Edit tour

Windows Analysis Report
Invoice_INV-002296.pdf

Overview

General Information

Sample name:	Invoice_INV-002296.pdf
Analysis ID:	1427906
MD5:	65ae0d0bedd02aeef55c5724c3e48f64
SHA1:	3775b87ac0b57eae65191e5f400bf43db68d8529
SHA256:	7c748acf4d4f8878aa72271c798ef2534d759a6b63188cb2e2d5f2c86a46e172
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 5780 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice_INV-002296.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 3944 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6768 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1508,i,3078186341101652738,15087718266339306583,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Invoice_INV-002296.pdf

String found in binary or memory: http://bfo.com/products/report?version=work-20200610T1518-r36819M)/CreationDate(D:20240417091858-07

Source: classification engine

Classification label: clean0.winPDF@15/40@0/0

Source: Invoice_INV-002296.pdf

Initial sample: http://bfo.com/products/report?version=work-20200610t1518-r36819m

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-18 10-29-34-576.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice_INV-002296.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1508,i,3078186341101652738,15087718266339306583,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1508,i,3078186341101652738,15087718266339306583,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Invoice_INV-002296.pdf	Initial sample: PDF keyword /JS count = 0
Source: Invoice_INV-002296.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Invoice_INV-002296.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://bfo.com/products/report?version=work-20200610T1518-r36819M)/CreationDate(D:20240417091858-07	Invoice_INV-002296.pdf	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427906
Start date and time:	2024-04-18 10:28:41 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Invoice_INV-002296.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@15/40@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.46.201.17, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 162.159.61.3, 172.64.41.3, 104.76.210.84, 104.76.210.69
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.260473234083818
Encrypted:	false
SSDEEP:	6:s6J9+q2P92nKuAl9OmbnIFUt8z6JJZmw+z6ENVkwO92nKuAl9OmbjLJ:zJ4v4HAahFUt8eJJ/+eA5LHAaSJ
MD5:	33801B7C62691B3B5A87B460D15C71C3
SHA1:	C38E65858D2EE55C80747E3B7E5230A47EE6DF37
SHA-256:	E16938307FC3852FB9D08A599D7A738A83A8971954838B8037B7F5DDEE8D553D
SHA-512:	3605C2515C0FC9255CC7AA5525318F7445C07DD255D2D98ADE139AD49F4AB3902AC43DBDED4BC85148D0DE90555688F55EFA69BF1EF9694BEC86ABF12E867EDD
Malicious:	false
Reputation:	low
Preview:	2024/04/18-10:29:33.255 738 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/18-10:29:33.255 738 Recovering log #3.2024/04/18-10:29:33.256 738 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.260473234083818
Encrypted:	false
SSDEEP:	6:s6J9+q2P92nKuAl9OmbnIFUt8z6JJZmw+z6ENVkwO92nKuAl9OmbjLJ:zJ4v4HAahFUt8eJJ/+eA5LHAaSJ
MD5:	33801B7C62691B3B5A87B460D15C71C3
SHA1:	C38E65858D2EE55C80747E3B7E5230A47EE6DF37
SHA-256:	E16938307FC3852FB9D08A599D7A738A83A8971954838B8037B7F5DDEE8D553D
SHA-512:	3605C2515C0FC9255CC7AA5525318F7445C07DD255D2D98ADE139AD49F4AB3902AC43DBDED4BC85148D0DE90555688F55EFA69BF1EF9694BEC86ABF12E867EDD
Malicious:	false
Reputation:	low
Preview:	2024/04/18-10:29:33.255 738 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/18-10:29:33.255 738 Recovering log #3.2024/04/18-10:29:33.256 738 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.141239147861906
Encrypted:	false
SSDEEP:	6:s6Ycq2P92nKuAl9Ombzo2jMGIFUt8z6tSZmw+z6tekwO92nKuAl9Ombzo2jMmLJ:z7v4HAa8uFUt8e4/+eg5LHAa8RJ
MD5:	2A369F65F5BA5C68F7F5170DE0CDB18F
SHA1:	F9AC6408C323A792C467EE02008FF87558A58365
SHA-256:	719CC8687C3365AAFD12C1ABE292798ADF537A06FA237EB62184E6DA69138143
SHA-512:	6D366818EAFEC11B0519327AE9CF519AE702F263176528E348D766DE46E28CAC36447C4B4AEAC1638EE9501982F07C5BB89C7329DF5C2CA3B87319C60FBFED9B
Malicious:	false
Reputation:	low
Preview:	2024/04/18-10:29:33.236 12a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/18-10:29:33.241 12a0 Recovering log #3.2024/04/18-10:29:33.241 12a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.141239147861906
Encrypted:	false
