Edit tour

Windows Analysis Report
su11ra_2_7197.PDF

Overview

General Information

Sample name:	su11ra_2_7197.PDF
Analysis ID:	1528868
MD5:	f418c65a16006215441d914ced24ebc7
SHA1:	79fff4093937c404b1f09e4f9f843924b4118d66
SHA256:	87b1e9ad626280722625a0aaaacf18c2514f663fabe961fb953e30ec945141f2
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 5548 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\su11ra_2_7197.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3788 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 1240 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1536,i,12242700170008053216,9860424687919460678,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winPDF@14/25@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5256

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 05-00-34-504.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\su11ra_2_7197.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1536,i,12242700170008053216,9860424687919460678,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1536,i,12242700170008053216,9860424687919460678,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: su11ra_2_7197.PDF	Initial sample: PDF keyword /JS count = 0
Source: su11ra_2_7197.PDF	Initial sample: PDF keyword /JavaScript count = 0

Source: su11ra_2_7197.PDF

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528868
Start date and time:	2024-10-08 10:59:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 3s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	su11ra_2_7197.PDF
Detection:	CLEAN
Classification:	clean0.winPDF@14/25@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .PDF Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 54.144.73.197, 34.193.227.236, 18.207.85.246, 172.64.41.3, 162.159.61.3, 95.101.148.135, 2.19.126.143, 2.19.126.149
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.189636457193024
Encrypted:	false
SSDEEP:	6:cGRZ+q2P92nKuAl9OmbnIFUt8LG31Zmw+LG3ZVkwO92nKuAl9OmbjLJ:cGRUv4HAahFUt8LGF/+LGX5LHAaSJ
MD5:	9ECC4FEB7873F2567E4D7EAFB22DAA3B
SHA1:	9E1B49345051119768B35151F3292465225101C0
SHA-256:	F483820C824227078039CA00E341841A3A5409F8FD7D41D20CB7F3660DA3EF1E
SHA-512:	FCBA861F38C99480C6C84BCECDFA4A98AC06FC3EAC254C77872CAA3E6343DBFCAA20F127BD50D67DF894B8E0E075B9C91E8CE85B15E5675C54E8C206378412E3
Malicious:	false
Reputation:	low
Preview:	2024/10/08-05:00:32.190 19d8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/08-05:00:32.196 19d8 Recovering log #3.2024/10/08-05:00:32.196 19d8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.189636457193024
Encrypted:	false
SSDEEP:	6:cGRZ+q2P92nKuAl9OmbnIFUt8LG31Zmw+LG3ZVkwO92nKuAl9OmbjLJ:cGRUv4HAahFUt8LGF/+LGX5LHAaSJ
MD5:	9ECC4FEB7873F2567E4D7EAFB22DAA3B
SHA1:	9E1B49345051119768B35151F3292465225101C0
SHA-256:	F483820C824227078039CA00E341841A3A5409F8FD7D41D20CB7F3660DA3EF1E
SHA-512:	FCBA861F38C99480C6C84BCECDFA4A98AC06FC3EAC254C77872CAA3E6343DBFCAA20F127BD50D67DF894B8E0E075B9C91E8CE85B15E5675C54E8C206378412E3
Malicious:	false
Reputation:	low
Preview:	2024/10/08-05:00:32.190 19d8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/08-05:00:32.196 19d8 Recovering log #3.2024/10/08-05:00:32.196 19d8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.141120831111604
Encrypted:	false
SSDEEP:	6:cGAa4q2P92nKuAl9Ombzo2jMGIFUt8LGvJZmw+LGpDkwO92nKuAl9Ombzo2jMmLJ:cGAa4v4HAa8uFUt8LGvJ/+LGpD5LHAaU
MD5:	A9B2E57930E944A2B1D6A5B7566941A6
SHA1:	72F22EEB80E16413AF5708E6E570205D87ED7E87
SHA-256:	8CBDA572FF4A706978FC082B15F7BE2C5DDEDEF57F8C2A91C2DBE5CAB89F1564
SHA-512:	E17FA481D7550095FF2B8D6444866005E58867C08C5AF0A9E1820FA833B61241E8448D59A7F9CA1A19E908D1B57FCB78F7AEAB884D264BF80D8FBEF35A0A8E75
Malicious:	false
Reputation:	low
Preview:	2024/10/08-05:00:32.441 1660 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/08-05:00:32.450 1660 Recovering log #3.2024/10/08-05:00:32.470 1660 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.141120831111604
Encrypted:	false
SSDEEP:	6:cGAa4q2P92nKuAl9Ombzo2jMGIFUt8LGvJZmw+LGpDkwO92nKuAl9Ombzo2jMmLJ:cGAa4v4HAa8uFUt8LGvJ/+LGpD5LHAaU
