Edit tour

Windows Analysis Report
Michelle.ullman+Ci9204030442.pdf

Overview

General Information

Sample name:	Michelle.ullman+Ci9204030442.pdf
Analysis ID:	1664706
MD5:	48e127ffef6d6e7eead92eb13f8b7970
SHA1:	fbb22d11027bb5bb8d00ef07bca65b09511cc83b
SHA256:	be8cad78ede7e52f3a2b17fb716ff37ed3d7ea0e6af83bc93236cabc2a319d7f
Infos:

Detection

Score:	22
Range:	0 - 100
Confidence:	80%

Signatures

AI detected landing page (webpage, office document or email)

PDF has an OpenAction (likely to launch a dropper script)

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6476 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Michelle.ullman+Ci9204030442.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6996 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3276 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1556,i,719958981576975057,3712249178377860849,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Phishing
• Software Vulnerabilities
• Networking
• System Summary
• Data Obfuscation
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

Phishing

AI detected landing page (webpage, office document or email)

Source: PDF document	Joe Sandbox AI: Page contains button: 'Click here to view' Source: 'PDF document'
Source: PDF document	Joe Sandbox AI: PDF document contains prominent button: 'click here to view'

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: global traffic

TCP traffic: 192.168.2.16:49709 -> 23.55.253.31:80

Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.55.253.31:80
Source: global traffic	TCP traffic: 23.55.253.31:80 -> 192.168.2.16:49709
Source: global traffic	TCP traffic: 192.168.2.16:49709 -> 23.55.253.31:80

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: classification engine

Classification label: sus22.winPDF@20/42@1/62

Source: Michelle.ullman+Ci9204030442.pdf

Initial sample: https://gentle-wildflower.abbelumber.cam/r/68747470733a2f2f70616765732e646f646765696e647573747269616c2e63616d2f3f656d61696c3d6d696368656c6c652e756c6c6d616e406d6264612d75732e636f6d

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6624

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-14 11-12-42-239.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Michelle.ullman+Ci9204030442.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1556,i,719958981576975057,3712249178377860849,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1556,i,719958981576975057,3712249178377860849,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Michelle.ullman+Ci9204030442.pdf	Initial sample: PDF keyword /JS count = 0
Source: Michelle.ullman+Ci9204030442.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Michelle.ullman+Ci9204030442.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Michelle.ullman+Ci9204030442.pdf

