Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
$DS_122189.pdf

Overview

General Information

Sample name:$DS_122189.pdf
Analysis ID:1430202
MD5:cfa36c0f6cacc9c47dd1e30ea80e7701
SHA1:8932c26ac38a4537767ae0cbd6fcde32e16eac2c
SHA256:8b464491752c8edb5a64c1891c0ca07845e02648d27045356272ba2d0f7b701c

Detection

Score:22
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Monitors registry run keys for changes
Contains capabilities to detect virtual machines
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 7124 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\$DS_122189.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6408 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6460 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1584,i,18260329016989833633,5086747654802384951,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • Taskmgr.exe (PID: 5772 cmdline: "C:\Windows\system32\taskmgr.exe" /4 MD5: 58D5BC7895F7F32EE308E34F06F25DD5)
  • Taskmgr.exe (PID: 7948 cmdline: "C:\Windows\system32\taskmgr.exe" /4 MD5: 58D5BC7895F7F32EE308E34F06F25DD5)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 192.168.2.16:49710 -> 23.45.148.189:443
Source: global trafficTCP traffic: 23.45.148.189:443 -> 192.168.2.16:49710
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownTCP traffic detected without corresponding DNS query: 23.45.148.189
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: classification engineClassification label: sus22.winPDF@19/30@0/40
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6152
Source: C:\Windows\System32\Taskmgr.exeMutant created: \Sessions\1\BaseNamedObjects\Local\TM.750ce7b0-e5fd-454f-9fad-2f66513dfa1b
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 10-06-48-305.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\$DS_122189.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1584,i,18260329016989833633,5086747654802384951,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 03180FA3939529E9953500632E0DE73C
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1584,i,18260329016989833633,5086747654802384951,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4
Source: unknownProcess created: C:\Windows\System32\Taskmgr.exe "C:\Windows\system32\taskmgr.exe" /4
Source: C:\Windows\System32\Taskmgr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09c5dd34-009d-40fa-bcb9-0165ad0c15d4}\InProcServer32
Source: C:\Windows\System32\Taskmgr.exeWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: $DS_122189.pdfInitial sample: PDF keyword /JS count = 0
Source: $DS_122189.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: $DS_122189.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: $DS_122189.pdfInitial sample: PDF keyword obj count = 109

Boot Survival

barindex
Monitors registry run keys for changes
Source: C:\Windows\System32\Taskmgr.exeRegistry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Windows\System32\Taskmgr.exeRegistry key monitored: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Source: C:\Windows\System32\Taskmgr.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\Taskmgr.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\ProgramData\Microsoft\User Account Pictures\user.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Assets\SquareLogo44x44.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\System32\RuntimeBroker.exe VolumeInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\Assets\SquareLogo44x44.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\Assets\Icons\AppListIcon.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation
Source: C:\Windows\System32\Taskmgr.exeQueries volume information: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Assets\SmallLogo.scale-100.png VolumeInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Query Registry		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion		LSASS Memory1
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
Process Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets11
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
$DS_122189.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
162.159.61.3
unknownUnited States
13335CLOUDFLARENETUSfalse
23.221.240.182
unknownUnited States
8612TISCALI-ITfalse
54.227.187.23
unknownUnited States
14618AMAZON-AESUSfalse
23.45.148.189
unknownUnited States
9498BBIL-APBHARTIAirtelLtdINfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1430202
Start date and time:2024-04-23 10:06:18 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:22
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:1
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:$DS_122189.pdf
Detection:SUS
Classification:sus22.winPDF@19/30@0/40
Cookbook Comments:
  • Found application associated with file extension: .pdf

