Create Interactive Tour

Windows Analysis Report
1099-NEC.pdf

Overview

General Information

Sample name:	1099-NEC.pdf
Analysis ID:	1640804
MD5:	b77cf9ae7bea425d8a5d42eacee9d226
SHA1:	ee9c30b16aee8039e681b26c5d6297be6497c723
SHA256:	1b1a8d3ff270bb9a5b3f1aa59453c3f7d509eaa65e4df517493d236b7acdb903
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

PDF has an OpenAction (likely to launch a dropper script)

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6264 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\1099-NEC.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6448 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6684 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1580,i,5101753410508339001,15037025503006614073,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• AV Detection
• Software Vulnerabilities
• Networking
• System Summary
• Data Obfuscation
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: 1099-NEC.pdf

ReversingLabs: Detection: 13%

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: global traffic

TCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80

Source: global traffic	TCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global traffic	TCP traffic: 23.209.209.135:80 -> 192.168.2.16:49699
Source: global traffic	TCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global traffic	TCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global traffic	TCP traffic: 23.209.209.135:80 -> 192.168.2.16:49699
Source: global traffic	TCP traffic: 23.209.209.135:80 -> 192.168.2.16:49699
Source: global traffic	TCP traffic: 23.209.209.135:80 -> 192.168.2.16:49699
Source: global traffic	TCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global traffic	TCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global traffic	TCP traffic: 23.209.209.135:80 -> 192.168.2.16:49699
Source: global traffic	TCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: classification engine

Classification label: mal48.winPDF@17/42@1/63

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6352

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-17 13-48-37-768.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: 1099-NEC.pdf

ReversingLabs: Detection: 13%

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\1099-NEC.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1580,i,5101753410508339001,15037025503006614073,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 5AF217393B83760FBC93A98F12C3B8C6
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1580,i,5101753410508339001,15037025503006614073,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 1099-NEC.pdf

Initial sample: PDF keyword /JS count = 0

Source: 1099-NEC.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: 1099-NEC.pdf