SSDEEP:	6:s6Ycq2P92nKuAl9Ombzo2jMGIFUt8z6tSZmw+z6tekwO92nKuAl9Ombzo2jMmLJ:z7v4HAa8uFUt8e4/+eg5LHAa8RJ
MD5:	2A369F65F5BA5C68F7F5170DE0CDB18F
SHA1:	F9AC6408C323A792C467EE02008FF87558A58365
SHA-256:	719CC8687C3365AAFD12C1ABE292798ADF537A06FA237EB62184E6DA69138143
SHA-512:	6D366818EAFEC11B0519327AE9CF519AE702F263176528E348D766DE46E28CAC36447C4B4AEAC1638EE9501982F07C5BB89C7329DF5C2CA3B87319C60FBFED9B
Malicious:	false
Reputation:	low
Preview:	2024/04/18-10:29:33.236 12a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/18-10:29:33.241 12a0 Recovering log #3.2024/04/18-10:29:33.241 12a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.0559832668513085
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZcZ62sBdOg2H2caq3QYiubxnP7E4T3OF+:Y2sRdsBSdMHJ3QYhbxP7nbI+
MD5:	4241927149FE90D02BE46C32F255B602
SHA1:	78C0A3660666605F4AA1888607B0F6F3F3FA1F76
SHA-256:	17572907E888C6C591FB98CAF3DC4D0D715A0484614FFB6C3EEE7113226FC272
SHA-512:	494269CD39C642BC02259D3FA8D7130A7B06CB589A7500E119AE6FD0CCE9266939DA24EE0068EB689E0D21AEBECC8A2AD7064EDC47A5BA3AA7A439F07B48915B
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357988984094389","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":105042},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fc0ca26f-8100-4e74-a20b-07d8f9c92949.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.0559832668513085
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZcZ62sBdOg2H2caq3QYiubxnP7E4T3OF+:Y2sRdsBSdMHJ3QYhbxP7nbI+
MD5:	4241927149FE90D02BE46C32F255B602
SHA1:	78C0A3660666605F4AA1888607B0F6F3F3FA1F76
SHA-256:	17572907E888C6C591FB98CAF3DC4D0D715A0484614FFB6C3EEE7113226FC272
SHA-512:	494269CD39C642BC02259D3FA8D7130A7B06CB589A7500E119AE6FD0CCE9266939DA24EE0068EB689E0D21AEBECC8A2AD7064EDC47A5BA3AA7A439F07B48915B
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13357988984094389","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":105042},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.239862365008524
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUzBQ0QwZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL8
MD5:	E3308A4789C41F741444659EFFBA09E0
SHA1:	3ADCD258CC84B1978B108EBDD2483B483962C0B8
SHA-256:	5E017325A6E81EFF634F89440F80D7BBB0A9832AD8C06A6C7502DDE50B234175
SHA-512:	7E4371D51D0F78B01AC2CE9835AC59D3AD94EF443A85F2D1988F625E79318F7C24C1C1756C60949D7920E12AE3A2151EB7A6422204C3E84E743DA61B9E785684
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.17786194210288
Encrypted:	false
SSDEEP:	6:s6yXEVOq2P92nKuAl9OmbzNMxIFUt8z6NZmw+z6xkwO92nKuAl9OmbzNMFLJ:zyXEVOv4HAa8jFUt8eN/+ex5LHAa84J
MD5:	27DDA9F10E1EC4BC33BEDFBF7B2B09F8
SHA1:	EA524604316A4517A1EAB4F04D113F5C7912552F
SHA-256:	00319C592EC3F758BA930AAD9282C9649B80CD58DB9976AA5EEAFE06CD89961B
SHA-512:	DC498253759DDDABB0A2D9297B737CE73AC7B049960C58B289104BD3E9C66CD7FEB8E4C380BF2D10F7EC0311F90A6A72517C7D0F9169B80E321DA6F9EA8001D4
Malicious:	false
Reputation:	low
Preview:	2024/04/18-10:29:33.785 12a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/18-10:29:33.813 12a0 Recovering log #3.2024/04/18-10:29:33.819 12a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.17786194210288
Encrypted:	false
SSDEEP:	6:s6yXEVOq2P92nKuAl9OmbzNMxIFUt8z6NZmw+z6xkwO92nKuAl9OmbzNMFLJ:zyXEVOv4HAa8jFUt8eN/+ex5LHAa84J
MD5:	27DDA9F10E1EC4BC33BEDFBF7B2B09F8
SHA1:	EA524604316A4517A1EAB4F04D113F5C7912552F
SHA-256:	00319C592EC3F758BA930AAD9282C9649B80CD58DB9976AA5EEAFE06CD89961B
SHA-512:	DC498253759DDDABB0A2D9297B737CE73AC7B049960C58B289104BD3E9C66CD7FEB8E4C380BF2D10F7EC0311F90A6A72517C7D0F9169B80E321DA6F9EA8001D4
Malicious:	false
Reputation:	low
Preview:	2024/04/18-10:29:33.785 12a0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/18-10:29:33.813 12a0 Recovering log #3.2024/04/18-10:29:33.819 12a0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240418082936Z-166.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.1661593758390136
Encrypted:	false
SSDEEP:	192:G9axncnGVUrvinP+Wdjo7h1tQJomRxtmv:GAh3depkEv
MD5:	5B49656A9300218EC09A39D74911CEB6
SHA1:	714690A4D67A0C5ED46E6978C1C56F1334D7C58B
SHA-256:	2DFE33A9A42A640B491D4C9561AA4F2360F016ADE756693305FD1CA0A694B604
SHA-512:	4F05057D081C346C353D53B61788FC27A40929D51ED896608E24BAB0E8ED8ADA42801C19083737DCB3E8A1C4B6AB6E04F84F150642279DE5DDFDE393D5B4B04F
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5144

