Windows Analysis Report
$DS_122189.pdf

Overview

General Information

Sample name:	$DS_122189.pdf
Analysis ID:	1430202
MD5:	cfa36c0f6cacc9c47dd1e30ea80e7701
SHA1:	8932c26ac38a4537767ae0cbd6fcde32e16eac2c
SHA256:	8b464491752c8edb5a64c1891c0ca07845e02648d27045356272ba2d0f7b701c

Detection

Score:	22
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Monitors registry run keys for changes

Contains capabilities to detect virtual machines

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Queries the volume information (name, serial number etc) of a device

Classification

Signatures

Potential document exploit detected (performs HTTP gets)

Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global traffic	TCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global traffic	TCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global traffic	TCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global traffic	TCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710

Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknown	TCP traffic detected without corresponding DNS query: 23.45.148.189

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710

Source: classification engine

Classification label: sus22.winPDF@19/30@0/40

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6152

Source: C:\Windows\System32\Taskmgr.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\TM.750ce7b0-e5fd-454f-9fad-2f66513dfa1b

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 10-06-48-305.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\$DS_122189.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1584,i,18260329016989833633,5086747654802384951,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 03180FA3939529E9953500632E0DE73C
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1584,i,18260329016989833633,5086747654802384951,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4
Source: unknown	Process created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4

Source: C:\Windows\System32\Taskmgr.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09c5dd34-009d-40fa-bcb9-0165ad0c15d4}\InProcServer32

Source: C:\Windows\System32\Taskmgr.exe

Window found: window name: SysTabControl32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: $DS_122189.pdf	Initial sample: PDF keyword /JS count = 0
Source: $DS_122189.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: $DS_122189.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: $DS_122189.pdf

Initial sample: PDF keyword obj count = 109

Boot Survival

Monitors registry run keys for changes

Source: C:\Windows\System32\Taskmgr.exe	Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Windows\System32\Taskmgr.exe	Registry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Source: C:\Windows\System32\Taskmgr.exe	Registry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exe	Process information set: NOOPENFILEERRORBOX

Contains capabilities to detect virtual machines

Source: C:\Windows\System32\Taskmgr.exe

File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\ProgramData\Microsoft\User Account Pictures\user.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Assets\SquareLogo44x44.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\System32\RuntimeBroker.exe VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Assets\SquareLogo44x44.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exe	Queries volume information: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
23.221.240.182	unknown	United States	8612	TISCALI-IT	false
54.227.187.23	unknown	United States	14618	AMAZON-AESUS	false
23.45.148.189	unknown	United States	9498	BBIL-APBHARTIAirtelLtdIN	false