Initial sample: PDF keyword /OpenAction

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	3 Exploitation for Client Execution	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Michelle.ullman+Ci9204030442.pdf	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
e8652.dscx.akamaiedge.net	23.55.253.31	true	false	high
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.55.21	true	false	unknown
x1.i.lencr.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
184.31.60.185	unknown	United States	16625	AKAMAI-ASUS	false
34.237.241.83	unknown	United States	14618	AMAZON-AESUS	false
184.31.48.185	unknown	United States	16625	AKAMAI-ASUS	false
23.55.253.31	e8652.dscx.akamaiedge.net	United States	20940	AKAMAI-ASN1EU	false
199.232.210.172	bg.microsoft.map.fastly.net	United States	54113	FASTLYUS	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1664706
Start date and time:	2025-04-14 17:11:51 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Michelle.ullman+Ci9204030442.pdf
Detection:	SUS
Classification:	sus22.winPDF@20/42@1/62
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 23.76.34.6
Excluded domains from analysis (whitelisted): fs.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtWriteVirtualMemory calls found.
VT rate limit hit for: edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.158551179982059
Encrypted:	false
SSDEEP:
MD5:	15A35BF3EB008E04D86EA5D1B5812799
SHA1:	597F901AF13E44C1A1E45D78725D0FC17B9A78C6
SHA-256:	06378AEE9497E0C44748FADA09F6D91200CF243A1EBDD25E5A31447B92C0FC4F
SHA-512:	74D2451DC36BEA3F011E895B7C6E6CCC70CCF45B71B8FB32F1571C6C050028783A80309A6EECD59252C4FC26EB9EE821DE15C1C1FD0BE837F33EE43D7CF8374A
Malicious:	false
Reputation:	unknown
Preview:	2025/04/14-11:12:43.057 1bb4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/14-11:12:43.060 1bb4 Recovering log #3.2025/04/14-11:12:43.060 1bb4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.161624483491738
Encrypted:	false
SSDEEP:
MD5:	C13C8E9FA494F246C70793EE2ADA15C7
SHA1:	C74221ADFA9D6D4E35D465C198B1A0D2696F723F
SHA-256:	EB324CC4FA1749930151ADAF61FE288B91BA37B8C89C3297700E51F81866FB6C
SHA-512:	CEA7267B305C92746E559202850261775B956096C309913D8C87D2045CEE8CE4A6AD3CCBC9EEEBE85C1AB1C860A933A1B38A0C4E1EBFF28F6E5E5A4F79B98E59
Malicious:	false
Reputation:	unknown
Preview:	2025/04/14-11:12:42.913 e7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/14-11:12:42.916 e7c Recovering log #3.2025/04/14-11:12:42.917 e7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9e82f0f4-8e57-49ed-9d7a-539929b23c9f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.98907081643162
Encrypted:	false
SSDEEP:
MD5:	18EAAF6BFFD274F5CE02BB3844E1ED6B
SHA1:	C16AC343C59F56507CBDF45FE05D7384C35DF5A7
SHA-256:	02784500227398C096C59F16E779816498D50A4E7E63003DB4AC310B0A88702D
SHA-512:	CF417FDDD3A426CF381A93EE6E7A9624B76144C9B570E50DFD48049176C37C3CE25AFD0A6560636E1B96CE3CC1A4E15A76B27DDAF0D908C64712D670A704C54D
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389203572642609","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":119964},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	18EAAF6BFFD274F5CE02BB3844E1ED6B
SHA1:	C16AC343C59F56507CBDF45FE05D7384C35DF5A7
SHA-256:	02784500227398C096C59F16E779816498D50A4E7E63003DB4AC310B0A88702D
SHA-512:	CF417FDDD3A426CF381A93EE6E7A9624B76144C9B570E50DFD48049176C37C3CE25AFD0A6560636E1B96CE3CC1A4E15A76B27DDAF0D908C64712D670A704C54D
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389203572642609","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":119964},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4591