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Reputation:	low
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.311775693773059
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJM3g98kUwPeUkwRe9:YvXKXtkkYpW7vGMbLUkee9
MD5:	99A6CC20D615E65440A2614AD7927B4A
SHA1:	B22E427B312902267A41F95F7D7ABF552F4B6E96
SHA-256:	1C8C835CDA2743860065BAA9981E8FBF37CAF85F4A0AC00C5B5A99A5070928D5
SHA-512:	14DABC8D6776DF90693DB4A6D69DE18C7ED6B917C4C754F4757A039733F8AA7001E184E2FF8BFC52A61C2E50FCCB4B02CC24605B8D9AB6A050CFD0A947654A54
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.245724686059657
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfBoTfXpnrPeUkwRe9:YvXKXtkkYpW7vGWTfXcUkee9
MD5:	927F308C133751B01BB7E11C9B38DF04
SHA1:	28E449495228AFAF037FDF506370AA8B45CDB68D
SHA-256:	FC6E2F7C0581A926045ED33DDF7720FF9C8AEAEBB86EC7B4E1F84BED8E64F1DE
SHA-512:	4937AA6B54082C934A5FE52F0099C71E5913232155B1CBA2973959395384F16D2EB6B5EFDE0B13FFD928B78CC2977606D41CBC1FC80C11C4C53E38AE9B35F043
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.224394748483881
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfBD2G6UpnrPeUkwRe9:YvXKXtkkYpW7vGR22cUkee9
MD5:	09C90F04B27EDD28E523EDDB24811D36
SHA1:	6AB7A144BD902ECAB6D649CE2CE43C4EFC6BBA0A
SHA-256:	0BA0FE370DD84452EE70A983FB168E7B4A00CB996D48078C498E2864AA9C279D
SHA-512:	6A4852AA33806899B1083BFD6CB6C7641FD0F5FA45CC70B3C4C2E146945DC5A7B4634757EACBE52EE7A3D9504489D3E21E3AFDD2A88A93D8022ED7347271E92C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.288858476951762
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfPmwrPeUkwRe9:YvXKXtkkYpW7vGH56Ukee9
MD5:	54E0530406EEAFA859838C5D64CFF98F
SHA1:	0E82C213ABA01A9C5945C4434EC8EA3FE4204417
SHA-256:	09BA7F7DF66755B93964F578EA82FBF4020BD03DECF5AC2715A65166E42AE277
SHA-512:	76E18B1C4E014894D4245C95E19F377CC613CA2C750518123F835B1D57A3BB729B305C52C7D415983428A2EC69BB43A814852B6E7A10A67AF8B329BE0CE262CF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.245679190335398
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfJWCtMdPeUkwRe9:YvXKXtkkYpW7vGBS8Ukee9
MD5:	CF6492FE7D20C8FB08D98AF2D7E104FE
SHA1:	113814B3DA2DA3690B0EBEBC62B61B0FAEF95DA0
SHA-256:	73DC31F24D3572AF42FC614BC5223454AAA203F5916386B17EC6C0C5359B53D1
SHA-512:	63D7C3700E2F5C752A6F9255D27C6459C70799403201FDBA1FC79735BAC8D3D70BC520083BF5CFEE45272A11B5369FA1ACC839A39081DD1235475875AA3F9316
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.231307491396863
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJf8dPeUkwRe9:YvXKXtkkYpW7vGU8Ukee9
MD5:	40D31D2556C18A54A4D967AFAA559489
SHA1:	1FA99B81DFBD48D9ED72A6349D5E641FC2165188
SHA-256:	AECE91E7C8E7825BF8CFAE91910E02F7D69B5DF474A82EB07D1C4518E7725E27
SHA-512:	A4E433F377605459F24EFCA086D1426B72D19DCF38F19A758F15B7A5A0118E0010CA5E2881A94D213E7FB487F13BE5ECADD99AB852579A5DB74211829A77A98E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2324518500894275
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfQ1rPeUkwRe9:YvXKXtkkYpW7vGY16Ukee9
MD5:	B11C121040D317528F8166BE571C2038
SHA1:	5EC67E4938CE7B8EAED037A77B40B3A1F4BF5905