MD5:	A9B2E57930E944A2B1D6A5B7566941A6
SHA1:	72F22EEB80E16413AF5708E6E570205D87ED7E87
SHA-256:	8CBDA572FF4A706978FC082B15F7BE2C5DDEDEF57F8C2A91C2DBE5CAB89F1564
SHA-512:	E17FA481D7550095FF2B8D6444866005E58867C08C5AF0A9E1820FA833B61241E8448D59A7F9CA1A19E908D1B57FCB78F7AEAB884D264BF80D8FBEF35A0A8E75
Malicious:	false
Reputation:	low
Preview:	2024/10/08-05:00:32.441 1660 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/08-05:00:32.450 1660 Recovering log #3.2024/10/08-05:00:32.470 1660 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.000414071995525
Encrypted:	false
SSDEEP:	6:YHpoueHOJ3/QBRXH2a9a1o3/QBR7Y53h6ubQ+a4MS7PMVKJTnMRK3B1KF+:YH/um3a2caq3QYiubxnP7E4T3OF+
MD5:	094E8186E78F46D22F313430DAD475E0
SHA1:	57B88C51F5BA01F780FD5F95B7969E461A32A75E
SHA-256:	EA2B66BF2AEB3CA9245E81717D5D4F4E645DAB5F59124D1A1303E31434201E1A
SHA-512:	41B024FC6C4912E698197BB85873C86364E566193D7419AEFA16DBB54041BB304BA09204A60AFB1F76A3A41C6EE72CD7D0631CE334F22B9FABD1E7C3F00FF1AC
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bf60501d-c7b9-415f-802a-a5ba62a4e903.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	358
Entropy (8bit):	5.000414071995525
Encrypted:	false
SSDEEP:	6:YHpoueHOJ3/QBRXH2a9a1o3/QBR7Y53h6ubQ+a4MS7PMVKJTnMRK3B1KF+:YH/um3a2caq3QYiubxnP7E4T3OF+
MD5:	094E8186E78F46D22F313430DAD475E0
SHA1:	57B88C51F5BA01F780FD5F95B7969E461A32A75E
SHA-256:	EA2B66BF2AEB3CA9245E81717D5D4F4E645DAB5F59124D1A1303E31434201E1A
SHA-512:	41B024FC6C4912E698197BB85873C86364E566193D7419AEFA16DBB54041BB304BA09204A60AFB1F76A3A41C6EE72CD7D0631CE334F22B9FABD1E7C3F00FF1AC
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.232858389258824
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUQuHYZhOZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLa
MD5:	E5228906CF566D6A7A3FF9EEFA14D47B
SHA1:	059AB58A82980A18A0552F2A04B18C67F652C791
SHA-256:	019391B8DA9BB8C693514B2637893409765116E2FAD72D9EF362482F42AACFD1
SHA-512:	BB5D27018A9CDC382BB94688F9777C5E27B40AAC89E283910CDC2F59A90A72A1166F8B35572685CA9EA1574DE24FDC1517BBF34DC66C00570D99265AD384C90A
Malicious:	false
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.149150011268729
Encrypted:	false
SSDEEP:	6:crbEN4q2P92nKuAl9OmbzNMxIFUt8LrRNUJZmw+LrR/KzDkwO92nKuAl9OmbzNMT:crbW4v4HAa8jFUt8LrRNUJ/+LrR/aD5z
MD5:	672EC37A2AA9AADD33FCB4E040A2189D
SHA1:	E97398BF4E9BEA1077AA08D41DBD4AEBC3FDA311
SHA-256:	030BB0D6676E47AF5C0932DD87EF6A413B97CCB74B975E06875114F4138A7F28
SHA-512:	623CBEBAFBA4EF04AEF0D34C933A75823164FCBB9AE0869E5258B1FE3B291781BC1034EA0654646780F4C6AEA3294A66556F5FB9E19DE76FEC335FC96790863D
Malicious:	false
Preview:	2024/10/08-05:00:33.394 1660 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/08-05:00:33.411 1660 Recovering log #3.2024/10/08-05:00:33.420 1660 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.149150011268729
Encrypted:	false
SSDEEP:	6:crbEN4q2P92nKuAl9OmbzNMxIFUt8LrRNUJZmw+LrR/KzDkwO92nKuAl9OmbzNMT:crbW4v4HAa8jFUt8LrRNUJ/+LrR/aD5z
MD5:	672EC37A2AA9AADD33FCB4E040A2189D
SHA1:	E97398BF4E9BEA1077AA08D41DBD4AEBC3FDA311
SHA-256:	030BB0D6676E47AF5C0932DD87EF6A413B97CCB74B975E06875114F4138A7F28
SHA-512:	623CBEBAFBA4EF04AEF0D34C933A75823164FCBB9AE0869E5258B1FE3B291781BC1034EA0654646780F4C6AEA3294A66556F5FB9E19DE76FEC335FC96790863D
Malicious:	false
Preview:	2024/10/08-05:00:33.394 1660 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/08-05:00:33.411 1660 Recovering log #3.2024/10/08-05:00:33.420 1660 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241008090036Z-165.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	0.80454668930005
Encrypted:	false
SSDEEP:	96:KQVMMUNoMMfMMMMMMIAWHMMgk0r9H9Ola1jnZdvmMBHF:+Xwldp
MD5:	F5989E0B9772BF953EAB0E529B44D2F8
SHA1:	AE50266E825B63CBE45823D31CD227BFA365A4C4
SHA-256:	198B8B1D61ACCD5192B4A999FE203721C4E3BE8D62A8897A96148B0A882C9280
SHA-512:	25FEE8F1E515D6166276AAADE5BAE77F557ADDD75CC09BA3BB31445EB80C4B810462D74B499519C379EB4D00487605D7ED720D705E2B8875884554814AB92042
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5256