Entropy (8bit):	5.249013094719443
Encrypted:	false
SSDEEP:
MD5:	A9E4F096C47C4D45CAE1C9EB7A485199
SHA1:	C45EEBFAA8A9656AC875549DC2179387C55DF55D
SHA-256:	DD75312159C0F36CEA3755863456D576D134A2456FD42F48CF3317580E3FBE1A
SHA-512:	65F93DCC276B4B78F2E021B7F5DBA850CABDB68401252960F4C6AE698E1CF730AEC39C347C65F2525EE0C9F50A2F4C537AC5B4933B6DE77A4201F203F4EB2E41
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	319
Entropy (8bit):	5.183671767016253
Encrypted:	false
SSDEEP:
MD5:	737E91A9A159BFCABF2B9EFA3F628A0C
SHA1:	EEC4D6BDA6CE45774B268AAABE5703B8F7B42C4E
SHA-256:	E70445D593494F659F975A92681E36317957B96545EF099FB8959AD2801C1A72
SHA-512:	66C92993448F3000ABB1073A57FC58469367685CF56A7E7E6D72C512A06E34A1BBFF542740435F41C218BBFF72DFEE61F77B26A2B093D70D6AD26004C72FC05E
Malicious:	false
Reputation:	unknown
Preview:	2025/04/14-11:12:43.084 e7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/14-11:12:43.086 e7c Recovering log #3.2025/04/14-11:12:43.088 e7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250414151244Z-327.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	0.8108028317176784
Encrypted:	false
SSDEEP:
MD5:	303A2D47ADFC1519537B1EDF5C488EC5
SHA1:	5361C9071ADA84C265D031052E19CA440EF42078
SHA-256:	26B1D6302243BE22EE5FDFDFCD846FB7202C40A312B817BDE19E83FA22EA1744
SHA-512:	E37859E36D3958EBCDB1604B0B947A0AE7CD7141CDBCF5D98F58CB3AC3FE3C100B9F7CC48A13D045923D939213931EA7225D97946E99DAA7485391C0B9F876F5
Malicious:	false
Reputation:	unknown
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.2139323270602607
Encrypted:	false
SSDEEP:
MD5:	B7152EAC4EDC82658D8ECE9DB8ECBDF3
SHA1:	92B1905FE047250381968C7F018BA6F50F999882
SHA-256:	2234697838BD82FB3F76B6307DFDB651173E5728CBE72B1C4A873795B98D1BE7
SHA-512:	D2777F383AC606807095697A3946EC932161A9C3EACF92DAD60E46081B11177801C1726EED3ECB8E08304738B769AA3E962341400FBF7ADDF44DD60293A11E58
Malicious:	false
Reputation:	unknown
Preview:	.... .c.......A.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	unknown
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	73305
Entropy (8bit):	7.996028107841645
Encrypted:	true
SSDEEP:
MD5:	83142242E97B8953C386F988AA694E4A
SHA1:	833ED12FC15B356136DCDD27C61A50F59C5C7D50
SHA-256:	D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
SHA-512:	BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
Malicious:	false
Reputation:	unknown
Preview:	MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH..M.KB."..rK.RQ..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j\|w...#.oU..Eq[..P..^..~.V...;..m...I\|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.\|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7569015731729736
Encrypted:	false
SSDEEP:
MD5:	B77446CD4915B1F4BC60C9E62E4B8EAE
SHA1:	ACFD3A0CF5E2983845087E6D6E121BC2FA49A54A
SHA-256:	105A1DF2FBF3FD6015CEE06B9460D493CFAD913226BF3594584030826C8B89FB
SHA-512:	298F7F2F2D56D118CF48883FE209FC700C902B3CDE7D1CD87FBBEC943C095D794DC2C19319055ABE8DA10BCBD5E1971614A5D4B58E5337308FD8EE01C590DFD9
Malicious:	false
Reputation:	unknown
Preview:	p...... ........X+#.O...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	3.2871362927554144
Encrypted:	false
SSDEEP:
MD5:	3523093E717B5671A367A7E73C1F3BA0
SHA1:	658BCF33343318C63C2FD67D4CA0BFFBDFE56466
SHA-256:	B38852E44EFB48875485CD5D5858E64C1A4840B61840970A063F75C6112374B3
SHA-512:	61C89B1A86AF003C1E07823A30721880617340BC57632B6B415C8CAAE6A7ACEB91193169472D1883E3248C48CA0CED9E4691F60446277669C963682C90C8FA32
Malicious:	false
Reputation:	unknown
Preview:	p...... ........K.B.O...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6624