SHA-256:	548FC6317F34598CF2C5346CEFCE3B1AA80EFCBB1C48BBAC7F8ED330ED5AE04E
SHA-512:	3CE2053DA93683A9DAA4D006FC96780DE6366A04A5C5CC88DF41489D27D749B228CC5AB08B4EA4DC839E142023671483B9B8FD6ED66F29CCC7BF12BAD806BC66
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.252278998153962
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfFldPeUkwRe9:YvXKXtkkYpW7vGz8Ukee9
MD5:	2383D172516CC8541F68318AE1B15593
SHA1:	F6DFDF1D1221C70DD2DA4B6CF82F38F2AFB6E4F8
SHA-256:	9A1D95E97D00E9AD52572BD259374E8C0BC4708D97C4278CB37C6B75AD9B6919
SHA-512:	48F3AB4F537C774CCDC8F1BEDD5C3B2B2D55AFEFE519336C70B473AD61BFF4886519191F5DAF3D7262944ED98031F3454F7011C1CEE8A88A4A57DA5F79694B5C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.734718959786559
Encrypted:	false
SSDEEP:	24:Yv6Xtk1i3KLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNZ5:YvO3EgigrNt0wSJn+ns8cvFJP5
MD5:	D8ADE5E0BD2E3CC3FDDEC6403F4C8482
SHA1:	6F35BF948B91CA0A4A568766147E27F8BDFECE48
SHA-256:	45C27D7DE9A61247205A0A41D7E6615A066766D9075E99A1D1578985957351F4
SHA-512:	64864FA187ADDD862FF94691969B2A5D649A856B5F707CDB70FE9E0BEA9F6F331779937C9F916A725C1504F716044CA3D5F3AE032E9142B58DF22FDFD67D5B7B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.239193775178807
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfYdPeUkwRe9:YvXKXtkkYpW7vGg8Ukee9
MD5:	A835B17E0E7D84C65AB357AE0268CA12
SHA1:	916BA2D146FDB4F682FD153C9FD0C126A051C74E
SHA-256:	8BD4D5400E8A3C4B937FBE014348ECCD2DAD1870D45BD646067BB05E429AAA6B
SHA-512:	E2D1311E4316C933815B7BBABCE2D3286BE8ECD39E246E06F3A75C8209ECDAF76A1E9966AE954C5FD6C487F0435416F53298BDCCD7B0ACA0CC5DB165F2A18838
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.771275124902558
Encrypted:	false
SSDEEP:	24:Yv6Xtk1iKrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNR5:YvOKHgDv3W2aYQfgB5OUupHrQ9FJr5
MD5:	1B88D7821698B39F34CDD2FFE7194D10
SHA1:	28BBA76BB24CF10E1649527D44BC718A547DB1E4
SHA-256:	406C755FD6F9355EE993361CEC853FE21F6F8C964A34271AF59022E2A74536EA
SHA-512:	3A7667EB9BE7A011CE9E6D2371E21E757046AA18C1B029C15FB943F56EB889A7E07FDB8162C38A80DF400381D54AC3E2EE804F2B154280301E7563BFE4298DAB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.223158785050755
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfbPtdPeUkwRe9:YvXKXtkkYpW7vGDV8Ukee9
MD5:	702F54B9C00B27D938306F4B895C0E6A
SHA1:	7187BC4DCE825391199C48F5DAACD673C1484156
SHA-256:	8F1A1C973D66C4F0C018CF0F6F56BA0506F238DE5FFEBFAFA9DED59DD024675D
SHA-512:	21B834C84BFF30277B9C96B7215AF8C6BDF3FD403A83B87645C20C644168690C6F3BF8FE29F2CF1DCFAFD4D115FBC8FA7FD92B340AB2AF431B95F66EF81DF6D3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.223990355377691
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJf21rPeUkwRe9:YvXKXtkkYpW7vG+16Ukee9
MD5:	77C01DDF81A34A470EEF9781356BE89D
SHA1:	2C9251AA3D1A86939EA662E6F12E5B4B7DF00BB2
SHA-256:	FB00DE8768FF52C71ABF5CC9A91EE94E2B497D4AE56096550843D45EE4CB59A2
SHA-512:	0236DAACD27748196DA57DE9F4BDC6CC3981DB474E77CB40FD84B964F66BBB0891822945A36BEB70304F30D544896BD82CBFB20303695D2DAB80CBD849D4FAC8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2465692410221205