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	231040
Entropy (8bit):	3.370631145103289
Encrypted:	false
SSDEEP:	1536:tKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgFjrRoL+sn:MPCaJ/3AYvYwgZFoL+sn
MD5:	D75DE9F85ADFCB9420E4A4D985041A53
SHA1:	57B52E5B05F1652B08446FE126C054B81C6E8F57
SHA-256:	C45E4367C8D48BF4E5E5C50D2C4EA42D802ACFC997652CFDA4C130C25A236471
SHA-512:	6E038711A8C2A0E2E551340BAA23E9A6BF4C7D7C2578A52DDB744B142C9FFB76D7CF6F24DFE70DB9A011992AE323772FC5F69139C869B5347E2A30B65C0B586E
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2145
Entropy (8bit):	5.069920113946297
Encrypted:	false
SSDEEP:	24:YFua3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCDxiW:YlAwmWXZYEtoitbRCwu20wD+JliWxao
MD5:	DAB03E4A3222C5EFBAB4E7DF79BDC8AB
SHA1:	D380D3FA0DE97E8417BE38AA9A837D3E5C976FFC
SHA-256:	8AAD032E156638A2BD77EDB173AB213E7F6DA02E3C2327ACBB44D8ABD9397B1F
SHA-512:	33B62C4DE0B9D661F714B305BA18836C30549B7FC469E768A9450C861BDC097BF239D936AB600B2EC59F009F2B1C497C5E2C418F82ABED409C6E5A3BB1720A69
Malicious:	false
Preview:	{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1728378035000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d550de899f04b5f1cb01c3a7438d5d96","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696428962000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cfa45c7829b86b94abc8cd788add6752","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696428962000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"2dd86d6e5f99203c47dd099f6b5e82b8","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696428955000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"3ef850c86adcfefa30feaf6c5c1404b1","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1696426848000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"955b63af1bb125ce44faeb9a35adb91d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696426848000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9849789977497846
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpFNy4zJwtNBwtNbRZ6bRZ4aNyF:TVl2GL7ms6ggOVp1zutYtp6Ps
MD5:	F6DCDFF8D01057B3518BAD84F724F756
SHA1:	967EE8B289E33EE504AB81507ED3176A0C6A7854
SHA-256:	A761B1EED6DD79D42806EC02CEEDA559BEF4F47A02329CDA7E9D1ED3E01315FD
SHA-512:	8E07702F6255AF3F463F3DD6588C224837CAABD99D28AA193A385DDBF0949B76F5ECCF10AB03217B5F2F91145BFC5204D8F74902EB08775BC684D496A2B91E1E
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3390614715090752
Encrypted:	false
SSDEEP:	24:7+tSAD1RZKHs/Ds/SpFNyPzJwtNBwtNbRZ6bRZWf1RZKgqLBx/XYKQvGJF7ursM:7MSGgOVpOzutYtp6PMFqll2GL7msM
MD5:	B2446E06366577D259DC25ED8E86A15E
SHA1:	647C6B72DAF887A946B2319E9EAE9B1CBEE760C7
SHA-256:	0EF59BB04A19B1DAED736B7B5412E4CB2ABF7C122161756105438D290518C9E8
SHA-512:	EA00E442249DC14936894BA20370DAC6A93716122279691482B30467152816244933A1D18ADE37A00465ACED62F2E7EC5F98671D5847D7E1651C8ED2D8DF967B
Malicious:	false
Preview:	.... .c.....W.j.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI1b72.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.529865885204722
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ejWfPVKw:Qw946cPbiOxDlbYnuRK6NKw
MD5:	2D0FC7E1EBADF1336B950A0B058A0DC6
SHA1:	AEFE2E4A44D62E9B6988348173B93583F4C9F84A
SHA-256:	C2734751F13E26F0CB834ADA5FB3411C27C53CED309F997F6185BBF41DE3C98B
SHA-512:	75E30266953743A119F8B7A192C0F5C96741D4E7BC7574A61E1F351E0F6B1F50860163E0CCF13393E396A139951F0D077384B3E45ACB3225F3793225C34D273B