Initial sample: PDF keyword /OpenAction

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
1099-NEC.pdf	13%	ReversingLabs	Document-PDF.Phishing.Generic
1099-NEC.pdf	2%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
e8652.dscx.akamaiedge.net	23.209.209.135	true	false	high
x1.i.lencr.org	unknown	unknown	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
23.209.209.135	e8652.dscx.akamaiedge.net	United States	23693	TELKOMSEL-ASN-IDPTTelekomunikasiSelularID	false
34.237.241.83	unknown	United States	14618	AMAZON-AESUS	false
2.19.104.203	unknown	European Union	16625	AKAMAI-ASUS	false
23.203.104.175	unknown	United States	16625	AKAMAI-ASUS	false
199.232.210.172	bg.microsoft.map.fastly.net	United States	54113	FASTLYUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1640804
Start date and time:	2025-03-17 18:48:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	1099-NEC.pdf
Detection:	MAL
Classification:	mal48.winPDF@17/42@1/63
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 2.19.104.203, 34.237.241.83, 50.16.47.176, 54.224.241.105, 18.213.11.84
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.2353164163401
Encrypted:	false
SSDEEP:
MD5:	76FB1F3C9BD0011294D1A65720B1AE09
SHA1:	1806AAAC0E2CF5C8407E7D8EB52B6AFA7B5D77CD
SHA-256:	43081666AE22784F24B4C918D127AED2A38F46922574C2739AB168A3DD882105
SHA-512:	5E5CD74D10D0795D063D20F4C56B53B6CEE9E6ED235F826595832D5BAF78D3FD9D0C029D21E3CAD02BA4ED3F329A09D8E2A59816DEA075278D9110B32DC89BBF
Malicious:	false
Reputation:	unknown
Preview:	2025/03/17-13:48:38.435 1988 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/17-13:48:38.438 1988 Recovering log #3.2025/03/17-13:48:38.438 1988 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.18699483763827
Encrypted:	false
SSDEEP:
MD5:	6E9C3B3B66A8F6A98C52918CBEE723E7
SHA1:	468208DC34BCC75DEED35055395B85877385A1BF
SHA-256:	8D4E11A6B955727180257490CB734223D2F0D66CBAB72B194D435C804B3845F9
SHA-512:	C8F2225C73A75766C1F8EA677522F6E2E9DE5130628D3CE36192D32D4878A0BE7FDC5E3CAC689DF0DF95A27B6346AB4C9AA14595674281F6D24F975CF24F0D49
Malicious:	false
Reputation:	unknown
Preview:	2025/03/17-13:48:38.342 1a40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/17-13:48:38.345 1a40 Recovering log #3.2025/03/17-13:48:38.346 1a40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\66cd0ba4-d471-4c9d-923d-ba9430957e2b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	403
Entropy (8bit):	4.953858338552356
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6a15ba63-2141-463e-b037-97b00548bea5.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.987029717098883
Encrypted:	false
SSDEEP:
MD5:	ABF47203BCA9A24EC6E1ADA3F4E50B29
SHA1:	A43335E8DD77776E4A661AFCFE4CDDF226435D8E
SHA-256:	1C839358A0A132742D50423F4A4B37F4B1B341AC8AA399A16A24D6461FD2BE77
SHA-512:	2EEF7DA5945E01AEC77357E6493C72F8311A748E3F8B7372638AA762F1FA560F347A160EE5B67978B2F60D750729FD3485258F535F28B20986D6CBDE54720DD9
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386793728138380","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":124599},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3a1b5d.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.231812377897927
Encrypted:	false
SSDEEP:
MD5:	5778D0E780E3B02283A981D8ECC9A188
SHA1:	0FEE5B6BE2B2DB7CDE4116517D43AC724FCB2BA7
SHA-256:	98E9D154EBCC3B04278202C1D73926B62F6DA3046E66D66E079BAEB89186EECD