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 23.221.240.182, 54.227.187.23, 52.202.204.11, 52.5.13.197, 23.22.254.206, 162.159.61.3, 172.64.41.3
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtEnumerateKey calls found.
  • Report size getting too big, too many NtOpenFile calls found.
  • Report size getting too big, too many NtOpenKey calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4270b459-67c7-4e41-a957-f499647b88bd.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):403
Entropy (8bit):4.991744691118462
Encrypted:false
SSDEEP:
MD5:42C41C2B8C909AEE33A0AE74579FC684
SHA1:D597EB0562A1C25E19DED5DE7CA208559C7BEC8D
SHA-256:6704094A924A1A4EA67E639C1E0F63130FD023AFCD7A49FF4EA191C1120D3426
SHA-512:5C6371F1A71A6053A85CF53A3064B35F4F0B49E06F902B5118B2CF579B9E2EAFE8B73D4A98F063AC609D3C48D94D7690972AD8660EF00187AB6167E197778808
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358419618396790","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":106276},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6cfcc1.TMP (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c4da8eb5-d248-4d54-aeab-3f489e965c68.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):403
Entropy (8bit):4.953858338552356
Encrypted:false
SSDEEP:
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240423080650Z-159.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:dropped
Size (bytes):65110
Entropy (8bit):1.5502926796178695
Encrypted:false
SSDEEP:
MD5:910177B4A5DC6F3BD9C3A6614E701397
SHA1:B751D7195D96AFFD8A43E306F45CB165BF736530
SHA-256:4A378096C6F12127BF9C22DA1F15D4A68A963F5B3D25585C3DFAAE231E9C497D
SHA-512:AAA906A5950E03B3EC4528B689442DBCA38F8FD72A08D29DB6ED4FDEF70F2AFEAA3F1BF9734618E1351ABA01B5924671C14EB179178E4BB71DA4AE5465528C4E
Malicious:false
Reputation:unknown
Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:dropped
Size (bytes):57344
Entropy (8bit):3.291927920232006
Encrypted:false
SSDEEP:
MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):16928
Entropy (8bit):1.2148109902598085
Encrypted:false
SSDEEP:
MD5:98540105852BBAB3672E40B91D233EB2
SHA1:E60E7195A908A2C7A8E7B9E1DE1BB02790627AE6
SHA-256:1DE811E655BFFAEC191CE0CC250311DC22AC2F8042D497C647BCD90E125A2406
SHA-512:D26608BF207FC80B3787E9E8B2E7EFE209300D9C10B93D802C8B8D3D3086B7CF1D0953D0EDDBB2D80EB9CDBE1C2772F5D4BB9EA94E4B237672AE3F28EF2840D0
Malicious:false
Reputation:unknown
Preview:.... .c.....$S.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6152

