9840AC0573727DFC0A17FA1105918B5427A748E3D40C27584A31E9185
SHA-512:	A8E603DDB81B2035D55F1A79B42FD5B7B0461DF228FB156DF46D521BB17AA145A7B83277BD9D4DE7824AD0FF76D74F00125FF9896971B9B6278ABFC6EC8F8296
Malicious:	false
Preview:	SessionID=abbee189-93b9-4c20-a2ac-1a2c5a7785c2.1734848441513 Timestamp=2024-12-22T01:20:41:513-0500 ThreadID=980 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=abbee189-93b9-4c20-a2ac-1a2c5a7785c2.1734848441513 Timestamp=2024-12-22T01:20:41:536-0500 ThreadID=980 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=abbee189-93b9-4c20-a2ac-1a2c5a7785c2.1734848441513 Timestamp=2024-12-22T01:20:41:536-0500 ThreadID=980 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=abbee189-93b9-4c20-a2ac-1a2c5a7785c2.1734848441513 Timestamp=2024-12-22T01:20:41:536-0500 ThreadID=980 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=abbee189-93b9-4c20-a2ac-1a2c5a7785c2.1734848441513 Timestamp=2024-12-22T01:20:41:536-0500 ThreadID=980 Component=ngl-lib_NglAppLib Description="SetConfig: N

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.378564690092025
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r4:8
MD5:	8CAD41F504FD66BE729238A7CF6F115F
SHA1:	1A3C4EF64B02713321538F75CE2C8AD1F2F34AC0
SHA-256:	4EEC97A4483A79BF862BC2A1436B6635B2A2F17980F735636BBF40C9ED9AD627
SHA-512:	913432CCEE0B2295B87435996BDFC98DD6369E28E78751F7E544616F933146CF7A51BA533A3020674B485FF2DDCE657F98D648AA1E2E1D9B24B85BBB4F1E26C7
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\2c3d3169-29ca-4b39-9c51-19d7ce7a4a22.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\39f52eac-5153-4977-84dc-654adb6c388d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\cf25cb5a-872e-4b99-8194-b168ccbaeed7.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\f6395958-3254-43fc-959a-aee1373e0bc1.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/9wYIGNPQmeWL07oXGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:lwZG2XWLxXGZN3mlind9i4ufFXpAXkru
MD5:	CDB0A9F62FD4871F0603FBBF1FE6BD06
SHA1:	C972A2B8E6E7CD72A156C1EAB8F5F31E76A7DA24
SHA-256:	85BD3F2168D078DFF0ECEB670C3DC651E8797522C6A2921EC478EAD5A09E415F
SHA-512:	7FC3B110A45F9D518FEA45930B73F196FEE7DF472A17FB2CBB19A3BCBF5C78D439F68E2C615D8DACD5821EF60C1447112FB86431D768E28D9F08457563011F28
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.688716860449142
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Trialog 28.11.pdf
File size:	71'418 bytes
MD5:	6954e94ea779383b5c7a3274d652f5db
SHA1:	8c2be521875d64e64432b3e1b1e51a6057a6fe6c
SHA256:	92083136652655590249c43efa3a84b8378971982353b93ffadde232c73a055b
SHA512:	640cbd23653d4189adeb9fc4ef57a2d14ec354d8b69f497768042cf6699f5634e0be92be35a2c9b693636a8b5629b7676541d4a4fd80afc4589e69a435fca7be
SSDEEP:	768:PK9iWNj6bxFTWPIlNye+A+wgNPvGAA8C3dNU2f7o2BJ3dBBV4/pHo6a26fufbb9d:PQp+nyPMEt7gkig3n0sed+/CU8djYRkw
TLSH:	76635B74F89EECCCFC86C64DC67E345E5A9CB11B6ACD3484012D0B29F1426C5BB562AB
File Content Preview:	%PDF-1.4.%.....1 0 obj.<</Title <FEFF05EA05E005D505E205D505EA002005D005D705E805D505E005D505EA>./Creator (Mozilla/5.0 $Windows NT 10.0; Win64; x64$ AppleWebKit/537.36 $KHTML, like Gecko$ Chrome/131.0.0.0 Safari/537.36)./Producer (Skia/PDF m131)./Creati

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.688717
Total Bytes:	71418
Stream Entropy:	7.994634
Stream Bytes:	52555
Entropy outside Streams:	4.951374
Bytes outside Streams:	18863
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	148
endobj	148
stream	9
endstream	9
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
6	0000000000000000	2fa9a909b98930d04331c4886c8c3c9d

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 22, 2024 07:20:53.115973949 CET	54790	53	192.168.2.4	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 22, 2024 07:20:53.115973949 CET	192.168.2.4	1.1.1.1	0xeb9e	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 22, 2024 07:20:53.255492926 CET	1.1.1.1	192.168.2.4	0xeb9e	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 22, 2024 07:20:55.030169010 CET	1.1.1.1	192.168.2.4	0x675f	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 22, 2024 07:20:55.030169010 CET	1.1.1.1	192.168.2.4	0x675f	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.58.101	A (IP address)	IN (0x0001)	false
Dec 22, 2024 07:20:55.030169010 CET	1.1.1.1	192.168.2.4	0x675f	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.58.99	A (IP address)	IN (0x0001)	false
Dec 22, 2024 07:20:55.030169010 CET	1.1.1.1	192.168.2.4	0x675f	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.58.98	A (IP address)	IN (0x0001)	false
Dec 22, 2024 07:20:55.030169010 CET	1.1.1.1	192.168.2.4	0x675f	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.58.100	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7508, Parent PID: 2580

General

Target ID:	0
Start time:	01:20:37
Start date:	22/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Trialog 28.11.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7692, Parent PID: 7508

General

Target ID:	1
Start time:	01:20:38
Start date:	22/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7872, Parent PID: 7692

General

Target ID:	3
Start time:	01:20:39
Start date:	22/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1664,i,17986111413712263075,3581551862786602674,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Trialog 28.11.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\723712ed-7dd0-469a-a928-7ccb345c4972.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7a6c4464-d314-4dd4-a942-eb2f25e3970d.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6ce1d7.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241222062043Z-162.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7600

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7600

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Windows Analysis Report
Trialog 28.11.pdf