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfbpatdPeUkwRe9:YvXKXtkkYpW7vGVat8Ukee9
MD5:	85A7C81CFF9C13CA8B21F17DAFA9FEF5
SHA1:	8A3FA99ADB88DA9DB4A7FF5A8A5AC8410A26534D
SHA-256:	C36E671F41903C6B051579F31D0B93E29C30EA223D7802FB079B065CE2792A76
SHA-512:	7306869770589BDA534F385FBC63220DC7020FAE24FF5FE2AE753DF6A62F480673C0524727847D30708C816790A2E891C3B2BFCB6428A7BFE2512B74F451D0EB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.198937488656215
Encrypted:	false
SSDEEP:	6:YEQXJ2HXtSySQS+FIbRI6XVW7+0Y3JoAvJfshHHrPeUkwRe9:YvXKXtkkYpW7vGUUUkee9
MD5:	77D097C5CD3F55A26FBE464E80D1801C
SHA1:	3DEBF01EF219E25F22539FCD8541F4A31CCA063F
SHA-256:	4C1EE0DB1A4293DBBBE61900AD4500D124BD8B324D7E5B5CAB1C3CF7C2625837
SHA-512:	8F75F78500AADC6B9546CDBD2FE273CE9D6671291990CF595DBA6E688B32D3E11A01B0DD316B72BBA23FE0A4C5F0441CB135AC94432977B7BAEA513031C2147D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.356669693613801
Encrypted:	false
SSDEEP:	12:YvXKXtkkYpW7vGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWnV5:Yv6Xtk1if168CgEXX5kcIfANh05
MD5:	BFA7D982AACB5F8E8196A1E0999035F6
SHA1:	587C044F2203EEBF27AE8294AF1DA893E5A3280E
SHA-256:	BA84C9027989E88039052743D233F7F9F2E04AC2F2599D725B57D34E985F71AC
SHA-512:	958822A8F0784F7C2B8B5DBE13D7DAEF8056AF362C7464DF6FDEF086C8D51C7CCB7230CC309A6F0687758649F9D82E149CFD434778C628A121AD6D58E1A0E8AB
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"f1fbe7fc-edad-43eb-80c3-61119ce1168a","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1713604328205,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713428978237}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.13685989365381
Encrypted:	false
SSDEEP:	24:YsJjk4LCcwzZu0cs/5Ya9ayQxfU+JkBwjOn1vj0SwH/82oS2LSqhD5cq9R2H6ulj:YsJHaz03s/GS+JrgbxSchDh9Rw
MD5:	2FEED9A7A6AA3747C19A804540155098
SHA1:	DEC74CBE2AB70195FE2025CCC75F04DBF0825BCF
SHA-256:	DDF74D6FA9B39D1A68AE6C7642D0313BBDC6FD0A6A6C02C0A5EFD54F0B1D980A
SHA-512:	4D066675D505A23041FA8019B2C1B31D80EEA3366F20F318032D5235E229BF0C3BAA078CDB643F89058A001A43678AF2168CFD8476ECB53492E2C37EBB7EF73D
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"207150380bf18fe7d3bac237cd29b20f","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713428977000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a266a557a598d39b98f24cfb4f6be04c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713428977000},{"id":"Edit_InApp_Aug2020","info":{"dg":"a224d3c76ff1b6eba3c75778884fbd7f","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713428977000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"51e0d91113d3b9d57a9f46c48a614521","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713428977000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"c2823a3e2394c24b184880ccadd19b13","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713428977000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"c814dad4fc67cf67a3c1ba2b033edfc3","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713428977000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.983625770803985