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.382474642244719
Encrypted:	false
SSDEEP:
MD5:	7745DC25B586C98B28804BD26478095C
SHA1:	3E471667A646B38853EDB94B6A84725ACF9F868C
SHA-256:	245263493EA80591F3F6B712BB518C80CDA148C06D857F4406E1682546080DB5
SHA-512:	4709D902DFC573287231447955F6D7702D23DF2032552F153BB25F123E8D01183A53A775EE9709BCBA4C0DD7B81AD7E538F8A115FA52A683A73DBED52CB6FDCE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.33080992653345
Encrypted:	false
SSDEEP:
MD5:	766BE09AEE44C60850C838B8CBB42988
SHA1:	DFCF247CBBA0BA449CE2CA9EA98F1DC0F1B69675
SHA-256:	7F8A8AEBD91EA2BC0BF6D731CE73BD23C38BD69479D9875A5309915081EB6980
SHA-512:	57031C9C12B6F60DDC733B55218A108E11C1CE02E68EE418D1E16513A2B85F1AB80AB0BCFD2EC9184858BBE9CF5838AC9CACCCD0606359A6967EA945B828343E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.310569254190447
Encrypted:	false
SSDEEP:
MD5:	0B4CDF56E88D050EACB6F4A68039B891
SHA1:	6B27C8E8CFF8668498BCF8C13195A2B6BFB2DFE2
SHA-256:	FD9B1939FC8D4CA37584E55132CBA6795B5BB2048EBC976667BA4428E12E3C04
SHA-512:	819541EE58364413890DE24175744CB2F132B6D771B510DE32B80C750FAF5BDD0B83F54B2E7E06D89B2591928F7BE2008A1AD28F08D8A70100ABAD1BF4024087
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.371525401369137
Encrypted:	false
SSDEEP:
MD5:	4BE56BD591291174CBEAEEC4104D7BD4
SHA1:	6A40D9D24E5DA490AA23C7069D5AB989FB49889C
SHA-256:	F7B4C2FC005AD29899A6B3B795453A157B9AD6C3536EB63D1A91D03D895E25EA
SHA-512:	703994EF9037C65AAD48806AB91530428F1371C3A912EDE9DBF9C71DBFA9420E4B6C9CAC6EB1E21CA557BF5B6554F6BA33D0EAED84B6D7EB39CBE204D8C47094
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.844116178314344
Encrypted:	false
SSDEEP:
MD5:	3832AE202AE0F95C97E9C79AB5E869A0
SHA1:	14F9703FDD5FFCF37111398A5E33360C414EB4D6
SHA-256:	038F33599F6A4CBEBE153CE5D273A5CF36B0D86A4A382FF1A66F614EC38A259E
SHA-512:	94174005D3B4FA36320830080E13B62DFC8DD82C20B35047A011B7AA54F367CA45A079759DFB2066C5E3C02219ABA73F5DAAD843607BAF495D802C51A996F4E0
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.315801484672551
Encrypted:	false
SSDEEP:
MD5:	E1C217D56F558590860C4AEBFE23E8E6
SHA1:	A631C1631D684C08BF7830B325CA191556130B67
SHA-256:	37AEF99C49C9F2D7F9A632A48E137F06AA54FE9C22F339F6DBC16CED46A47D21
SHA-512:	F60D21C51DBB9F9C0EBE5607ADCCB76C73E6629A359B4A2DE66161B86A05A545EF47A090117FB8681E8994CDBB0305F1BA6893992F751CA83AB45927C374131E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.318016766066139
Encrypted:	false
SSDEEP:
MD5:	1E43409DFDE71F8189A1E08BE7CCA56E
SHA1:	9178A0F9ADB08C0F48D5BAB11293A83D09858A3B
SHA-256:	E347A3419F9E3AFCC100577BD78E470610ECB81D53A6C1EBF1C9BD1E3C2DEF8D
SHA-512:	9E269E4C25514CC9A6DF6C68D1F72FBCDE10A8EBEB64048D68ACFBCF0A4DEA5BD981B9873727E259169E14C12F6C14B6EA4A18547D21E286C921172C194F94A9
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2160
Entropy (8bit):	5.8276843745857
Encrypted:	false
SSDEEP:
MD5:	5634615241FD210B21AED04060F73323
SHA1:	642B901F2F9FBFC99E8ABA300A8BC96642C2A67C
SHA-256:	232E41DA214F943100630BBC5BEFD6EE023F2C1F7423BAA9C045548DA8F56710
SHA-512:	96124AA17F7E342628A948BEFA2C703FAEF477945D6B81E24F29F17B853C6017118502E7761B3F8070FBD80FE2908EBB36C9B0AE19780A2144D2CD464EBF17D3
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.339693027318355