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.8./.1.0./.2.0.2.4. . .0.5.:.0.0.:.3.9. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 05-00-34-504.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.349295592536036
Encrypted:	false
SSDEEP:	384:HBlE9R4GsBaytugO3qYb9gjOeN6e7QgjE7lhP3HGVWm8Zmnm0JQ+090IxrxNxLxT:sRbFXNx
MD5:	7FE663137C970957EAC900621FD4E540
SHA1:	51522BB1B9C0C4ABFEF83DE7830354EEC5903B52
SHA-256:	3DDA9DD21D70A9F6B2E2C5942D6F4C5930C0D60C41B18D108A2DD8783AED51A9
SHA-512:	B379E23C6B520758F0AD2F15A27B7FEA845C744F092D2181D568948D022079B0ADFE2DEC28DDA9F45F177D7585F3436464259A6F6B8DB9346CA041D215418976
Malicious:	false
Preview:	SessionID=d558e7b7-2f8a-40bf-8bef-4987bb8e1366.1728378034530 Timestamp=2024-10-08T05:00:34:530-0400 ThreadID=6692 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=d558e7b7-2f8a-40bf-8bef-4987bb8e1366.1728378034530 Timestamp=2024-10-08T05:00:34:532-0400 ThreadID=6692 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=d558e7b7-2f8a-40bf-8bef-4987bb8e1366.1728378034530 Timestamp=2024-10-08T05:00:34:532-0400 ThreadID=6692 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=d558e7b7-2f8a-40bf-8bef-4987bb8e1366.1728378034530 Timestamp=2024-10-08T05:00:34:532-0400 ThreadID=6692 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=d558e7b7-2f8a-40bf-8bef-4987bb8e1366.1728378034530 Timestamp=2024-10-08T05:00:34:532-0400 ThreadID=6692 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.389586439899569
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbQ:0
MD5:	46906577EDB206E2B97CAE05F6D88553
SHA1:	84F83221167913ADCDF735F43E37F6EC10992555
SHA-256:	E88F8DC7305CA70298159A148809DF8864A71225C1EF723FD7913EF6B9888632
SHA-512:	97C731742E80F67293DB160E40984118D9302A5A079C4BD7B17C3FB5935A5E3079A696D249CA01DF4F0DC2717D86BFB361DA84F8B7CB8153DA1B86455854A729
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\2ca3d3c9-134b-43a0-9537-ed7e12eefdf8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\58b2d694-316c-461c-845c-8cec067ca4a9.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\e2a67946-5253-46a3-85cb-ec2cb7fbf6ca.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\f0419d90-a732-4c05-a860-4dac267b29f4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLcGZtwYIGNPgPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLcGZtwZGo3mlind9i4ufFXpAXkru
MD5:	3C671FDF7C9B2C94F91645F11DC9ECD0
SHA1:	56CD18C4AB744302BF5147F3B21EEACAB18ABA1C
SHA-256:	16BA6A372F18C7A16158832163EA7053DA3E8F177476C024DA42E2995BCC13BF
SHA-512:	75D8B31E7CA411F55ABCF6DDD027D710AE56CC2DA7C96DC6380E9018E8942F4702C00CED41907712180056A86F2FB40DF32B3260CEAC7C0D6B4F599835B8D700
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.3, 1 pages
Entropy (8bit):	7.7206768903254845
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	su11ra_2_7197.PDF
File size:	13'291 bytes
MD5:	f418c65a16006215441d914ced24ebc7
SHA1:	79fff4093937c404b1f09e4f9f843924b4118d66
SHA256:	87b1e9ad626280722625a0aaaacf18c2514f663fabe961fb953e30ec945141f2
SHA512:	ad6fa30727cd2ceea6e576c12a8db27b7f299687d14870b06a6798b5bf5c025079708792295e8e32e81a4621d475c809970489019af77b8e4d26deb50fd745dc
SSDEEP:	384:hDMl+lrsYAKLilJK3r9LDgZxpN2Lz/795vnEn5NeLK:hQSgYkWZQHpN23TE5Nv
TLSH:	64522C1AE90AD6D1E85E47E97F126CA21E4CB309D1C9AECA21BB0E435550FA7FC0F54C
File Content Preview:	%PDF-1.3..%....1275..1 0 obj..<<../Type /Catalog../Pages 4 0 R../Outlines 2 0 R../PageMode /UseOutlines..>>..endobj..2 0 obj..<</Type /Outlines../Count 1 /First 12 0 R /Last 12 0 R>>..endobj..3 0 obj..[/PDF /Text /ImageC]..endobj..4 0 obj..<<../Type /Page