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sps44zJwtNBwtNbRZ6bRZ4D4F:TVl2GL7ms6ggOVps7zutYtp6P2k
MD5:	6C12853B7F708D362110114206C914B5
SHA1:	04F886904771FEA642B7326D49D7D3378C24EB61
SHA-256:	21F2D8B6579828667F2C9669D7B6EC088527FAB035FD2424276BD7D65D0A2CF1
SHA-512:	5A8602582F0D116ABBB50B47FDECC9B8F3347675BE6FDD47CDF9CEC4EC9FF8D156E4A4366EF6ADE25AC83A2FCCDC5DA53CABCF9AD89B75C1A4D7AE32DE3734D7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3373215025208514
Encrypted:	false
SSDEEP:	24:7+t4AD1RZKHs/Ds/Sps4PzJwtNBwtNbRZ6bRZWf1RZKmWqLBx/XYKQvGJF7ursz:7M4GgOVpsEzutYtp6PM5Wqll2GL7msz
MD5:	13F1A35969076086FB735060169375AD
SHA1:	EB2CD6384C07975169A9328AB8F643A2F97A9CF7
SHA-256:	3D597BC9211DD0BB9E7C32E201502D556C0CA155D580962F7881A17D2ADB8B08
SHA-512:	6C4FDC353C6251756352965E830F4580759D80C3436F38984D54FAA49F5B25CA031242A757DFBEC04CF9EB660159D65D3364DF5A1E1BA6BDF45F01F460F9795D
Malicious:	false
Preview:	.... .c.....W.\|.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI7a0af.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5309417490522437
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKkadNDw:Qw946cPbiOxDlbYnuRKSlw
MD5:	E33B83A380FE854E0AC750DA47C636DC
SHA1:	0D6E0323CC8562B189855063ECB96D91084E90F0
SHA-256:	0C763CE367C0A2396E3690B58CD3941D1D8B16168AC6FCF84967F2633CDAE7D3
SHA-512:	DB38168E452E29752A3A1D999F774CBF0F299611579EDC1939BBC9E746E69E64A6336C6B28F48BBF45AB9FFD297BE24B3B1D3C73EBB34689A96E0C46D9A290B9
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.8./.0.4./.2.0.2.4. . .1.0.:.2.9.:.3.9. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-18 10-29-34-576.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.376087668515795
Encrypted:	false
SSDEEP:	384:aOsfEOBe5xmgZzcOrJkl7cp1i/9X5pSKxW4aC08xML3fVIeuaTaz4zOLpjMIHvfc:vE3vU7RSHe
MD5:	42C3649A4BCC9A95A35904151592F518
SHA1:	04613F7A49703A6E4F947449B0FD3BC52E55CC79
SHA-256:	498B84C5C23A09840FDEF15F3F54038C0F9C20A931324CB6E9A3891F58BB3A65
SHA-512:	EC75E6E86C8B1D2B3D3D3A6FCC74AC5D4265E833B572191A1C0698BF4BB0A9953B29B0519E4E8D852110EBA1C19B171A44007F626B09671A2855DB8177CFC98F
Malicious:	false
Preview:	SessionID=0df5ffc5-ad5d-4360-b0e4-33c573551065.1713428974624 Timestamp=2024-04-18T10:29:34:624+0200 ThreadID=4424 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=0df5ffc5-ad5d-4360-b0e4-33c573551065.1713428974624 Timestamp=2024-04-18T10:29:34:638+0200 ThreadID=4424 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=0df5ffc5-ad5d-4360-b0e4-33c573551065.1713428974624 Timestamp=2024-04-18T10:29:34:638+0200 ThreadID=4424 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=0df5ffc5-ad5d-4360-b0e4-33c573551065.1713428974624 Timestamp=2024-04-18T10:29:34:638+0200 ThreadID=4424 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=0df5ffc5-ad5d-4360-b0e4-33c573551065.1713428974624 Timestamp=2024-04-18T10:29:34:638+0200 ThreadID=4424 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.400486251504405
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbF:J
MD5:	2ECFD80236150D1CA44CC0D81C77B22E
SHA1:	6B678B2F6C9DA25208AAE9DCBC68CB371B8D16D9
SHA-256:	EA3A69CFC59F3B8589BF11C3AE4D681ECFFB5D2DB4E5660C498558563C7ACD00