Encrypted:	false
SSDEEP:
MD5:	3F5939D65533732A311C191F188DD1FA
SHA1:	C6B3E3589AFBBD1BD828AF990F5990A5A9BF8884
SHA-256:	28CC6EB3615C402A6CF5746FC6CE2CB743894B2A33F15071DCA2659FE2095C7C
SHA-512:	091A0ED21B41C3C5DF3BC3AAD618F21E0F9FF5396C3157CB6262ABD98E213230229EE1CC1C0CCD20798D45F08F1494EAFC86B0F9787CACE2F1DF0A723069CC60
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3207588338927305
Encrypted:	false
SSDEEP:
MD5:	31607A6BF9FB0191002D4354A6E18C03
SHA1:	7698C693A5B12FA4997535AEA623812D751D517A
SHA-256:	3669EB33ED3E01C0A9B1E5AE1FCE0E84DF196D03237E5B6F63936DBE498240BF
SHA-512:	701546580727CF945B31AD0E81B58C14C375405FBD04C9F461AE83633178AC3BF967EDD5AD4AFE835C47B31F47E3C51F886A6E3C298D5DCED6648287030C23B2
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.307756032763753
Encrypted:	false
SSDEEP:
MD5:	DB16771F7229915B5E15E77235D624E2
SHA1:	2392E63FF9A96AE8F6B2B126601EAB89AFE94FDE
SHA-256:	C3B1C513660EAA1FE9BAFB4F67DCE3BD572710FE6575B25D239603017756877B
SHA-512:	AD78AC1CDFBC3AECC91D65DD45A95214711B90199912B572989A586EE61A3A3AA6E4FAB5808FCFDAA359FCCAADC9EECC9BFEE664B0C0BF49F25213B9439E9AF7
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.304163259168705
Encrypted:	false
SSDEEP:
MD5:	BF670CD1BE0834D6F17950D051AB2A5C
SHA1:	AF013C90B9F2B88B25B809FCBBC4D2D24E574EE5
SHA-256:	551B752D061AFACF7F05FEAAC86E4CA46175A1F567DB8717ED07796E2EA05EB3
SHA-512:	D34091DE9B5A11D0450F383D9B446006651723571FE35926BA2EC8B1E9703840F13B1EB6A97D99F7FF98BB5DB5FA70B2F45EDEFBFE5134C1B4DA090FC1BA5AED
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.3078319127435325
Encrypted:	false
SSDEEP:
MD5:	E6F29331A0A5B33BDBCA7610694A220C
SHA1:	C40A4301E4CE6196776C51D64D49DD4C729A53BF
SHA-256:	077AFF95429B4809BD99F9EBACFC1961D4BD27680EE83A8C20701C6B1CC0C5D7
SHA-512:	E7FA09A054B0836924AD784A7E0C90E782C36E9593F24E28B00C9AC7671050D1A0BA3965487451FAB0844D3D39817B75AE107AEC11F85C85611216FDE26118AE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2112
Entropy (8bit):	5.84665363498738
Encrypted:	false
SSDEEP:
MD5:	9C8139390784B98D041C5CF8E95CD8D2
SHA1:	7AD0D5915BB06883C58D8BEDE9EE5CDFFD8383F8
SHA-256:	00A74B4938515BDAFCABC99482CDC9618BB9CF33B155F91045B8431EEE3B4DBB
SHA-512:	B4DCEBD45A914786392BB29790BC9F4480048A3A2B2452C63783F85F6B8D42B00D601BCCF979960FFC2932097568285FFB2226E598635FA8BA1FF9AD60EAE002
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.281622328248896
Encrypted:	false
SSDEEP:
MD5:	2C76F0B2A12DA2D31B1C73CAD6549896
SHA1:	427681E9FAFA6BA4D3787B632759E9F43D356AF6
SHA-256:	0437C684C6FE0B5EB407BA8195F32B46B2A4E86DDDDC9CA1094BECB8D090CB89
SHA-512:	B6D6F434947393071B535586D2A680C7828A71F6C3D405AAA5B9CBE682320D254A75258275704760DD0244CA82B03F3161A8EC6DE16F4396570F03314DE6EAE1
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.2908186632058944
Encrypted:	false
SSDEEP:
MD5:	16CE5E4B85E01866A22FEAD37F33D198
SHA1:	BB840F7015522278B50DAF7D2FBBDAE4F95D5F02
SHA-256:	60A9B0BD0842AFAD929B1B525640752B590912C934BF197F027A7AE3F5C00440
SHA-512:	1D6546EAC726C5E16D7C189CEA46DB895140491121B5CB1E49111E1301C90ED7E00577804A88CE41FABF55A87B0CC14B607E1EC9B170FDFDCAD9B7834465987D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"3efdb227-d2b5-43bb-9d9d-e4aa6e40986d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1744819504122,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.144381858493745