SHA-512:	5CA38E2AA2B32867BE1206E1B0C3F978B834BAC0EFA86DC26AAC62BC97392BCA18E88E35D490140AAAA1544E4654D1396186EDF117E4E6EE9824C1DB98BB8BEC
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.209464313501848
Encrypted:	false
SSDEEP:
MD5:	9980686456BE6AA01506CA4EBDC37B14
SHA1:	8D90D5F04FB757A672672FAC9D60AAAEBA987FE1
SHA-256:	4CBDFAC41B819A9A55544A471B5F609965EF301E9AC261EF03C638D1CE76F993
SHA-512:	2D3A3FCFA33CCCF6486A02EA398C555B1F1EACCF91D88AF264CE45E208DE97241E6B0A4E608977DEF31A8F236B3265600201D50E8FD8EB2E3A848B81F01CC2CB
Malicious:	false
Reputation:	unknown
Preview:	2025/03/17-13:48:38.472 1a40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/17-13:48:38.473 1a40 Recovering log #3.2025/03/17-13:48:38.476 1a40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250317174839Z-162.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	2.286948423009873
Encrypted:	false
SSDEEP:
MD5:	F2D04FC7A5B3A3F5D795433F876C1D05
SHA1:	F531731CE1EA6EAA621D814F5B48F0EDAFE4D40E
SHA-256:	CFB2609F69F47D8AF19851AF2D636907F0FECE08D0E49C71E408F3FB5FEFFBF5
SHA-512:	94AB3CA3EF6D90DAF96DB2D4F0868FCB11D54F0CB2B4DB39F41CF32154B0B38000CDDA02D9F4FE41F7B1CF484414A993F8343398B7CAAA93F312C7786D74DEE1
Malicious:	false
Reputation:	unknown
Preview:	BMV.......6...(...k...h..... .........................$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.2136676166591915
Encrypted:	false
SSDEEP:
MD5:	AE43FF6684669212707BF1844615BA1A
SHA1:	B4415F5EBA749C186D73E79C353CFC9963AF7CF9
SHA-256:	E914D8E4D6C0C9EEF066E8AD0467E7061F51F8FFC03C83DD5E97C9211B6AB163
SHA-512:	36E4BDDE7E26C9074669C8FE57201DD52851F725A3854A0087A8EE738C489DEFC3C4CE49895B4C3B45FEC21229A894C56F21372C291DDB3F77F43489B0776D5B
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....)>.c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	unknown
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	73305
Entropy (8bit):	7.996028107841645
Encrypted:	true
SSDEEP:
MD5:	83142242E97B8953C386F988AA694E4A
SHA1:	833ED12FC15B356136DCDD27C61A50F59C5C7D50
SHA-256:	D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
SHA-512:	BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
Malicious:	false
Reputation:	unknown
Preview:	MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH..M.KB."..rK.RQ..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j\|w...#.oU..Eq[..P..^..~.V...;..m...I\|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.\|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.756901573172974
Encrypted:	false
SSDEEP:
MD5:	65F170B101940FE93C9BA3EA0F94C206
SHA1:	0C042EB6AD209ADF0EF2244632418B5F6763804A
SHA-256:	D9AFC4E83BCE0D3053CF44BC5B50BDCF7976E25825C696B030A37C55294E214E
SHA-512:	0AF9475EAEC517438324C4724280CA21C57B3BB775408683EF00FD9FB4F5833C48E5BDB28AE9E8F92105E39B6A0BD165AE070CC571FFE135758D23587737C0A4
Malicious:	false
Reputation:	unknown
Preview:	p...... ........3.+.d...(....................................................... ..........W....A...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	330
Entropy (8bit):	3.273411065443351
Encrypted:	false
SSDEEP:
MD5:	204161AEA3BDCAC7D4C08B41E11D8C1E
SHA1:	D4E2B3B287F83A273E7D55FED7D48696E027A8F0
SHA-256:	29471700416B01E7ED57FC6F51B76CE9EC54BB929A445D76F2C215E47E4FBC22
SHA-512:	E50FC6FDB38B404153E48E988F1E59C1E7D7F497353897BBC95BAB3ACD8239E528B8586B2212F66CD8A99E3B15F74718FE4A3530F4264D01CF0DAD35FD064F58
Malicious:	false
Reputation:	unknown
Preview:	p...... ........._.d...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6352