SHA-512:	2CF03943BFF97F08C2BD479B6E501CE61EA292342197538332B2BE6120FBD2221AB95B5619A8AEAB809FEAF7D697E77A3AB930A030D8E4589D61B41EC03D8200
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\3e2c4add-d7b5-44ff-8bde-f73a29c170e4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\5234bdce-1c0f-4122-9318-45257e5e3434.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\8987fdd5-0f3f-412f-981f-f4efd1bf592c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru
MD5:	AE1E8A5D3E7B2198980A0CA16DE5F3D3
SHA1:	A1DB2C58AFC81E6A114A8EB47BE0243956F79460
SHA-256:	8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
SHA-512:	5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\c7d0c299-835c-4d92-ac41-9936febf1b12.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.93906467101947
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Invoice_INV-002296.pdf
File size:	40'517 bytes
MD5:	65ae0d0bedd02aeef55c5724c3e48f64
SHA1:	3775b87ac0b57eae65191e5f400bf43db68d8529
SHA256:	7c748acf4d4f8878aa72271c798ef2534d759a6b63188cb2e2d5f2c86a46e172
SHA512:	8f36c4b37a6011b552ea0196f37eb44aeb727fb15ea1a8967cd33114911dd1bed63eb3ea83830207ba33778b15b45caad73993419a37656feb652a315aa3cb43
SSDEEP:	768:J9G+fmc20bLkj++fSffrs5aAiASuoAmyEQFOcx3XeQYlIQe4fM1MqwYI3RlCDRGX:6Am6boj++qfjsB95aQFOklY9qkzRYGhh
TLSH:	1F03E1A4CC894CCEDD4FAAC4E561B66DCA61F36AC8CA52E005AF1F676080F6C77750D2
File Content Preview:	%PDF-1.4.%.....1 0 obj.<</Type/Catalog/Pages 5 0 R/Lang(en-US)/Names 2 0 R/Metadata 4 0 R>>.endobj.2 0 obj.<</Dests 6 0 R>>.endobj.3 0 obj.<</Producer(http://bfo.com/products/report?version=work-20200610T1518-r36819M)/CreationDate(D:20240417091858-07'00')

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.939065
Total Bytes:	40517
Stream Entropy:	7.987553
Stream Bytes:	36662
Entropy outside Streams:	5.336073
Bytes outside Streams:	3855
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	24
endobj	24
stream	10
endstream	10
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
9	09392629289a92b2	35621cf51184d38c00ac144e1be009a8
18	39392629292a3a32	012bb2d8ad80e521cfe42d2b89ee8b12

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 5780, Parent PID: 1028

General

Target ID:	0
Start time:	10:29:30
Start date:	18/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice_INV-002296.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3944, Parent PID: 5780

General

Target ID:	2
Start time:	10:29:32
Start date:	18/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6768, Parent PID: 3944

General

Target ID:	4
Start time:	10:29:33
Start date:	18/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1508,i,3078186341101652738,15087718266339306583,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Invoice_INV-002296.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fc0ca26f-8100-4e74-a20b-07d8f9c92949.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240418082936Z-166.bmp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5144

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI7a0af.LOG

Windows Analysis Report
Invoice_INV-002296.pdf