Encrypted:	false
SSDEEP:
MD5:	B047FEAB6AE1D2027022A98115D477EB
SHA1:	120506AEAF683AEC4C6F8C29DEA957598F460D73
SHA-256:	AF20A2083861B00EE4EA315EB0094362A1F532EDD85ED01EE1D4079849C6D9D9
SHA-512:	D047EF9D48CD961487E06EF06B7528DEE1C970F884FC97C0287EDBEBAE143571735AB90DDA6FCFBE6E5D12319327B1F9E0FED49C948BC5BAB55481A1867DF28D
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b3aab7160acf5ae3f0afbc9b2284170a","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1744643569000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"8a02bffde930a5a5081c3349268b4f43","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1744643568000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"349786d56534004b2c84580630db85ea","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1744643568000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"3f0763750408567941495827e51fad21","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1744643568000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"2c73c66b2f4b70daf3736fbc9c00ed38","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1744643568000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"c66ff5e9a2c8af55511267493a879ad1","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9893241432161488
Encrypted:	false
SSDEEP:
MD5:	842C67BD08ECC9D5C79541A4892D837B
SHA1:	7775C001A202D159D848B61F35242556DD1ADD40
SHA-256:	B93F737E1BC9CC3D805188A878A1E5684EF4110A2E7FF8F74D7267075E06F414
SHA-512:	6EA69E05DCF42161A8EBE0720CBA9DD7B555FFF2DDD9677CCFFE28F8A988D424ADCE913238ACECF14DC0CA6C7CDD8299B3803E85DE60B7B42ACD5A66ED55B76D
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3460220520456245
Encrypted:	false
SSDEEP:
MD5:	35EAC57DD57840FFAFC6A42B056E0A82
SHA1:	BD2A2F1E8B29CC353886F0548410A9FB3EEE3616
SHA-256:	B35A03CF4ACA703FBCC4D608A7D356B4DF83E73DD8CB8D82BF29AA7A6D9EDAA1
SHA-512:	F682CBAFB51AD1374134193E2384E97688EC2193C0FD1BDB46F9CA0E11CB3DEDE3F9F2334D7486F7025E3A6C799066E55624D40BEF714CC86804DA241444B6CD
Malicious:	false
Reputation:	unknown
Preview:	.... .c......j........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIdd3e1.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5085442896850614
Encrypted:	false
SSDEEP:
MD5:	0C80ADE6368DC61AC53CB197D9A62857
SHA1:	B8D6DD6F53349972402D568228731A4D3868EB81
SHA-256:	1E7DDEF15EE96A491C9B5E9181292C94F897C79C9DAEC350D22AFE453455F760
SHA-512:	54B19C454B2527D86D002B832CB7985BEF3707866398E4B300C2D268D4A582E57F52FADE674F9635103D79BA1161A97E93F0D46189CA26A9DAD0545591C2551B
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.4./.0.4./.2.0.2.5. . .1.1.:.1.2.:.4.8. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-14 11-12-42-239.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.416501558580733
Encrypted:	false
SSDEEP:
MD5:	0A4941AE1B8FAD908FDFC6D4FCB8AEC7
SHA1:	8F64370BBA566DC6BF219E643BEF0F0336EEA903
SHA-256:	07922BB1A6CF350CE48807D88C3829E76527857DD020AB3937E4ECD854DC2D0D
SHA-512:	801447B20108ED4DFA90D065641B737D466613E7FD223EB1EF4250ABF8F10F9D3E1914D9E0345F1979A0FE3C4427A169028C5713DBF145F8246DD00ABB6DD0D3