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.3
Total Entropy:	7.720677
Total Bytes:	13291
Stream Entropy:	7.864401
Stream Bytes:	10647
Entropy outside Streams:	5.010939
Bytes outside Streams:	2644
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	12
endobj	12
stream	2
endstream	2
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 11:00:47.841650009 CEST	53	60997	1.1.1.1	192.168.2.5
Oct 8, 2024 11:00:47.966423988 CEST	53	53572	1.1.1.1	192.168.2.5

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 5548, Parent PID: 1028

General

Target ID:	0
Start time:	05:00:30
Start date:	08/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\su11ra_2_7197.PDF"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3788, Parent PID: 5548

General

Target ID:	2
Start time:	05:00:31
Start date:	08/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 1240, Parent PID: 3788

General

Target ID:	4
Start time:	05:00:32
Start date:	08/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1536,i,12242700170008053216,9860424687919460678,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report su11ra_2_7197.PDF

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bf60501d-c7b9-415f-802a-a5ba62a4e903.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241008090036Z-165.bmp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5256

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI1b72.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 05-00-34-504.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\2ca3d3c9-134b-43a0-9537-ed7e12eefdf8.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\58b2d694-316c-461c-845c-8cec067ca4a9.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\e2a67946-5253-46a3-85cb-ec2cb7fbf6ca.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\f0419d90-a732-4c05-a860-4dac267b29f4.tmp

Static File Info

General

File Icon

Static PDF Info

General

Keywords Statistics

Network Behavior

UDP Packets

Statistics

Windows Analysis Report
su11ra_2_7197.PDF