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.376857786720243
Encrypted:	false
SSDEEP:
MD5:	83C34E026CDEE8ECECE3FB7B91AF8F76
SHA1:	D0E233008710238514A97562D8229E3AF68F3575
SHA-256:	054AC50DBF72C1C66E1FE5CAC7FDA801AE53DBA966B94D545D2EC7D662BEC90C
SHA-512:	8B1C888D14D938735C4E78AC17D4246BA655E802AEE70EF062E5B0AD19E4B87804C0DDAE2AFEE447A08910E62D4CB38CE199697938999EC8304E3268ADBB8A81
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3244634531241815
Encrypted:	false
SSDEEP:
MD5:	AAC065A802AE81101643B9410C6EAFDD
SHA1:	E42F38673C70896239712FE0548C67410A9F0436
SHA-256:	A50FB4D89286813C9BC6D1FCAAC1FBB6929BCEBF1F451393CC4BA62A65361245
SHA-512:	DB00B65DA5309B2F4E6F83CD85DF75D8FADDD2E78C0229D1205A09A598AAADCBA7D4D8DCC95ED891CEA71B51FFDEC59C7929B069F3B8334C5AE74FD4770CADD7
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.30328452816978
Encrypted:	false
SSDEEP:
MD5:	E1B9F8497976DF37677CF575BA71C1EB
SHA1:	00191E202AD7B37028EA0B4167A08715844018C1
SHA-256:	98AAAD01615362525F71952AAB63A39404ABFA374E4F55081F72B758449ACE10
SHA-512:	C8BE1C00BA54087DEDEC43CE316A18C321F77F0E311355EA743CB15E7D15C91F8E76DF428AD864D488250F67ED41446FF7BEC443221A1B9FEEA9DC8638C34022
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.365711463194679
Encrypted:	false
SSDEEP:
MD5:	B3670A9F8D98ED74E6F1FE7CA769701C
SHA1:	755848C287C8163679BA73ED125E56EEA17776E0
SHA-256:	4302914CE2BA231375BB2DAC511B6C95CBB475450FA97F97F7F0661136B6BD4F
SHA-512:	B6DEC402393E535FFB4465CF0849FC84FE6AF0582214CDB63E5386A753AFA9F06BED834E1107C0F0290028095A87F9FC5BEB8AB69D61CA219CC5A4343292ACE2
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2113
Entropy (8bit):	5.8407317113260095
Encrypted:	false
SSDEEP:
MD5:	FDB24AF5973F834ABABC29D58F65F6FF
SHA1:	0C38EDD7E60939A2E0C73509C07AF941CA85CAF0
SHA-256:	9B07A2563A73FAEC0585B06992D6365D4ECAA5954ACEF05E440C16AFE81E8807
SHA-512:	37AAF67F6EEAE7935A62B8CB9B1862764062367F6AB10BB03AACFC4CB3748A9B98D71A7A9C023CFF08FFDE79EC0A29A87ADF17F540DEE7006C6CE5D590BC04D6
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.312214076797873
Encrypted:	false
SSDEEP:
MD5:	7B65B98506679C5311ED1DA8B0B05B65
SHA1:	39A9D47D9134D7C70E7D269D2F7BFA0FA0963664
SHA-256:	B19F1A919EFB96D5844ED552AD0384F828120B8B123A17BF5A53D1E4277D70C7
SHA-512:	EA88908B2272D51B723F850C7D4C359221234271E1BFF8FB754C75F6077D53A12C15B7CAAC6B47DF2AA195F774EDD622C8986A5020AB0D8EA8A1AA3EA9BE7F3C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.314157217740227
Encrypted:	false
SSDEEP:
MD5:	1EC139495F4B15A8B3F3835DAFB80079
SHA1:	63F7FA077B1AC4A6FE6F84430828C4FCC7A43AED
SHA-256:	6279027B016966FDC7B8DCF2CD1181920FAC719A901B4DAD16E046C7BA60C031
SHA-512:	1FD37A64FD019B5F35D9AF33D3838678F4692FD70BAF9F3B3425C7C3235D6CC39E7465D3899392279FF090B77531653292FCB74EF4503CB26E0FB38D48376D8D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2064
Entropy (8bit):	5.82198532224348
Encrypted:	false
SSDEEP:
MD5:	4BE4D05803A91D15DC853FD7E735128C
SHA1:	E533F2CA65C84B3F6DD02F64B6972974AD161A15
SHA-256:	293CDC38D1CC7D12A81587D96E65D0B73D64CF20C02448C25E35C80031524AE2
SHA-512:	50FC8DC3AA9F9E373A22A323BB08B1922A3E6E1FE168E0A41085D8077D8ED34E8A16BAB6A4572DA2DA3FBED17AE41B898A17A61071E7AEACF4AE2AB6A1BCA4CC
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.337500804914369
Encrypted:	false
SSDEEP:
MD5:	A9D0378DAB2D93D2190E5D045C40F483
SHA1:	2F4514AF17F551F018F2283E6447222276162DC7
SHA-256:	02A20069522EDD8E321ACE9CB258776E7F815E33BF111D8154EF3389C8CC4B75
SHA-512:	798EE2F6106E4165C6BA654E0553247F2E4F60B154A56AD1005DFF5659761D3033893C49820E6CFB181DEDD270D70ED19110A26460647789626CF328AB06694F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.318227280146619
Encrypted:	false
SSDEEP:
MD5:	63760BA8C0F2FFFCD3739D1F6DEDE1F4
SHA1:	B740D54A46BBC7FD6C00D2ABC13F73E18AC8BA79
SHA-256:	F5969CE47D69B98131CCD51C8736A714A6387848FCAA727A4FFF4DE39EF3F458