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\103353d1-6bf2-4cd3-9093-08942a4989b8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	41E4C1577701197E490DA712DDC9F14F
SHA1:	1B281521FDE363BE93383E3A70B3B5C603694FB5
SHA-256:	3A1454BFF6D006ED0C078E86FAD4A7078938DE3F09E6BE3F90D65E23A15CAE26
SHA-512:	6D4F10C08CBC1061FEB62EAF54D13174FB6A3457E7A0B5B5BC1BFFB4B670F2071A4B02D9BEF6EACAA4F6EDAB8690D317E3294CC4A4D7780674490BEAD4594C0F
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\33ad12d1-5e9e-4fee-94af-6b3842169aec.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\719e6306-a346-4c16-925d-cf8fd1f3263a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	774036904FF86EB19FCE18B796528E1E
SHA1:	2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
SHA-256:	D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
SHA-512:	9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
Malicious:	false
Reputation:	unknown
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\8e69906c-3142-4a5a-8c36-d72625c07953.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\e718538b-13f7-4add-9434-fabe80c74a10.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	D1BC27E013E1129B27D3BE5F4567D495
SHA1:	D2D1B846698798C80E57917477F7B98054B48925
SHA-256:	3EF526805CA6690C3E477DFD81BFD4B28B8D82CCA8E3641C3EDA0EC37F332DDC
SHA-512:	EBCEFA11F5BC59D602D90177B460B0F0DA59534D347FFBAF1A7C78118A3A221A02284E0A34164F6C0710C1B4E88504C4A20DA69AC998B5EE613A017B208316CB
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.3, 1 pages
Entropy (8bit):	3.064403374139842
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Michelle.ullman+Ci9204030442.pdf
File size:	1'070'299 bytes
MD5:	48e127ffef6d6e7eead92eb13f8b7970
SHA1:	fbb22d11027bb5bb8d00ef07bca65b09511cc83b
SHA256:	be8cad78ede7e52f3a2b17fb716ff37ed3d7ea0e6af83bc93236cabc2a319d7f
SHA512:	f269b127016b82722c21a028b29baa230a407c309f4d48c936bc148bd0604e4f54e5642df8f317b60c78447b34ebbc116ed5ea4cb41db392a38d4028fd42b494
SSDEEP:	1536:NN+D6g1111vk11112VL1111l6D1111kv1111YzYn21mFt1:HmFt1
TLSH:	273559202F378C9CF7113976FBF28D875F526D06882D9D8626B1BE9B0238C9867C7195
File Content Preview:	%PDF-1.3.%.....3 0 obj.<</Type /Page./Parent 1 0 R./Resources 2 0 R./MediaBox [0 0 595.2799999999999727 841.8899999999999864]./Annots [.<</Type /Annot /Subtype /Link /Rect [250.8377952755905937 597.8118897637795044 344.4377952755905881 584.011889763779436

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.3
Total Entropy:	3.064403
Total Bytes:	1070299
Stream Entropy:	3.021281
Stream Bytes:	1065916
Entropy outside Streams:	5.231879
Bytes outside Streams:	4383
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	24
endobj	24
stream	5
endstream	5
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	1
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Michelle.ullman+Ci9204030442.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9e82f0f4-8e57-49ed-9d7a-539929b23c9f.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250414151244Z-327.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6624

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSIdd3e1.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-14 11-12-42-239.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Windows Analysis Report
Michelle.ullman+Ci9204030442.pdf