ID:	1430202
Product:	CloudBasic
Start time:	10:06:18
Start date:	23.04.2024
Sample:	$DS_122189.pdf
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	cfa36c0f6cacc9c47dd1e30ea80e7701
SHA1:	8932c26ac38a4537767ae0cbd6fcde32e16eac2c
SHA256:	8b464491752c8edb5a64c1891c0ca07845e02648d27045356272ba2d0f7b701c
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4270b459-67c7-4e41-a957-f499647b88bd.tmp	JSON data	42C41C2B8C909AEE33A0AE74579FC684	D597EB0562A1C25E19DED5DE7CA208559C7BEC8D	6704094A924A1A4EA67E639C1E0F63130FD023AFCD7A49FF4EA191C1120D3426
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6cfcc1.TMP (copy)	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c4da8eb5-d248-4d54-aeab-3f489e965c68.tmp	JSON data	4C313FE514B5F4E7E89329630909F8DC	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423080650Z-159.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54	910177B4A5DC6F3BD9C3A6614E701397	B751D7195D96AFFD8A43E306F45CB165BF736530	4A378096C6F12127BF9C22DA1F15D4A68A963F5B3D25585C3DFAAE231E9C497D
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2	A4D5FECEFE05F21D6F81ACF4D9A788CF	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	98540105852BBAB3672E40B91D233EB2	E60E7195A908A2C7A8E7B9E1DE1BB02790627AE6	1DE811E655BFFAEC191CE0CC250311DC22AC2F8042D497C647BCD90E125A2406
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6152	PostScript document text	94185C5850C26B3C6FC24ABC385CDA58	42F042285037B0C35BC4226D387F88C770AB5CAA	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)	PostScript document text	94185C5850C26B3C6FC24ABC385CDA58	42F042285037B0C35BC4226D387F88C770AB5CAA	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID	JSON data	F0A6A6E5647D8D10B265F245463C15C3	BDD455C59CAE564B10CC137A5AFA4DAD5D18A887	AC1374B88381275904453019BDEFE413353EA71521A8D788F6D91BF2C13733FF
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface	JSON data	E380D5551229AA5BB16B5CB17A5AD673	5B638A94C25710EACA1910BF680AF958C3F545D1	DC4AB625A46E5487A03041A4D94650433F2056F0EC9FCC0C34B9B9A195ABEA8A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface	JSON data	033F6A1E3EEC9A1BD0323D7476B9A4B7	9FC1C5474B0FCB45E4DBAE16F7E31D975AF7B8A4	A462B055B757134DDCC01B6F4AFECD34604DB36D3ADF37F34AA20D85A26FA938
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD	JSON data	C71A5A07521C1706EC79B46FEDB7A37F	8492B0FC1A270BA1B6A91CA34D1DCED708204FF2	538245A4EDDC53FECFC5891A0516A27E781E3C9D33EDF75D34CAB8082F8D140C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner	JSON data	CEC084F1C1804E25F54F76248F1369D1	A30CD09904C141B3F30EAC9DF282D9D76B5EFCA6	96F14860B2AD6616ADC62CD4C0994947E699C29680D24B2075CB084993DB0F42
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner	JSON data	5004A43A5B7A005FDAFC1AF85EDDF66D	7E9E212EDC42838CA46AA96311A4F9E318131895	DA25A58939A59937F5D2DAA8074EE6C706DFEF884EA1F46BD1CC66B114C807D1
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention	JSON data	25D5EA15A12CA7C754209F572F0853C8	23A2453EE29D64229A088DF6A7600337B7D3D2ED	B2B886DCD9436BBA875E682A3C0AF55ADD25C18E40FB24B8AFEEDEE83BF6B40A
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner	JSON data	1B1169EAA79E369F3836D1E9B2E6DCBC	BE0AFEC43C33ACD58EAA0BF01AEA5DEEDF196AAF	85D74A8CE8D1C47A20EB3F73CE2C8F683D9984944572E16BE0489377689232D0
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner	JSON data	350EFCD8BE3EEDDF35A85E24B94782E5	02C4DB117F97D324D64C6CF1292EB9BC43D4FB90	9862311EC6E4A501D49D2BD11C053F66F1A125D7FB20253D362C5E38A435C3D6
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner	JSON data	483D2F1EAB2A2FA3716D1145C7E3FA30	D3A2CD74F3D0847D9A56A84968C6D80FC87F4002	B4621CC10F752B212473BAC9267484F336DD6ECA9572DCBC7675B47F3957FBA7
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner	JSON data	2D9ACCD30602E9FCB2C2B2B2D4A5A661	8BAD5F03E45D337EC67AC3759CA6B0D5D5E91226	C397F3AE8096A8AEBD2821713C58C1586F24133BD45D40DEF5F13B0AF4E88A76
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner	JSON data	27F1188CA5BF3476A5C39B70D5F999CC	755D9EDEF018590B4FF6C7F050418152358E89CF	7AC9DFE7647D93E3A0244155499605CFAFFB0CFF022201F8E1A657B2E264AADB
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention	JSON data	F2547B62259B483148E59DF020032B6A	5A921A3C76DA51F9C8E9FB6FC8F474AF705033F7	735DE05ABF22AFBDDB25BB2F3CF66FFBA86FBC0513D26134B6C01ED2390CD052
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner	JSON data	076E9CCA851A79DA732372E76209C7BD	9062D9A4DCB2756C2A9A1981A01324548DFA63FB	2D927BECB1909A1426D44BC7BBE12710A98F62737CEA3DA1A6EFD70001CB8049
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards	JSON data	FE8195B11D4D3EF9A129FC1F09E39DEA	0D15DABB3410B3824F3AFF79BF1B64CC46AF82D1	2B8276AB7233E59F0D49B291C2D2BFB847D0F4BE64D7FBBDF938E97EF0E26C1F
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020	JSON data	F6755E7F355184BC5E1520FB8AEC39F9	DC205A497139C7E69E6EF012FBB9B220585773A8	160F84A18F52EB8CD4360DB9AF86513CC3803978BCC4EF4F9205F0FC715B84A5
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json	JSON data	A94B746DD6DBD540744C03AB353BCBE7	CA089B6683B3D0E3BFB21318A864E9861D6F5B16	B97509C2435FD7F6DF646175F4E6C428C434AC766EC6A9E7E5F63D90D596FD26
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19	4C11EDD61DFB52EAC287E672A862DA9B	2078F7708A5999E8036C9F6925C4C0A3B21E4778	39CF52A5340CB3179FF09EA93EB024226E019D4ED26CA5333565C9B43A9DB6C6
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal	SQLite Rollback Journal	D3917F93A1648FAEE2931E3DFCDF8953	79F0966FF737B0E50749BCE8652F2A8180F0B33A	BBF07D74280DA06064AF2A73BE787B250D72948FAF7EDC3C465E74943756327E
C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock	ASCII text, with no line terminators	F49655F856ACB8884CC0ACE29216F511	CB0F1F87EC0455EC349AAA950C600475AC7B7B6B	7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
C:\Users\user\AppData\Local\Temp\MSIbf043.LOG	Unicode text, UTF-16, little-endian text, with CRLF line terminators	B8B8B460A780B85C7080D01258833658	A78E9D881B7A75AE8BA945548D95094B145609EA	6486B88C7272E01DE054AB5641DB70E67A0151212621777CCF022AC3273C6BEB
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 10-06-48-305.log	ASCII text, with very long lines (393)	91F06491552FC977E9E8AF47786EE7C1	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt	ASCII text, with CRLF line terminators	6382DBFCA6CC0C144C87780D230CC58D	7893819462B49E7A5F87AC4C150702DE12546732	444E51F25BA8A58CEF2AB6DA9B32D0CDF08D8C6B625CC1618E1E49FD0BCB448D

Windows Analysis Report
$DS_122189.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Windows Analysis Report $DS_122189.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Windows Analysis Report
$DS_122189.pdf