SHA-512:	FE7D7A5A588B9A97F2161F1ED17E860961F8A1245AC0EC31C83D099BEBB2DF391FCE92D41A7287367D23F55CD72DA4277C49E2186D6EBC6EEC56660017E8BCF7
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.305179909409436
Encrypted:	false
SSDEEP:
MD5:	034F56CD5ECA9BE53434B1C269324F03
SHA1:	A0643D0218F235EDB8858908C3EE1727DEA63FB6
SHA-256:	E629F34024738D8507362DCB8B425C9E65EE487DEB76A7996751E3747D2C4173
SHA-512:	8910D4CC49BEF15481701E720B80F9B75D917B3507EE87E7804832EBE1644158C440D5933241CF26FEB2C18DE0A057257EDE474EACB85131363FEFAA6D55944B
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.301649104417413
Encrypted:	false
SSDEEP:
MD5:	17A72B240924C37FA49009AC27FB3864
SHA1:	41C023F3A569141CB3DB121D65A14C420EFAC38C
SHA-256:	E00D386DC750058F2F33E14C8AA0D9AB7EDAFC0748CAC06E173303C58124E360
SHA-512:	CC90D17FC304A314943723ECBB1A64E58616AF5634C7E2DB6837F0B2BFDC9BB6545EF67FEFB25CB94527FA1DA7A5DFE9D4780FB8267E9A21DFF22F6E7F345C80
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.304968336896809
Encrypted:	false
SSDEEP:
MD5:	38C564F143E51C6EEA0E10301F423BF6
SHA1:	976B669A9F86CC17DA454980D3289CD32966BADE
SHA-256:	2CD594D9144B733F711212EC564D3496AE931C8A16D14C8956B64DA374F40677
SHA-512:	5137FFCBB030D3CD8E90B86DE9747146C820278DB077903AC7666B35FEA13DDBC927BD2674E433FE431824AF6EE23493469CD960CD51337158139783EABB7F3F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2012
Entropy (8bit):	5.835601666206011
Encrypted:	false
SSDEEP:
MD5:	1722EF0AB659ACCEA05145684C9C2279
SHA1:	1443CF7EB42C71D2DEB124AB139C771B1E071F03
SHA-256:	4BA63C7BF6F66295F88CD6749B3613DED3495AF69BE95E9ADE16DDF13283BA32
SHA-512:	AB20133349BE4EE1921BD421AEAA459D226A3C7275B342C07C31119A776A50EDBF712A7185E9011617BBD5A2918626B1F209F97175AB8513523A81A2B8BF18F2
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.281264186467303
Encrypted:	false
SSDEEP:
MD5:	412ECEDFDD99EE0CD1C64499341A9880
SHA1:	B577B5CDFA41B797CBA41E9F9F4A76100596EB8C
SHA-256:	12F593041BE63FA8FB7A68FAEB5BBABD6BC1624D635B84893978C2559B788DF2
SHA-512:	0AEB3CE33D77747EBF36749221EB9DB9060C391B1FEF31A7F48D5301BC72D513B6023FE585D8483A3112CC82E085E703E8860909FC25260126862C84C28C1B6C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.28756299899114
Encrypted:	false
SSDEEP:
MD5:	AB50564B5D4C6E7BF6A7C8FDD5DB2053
SHA1:	09D9B390A53BD15696D07E60FA6518808C83AA80
SHA-256:	097A03697E02927E1F0D32BBF24323BC0CABC8F12111AF710B4F03FE96C9A5C1
SHA-512:	7B940A9E946955E71F2F38A05D8F56C605D6CA3833EDEB6AB83062C39F7EA03D18DE246102F33BABD81F4C855AC4075866F9605C7208046E4FF7CFBAB35E0A64
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.129414817958812
Encrypted:	false
SSDEEP:
MD5:	1C65B6A23215AC32EC38CC7882702D72
SHA1:	8F347E7F168E83AF2AD3C6B3BD8D228AB9D1EBE4
SHA-256:	D145209DA16A76A6B3AA5F7AD2431B661AEA8060DC9544321DDBDA33BBEE940F
SHA-512:	84624BA53D1B95C695E82B7B551E5198B4D866577AFC98838689FEE497CC894AED13DD858727B7532B281F793045228A906A3D8CF59A8FF565CA025EE894313D
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"1d3f491b0f3566421a9bdb269644915f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2012,"ts":1742233722000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c2391039cd6b304945c475086e5168bc","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2113,"ts":1742233722000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"6b1547cf818c2bd29a078303e4de5bba","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2064,"ts":1742233722000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"231bc0dee600e68e749bbae17969ebae","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742233722000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"0379fc8296bf694a1f926f2d9627db46","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1742233722000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"0546b5bb56baa559796a757305749571","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file",

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9888396234248434
Encrypted:	false
SSDEEP:
MD5:	6FA0635663CF04A92616BB0F45BD854D
SHA1:	A93FF61D451F601D86D30D93167D20FDEF7B8254
SHA-256:	9712B52F0217AA39F33C9EE20B5E83B3D8B1863BAAC1CD996110A8DDA9989DBD
SHA-512:	E2A697631CE5018528A193651B7F2F4F08F310F6042B9CE474D251DC4683947CCF27ADCE80D23ADCCDB967B944ACFD2DBA81B04AD92FF4195FFA3D6AA9086EBA
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3430879221421368
Encrypted:	false
SSDEEP:
MD5:	9C5B8CF7713CD0CDC5876CF7D40C6080
SHA1:	99D488D780F365766ECE9EAF8A725A23F41D86D0
SHA-256:	FCFE9112C7189E1F4FDC689D458E8C04739C9BC75420B1BD27C6EE4392BFE160
SHA-512:	0E3620BEAD97B8447DA5E55D8DE62B5AF7751DDBA9E9A8C09A9067B6805C80AB50198B2225C1AEB7E37A72E62B47BA696EE303773DCED27FC93C2E6F36EA942A
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....T.7?......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI90579.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.534010397435022
Encrypted:	false
SSDEEP:
MD5:	3C91249FD3ADDA8231BA929DFE951735
SHA1:	5E8F5BB86B8F146A7DADBBD60E5B289DC67A2E82
SHA-256:	C44E1D9AE514305CB06055438DD75F1998FAC61B18A436B25D56FED814CCE1C9
SHA-512:	3E952328EF44EAB1A34AB04BC045F03778138C0E6E6090815CB47CDC72BB5CBAB02959111A23A72D5627A238639A5F04943E9276125DC3F398C4EEF11142E1C3
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.7./.0.3./.2.0.2.5. . .1.3.:.4.8.:.4.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-17 13-48-37-768.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.369246755424175
Encrypted:	false
SSDEEP:
MD5:	5EC36C145A73DD9AAEF3E74E13C55FAB
SHA1:	383A91EDA796DE6B3FE363397C2F7D14BBE4C856
SHA-256:	6E5EB5227CE7AD5FAE2481664A4BC30A204586414246D181311B29574B8EAEEB
SHA-512:	CD7A3E0ED51C47A09ED5AA88101FAF3E1CD4C6EA7570A56135F2AFAD8DF261E3EF04D4060503B10FD5E3AF170712C8691FB283F5D1FA3B97AD8EDE5E0A092E4B
Malicious:	false
Reputation:	unknown
Preview:	SessionID=7fae8258-ce13-434b-996d-3dadc4698979.1742233717781 Timestamp=2025-03-17T13:48:37:781-0400 ThreadID=6488 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=7fae8258-ce13-434b-996d-3dadc4698979.1742233717781 Timestamp=2025-03-17T13:48:37:782-0400 ThreadID=6488 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=7fae8258-ce13-434b-996d-3dadc4698979.1742233717781 Timestamp=2025-03-17T13:48:37:782-0400 ThreadID=6488 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=7fae8258-ce13-434b-996d-3dadc4698979.1742233717781 Timestamp=2025-03-17T13:48:37:782-0400 ThreadID=6488 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=7fae8258-ce13-434b-996d-3dadc4698979.1742233717781 Timestamp=2025-03-17T13:48:37:783-0400 ThreadID=6488 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.424658700516149
Encrypted:	false
SSDEEP:
MD5:	7BC9FC0918FBBEB4921FAEC29EF70148
SHA1:	D0614919C8D04A2B48722665F1E2841318174F2C
SHA-256:	EE68B31528893F263C1658AB3D976837B4A8CA93507A7AC68E1ACC5A89FB287B
SHA-512:	A7CC8DFB99BD93388D4098FC9537DCC1A080D832A1620BEFBBFB7BD2D0D8BFA711BCD70B80A05C056E579011A5E3F16CA6D5C91D2013CB8DC5EB8C95F69A6D8B
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\31960b22-ffca-4248-93a1-c9f5219963c6.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\3e5cc7b9-8f25-49de-a9a9-9d99e230a0dc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\55fd7329-4d9e-49c0-b6de-b7ecbc6393c4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	732C4E8507E4D875CFE981D71D21E2DD
SHA1:	E7D7F6AD262BD324742DC268F3A5B500AB2EA283
SHA-256:	7D24D933CAD1A56D78F9CA6AB4F0CE2481BE9AFA663B64EE177BF6E2E1B18715
SHA-512:	C51FCF5C69D56F6555CFFE1D13946B379D06E5C6DA721A5764DAD63E6215C9C3B868CC20D328A1C1B691661AFC27509C0D6C90F36F05885EBC1C48F648E509E8
Malicious:	false
Reputation:	unknown
Preview:	...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=.R........4..(WCMQ..u]]R...R......5...N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]\|..7;.5....^..7(.E..@..s...2..}..j.......t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...zBs\|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5\|:bj[.._R{gi...^

C:\Users\user\AppData\Local\Temp\acrocef_low\729e6312-2bf2-4375-9f4a-58d77a875b2a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	F6CACB4A8F3328CA8C06812420C0337E
SHA1:	184589C5954FE73E4DF5569A0D0E2F85189917DF
SHA-256:	91E9A938AF33129F4DD910E38980BEAC9C64982E76458D75B92CB03B0FBCDFD6
SHA-512:	78D790967B665A9EC54C92ECB89336A67D8ED7B385B25AC465A28F31BF88D7DFC1A2FAE4791BEE33E48CE5EF783C1C9169D1C905E9CFCA090FF54C71335FA0A0
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.5
Entropy (8bit):	5.6861504822482205
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	1099-NEC.pdf
File size:	40'895 bytes
MD5:	b77cf9ae7bea425d8a5d42eacee9d226
SHA1:	ee9c30b16aee8039e681b26c5d6297be6497c723
SHA256:	1b1a8d3ff270bb9a5b3f1aa59453c3f7d509eaa65e4df517493d236b7acdb903
SHA512:	8ddab66e3a4259d1900016267f71f0bb727b6304c7ece1d4529cfd32eb55f25d013dd839828e86829b4d029741331e674e612e3051430481a4b631914018f26a
SSDEEP:	384:PXwVVcX8YbmWG3cdW0nwcP3r+8cQe1nva3:/xMYbWWjPCTQe1i3
TLSH:	C70392174C0D8E539068C7E4BF861D5C3B662A1EEC8279FF346E4ECA7F681525C8912B
File Content Preview:	%PDF-1.5.%.....2 0 obj.<<./Metadata 4 0 R./Names <<./JavaScript 5 0 R.>>./OpenAction 6 0 R./Pages 7 0 R./Type /Catalog.>>.endobj.4 0 obj.<<./Length 2866./Subtype /XML./Type /Metadata.>>.stream.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpme

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	5.686150
Total Bytes:	40895
Stream Entropy:	5.609810
Stream Bytes:	39823
Entropy outside Streams:	5.381436
Bytes outside Streams:	1072
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	7
endobj	7
stream	6
endstream	6
xref	0
trailer	0
startxref	1
/Page	0
/Encrypt	0
/ObjStm	1
/URI	0
/JS	0
/JavaScript	1
/AA	0
/OpenAction	1
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
13	07d0d00fc0000000	95b5ec6c3030a06ad34666be16194964

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1099-NEC.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\66cd0ba4-d471-4c9d-923d-ba9430957e2b.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6a15ba63-2141-463e-b037-97b00548bea5.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3a1b5d.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250317174839Z-162.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6352

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI90579.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-17 13-48-37-768.log

Windows Analysis Report
1099-NEC.pdf