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):185099
Entropy (8bit):5.182478651346149
Encrypted:false
SSDEEP:
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Reputation:unknown
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PostScript document text
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:94185C5850C26B3C6FC24ABC385CDA58
SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:false
Reputation:unknown
Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.385535507819151
Encrypted:false
SSDEEP:
MD5:F0A6A6E5647D8D10B265F245463C15C3
SHA1:BDD455C59CAE564B10CC137A5AFA4DAD5D18A887
SHA-256:AC1374B88381275904453019BDEFE413353EA71521A8D788F6D91BF2C13733FF
SHA-512:023836449FDBB4109CB256C08648F0D6F0435289F30178C99C2D7CA965E7FA4B26E1EA0B65FBE2674BB1669184D93D76E7B34467BA9BDDA407984104E68A559E
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.3327209406492715
Encrypted:false
SSDEEP:
MD5:E380D5551229AA5BB16B5CB17A5AD673
SHA1:5B638A94C25710EACA1910BF680AF958C3F545D1
SHA-256:DC4AB625A46E5487A03041A4D94650433F2056F0EC9FCC0C34B9B9A195ABEA8A
SHA-512:122770045CB19FFDB191F17CAB6A383CF0BC51D77B586A73BF480A535DEF9AC760016D76A0B6E35B46D4727987FE59F862D842301ED43A48F1B12AD360A55144
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.311715976044347
Encrypted:false
SSDEEP:
MD5:033F6A1E3EEC9A1BD0323D7476B9A4B7
SHA1:9FC1C5474B0FCB45E4DBAE16F7E31D975AF7B8A4
SHA-256:A462B055B757134DDCC01B6F4AFECD34604DB36D3ADF37F34AA20D85A26FA938
SHA-512:A57F72BE0CAFAA4F0A95D23D6EBEA958FDBC5EA1B838C7B20FC651FADB66428BE22D8597147CC54341F08485148822ED657109DD43C9C606F690609B498ACC43
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):285
Entropy (8bit):5.374693665735653
Encrypted:false
SSDEEP:
MD5:C71A5A07521C1706EC79B46FEDB7A37F
SHA1:8492B0FC1A270BA1B6A91CA34D1DCED708204FF2
SHA-256:538245A4EDDC53FECFC5891A0516A27E781E3C9D33EDF75D34CAB8082F8D140C
SHA-512:2F609146EFDCFEA23948C0F39B5B4D491E8307C3DF193E8AB7F4C40E3E2BDD408D9C71993F0660BDF4DBE84C933F4A81870316E7FA762956FF6973826D75874C
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.335476235267384
Encrypted:false
SSDEEP:
MD5:CEC084F1C1804E25F54F76248F1369D1
SHA1:A30CD09904C141B3F30EAC9DF282D9D76B5EFCA6
SHA-256:96F14860B2AD6616ADC62CD4C0994947E699C29680D24B2075CB084993DB0F42
SHA-512:E6502443A269095DFF743CFB24DDD306597D373F72706FCBF33920C0EBE754DF69B02AC1754C012F4420208A0061CE0A0A58CFAC3999CA480290F5E27DFDA973
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.323127156536532
Encrypted:false
SSDEEP:
MD5:5004A43A5B7A005FDAFC1AF85EDDF66D
SHA1:7E9E212EDC42838CA46AA96311A4F9E318131895
SHA-256:DA25A58939A59937F5D2DAA8074EE6C706DFEF884EA1F46BD1CC66B114C807D1
SHA-512:271BF6BD5ED7DDFA6DE3E7394C4782786EA29DCFE4B5E3C1908164A712FE3CD334258B9C6A8FC92B7B7FAB17CD83AB7EA1E5532E0B834A1D83E8F71671C07DE1
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.3255418009067235
Encrypted:false
SSDEEP:
MD5:25D5EA15A12CA7C754209F572F0853C8
SHA1:23A2453EE29D64229A088DF6A7600337B7D3D2ED
SHA-256:B2B886DCD9436BBA875E682A3C0AF55ADD25C18E40FB24B8AFEEDEE83BF6B40A
SHA-512:DDA9C9E8EF2D0CE4F6A98762F0F9B4DB4E04BB4BA34B03D91F7279C94132CEC222DCD045050416C23EA6A16DA32952FDA13E8448FA2CF7D96FBEB59FB94ED837
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.3329353725496835
Encrypted:false
SSDEEP:
MD5:1B1169EAA79E369F3836D1E9B2E6DCBC
SHA1:BE0AFEC43C33ACD58EAA0BF01AEA5DEEDF196AAF
SHA-256:85D74A8CE8D1C47A20EB3F73CE2C8F683D9984944572E16BE0489377689232D0
SHA-512:8CC2D7FD0FCA509134157EA54C844F8C9D81E78D8A61FD888349B82892FDA15D80BF47D4110B8DDC9F612F2477301CBC19766C396F7172C58ADF790239280960
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1372
Entropy (8bit):5.744194277241329
Encrypted:false
SSDEEP:
MD5:350EFCD8BE3EEDDF35A85E24B94782E5
SHA1:02C4DB117F97D324D64C6CF1292EB9BC43D4FB90
SHA-256:9862311EC6E4A501D49D2BD11C053F66F1A125D7FB20253D362C5E38A435C3D6
SHA-512:94E97C1DAACFFD0C5A6771A4793AC67D9114085C1502823F10E11401AFF3FF4A3B92164B5D6763A5C43BB844F9822136739B5E29208CC87343C06498AA310154
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.32891779962409
Encrypted:false
SSDEEP:
MD5:483D2F1EAB2A2FA3716D1145C7E3FA30
SHA1:D3A2CD74F3D0847D9A56A84968C6D80FC87F4002
SHA-256:B4621CC10F752B212473BAC9267484F336DD6ECA9572DCBC7675B47F3957FBA7
SHA-512:BB046EE994B7F6391C4BF930B879F1D235DC6E101975C68096F5663E8800A5CAAE852FFDEC61B3365641F8F0A2FAAD8324DB367111F193272BA1A4E16163CD50
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1395
Entropy (8bit):5.779735897976201
Encrypted:false
SSDEEP:
MD5:2D9ACCD30602E9FCB2C2B2B2D4A5A661
SHA1:8BAD5F03E45D337EC67AC3759CA6B0D5D5E91226
SHA-256:C397F3AE8096A8AEBD2821713C58C1586F24133BD45D40DEF5F13B0AF4E88A76
SHA-512:C62C1A7187D6C4893B7EED017FC6628B24D53806A948EC872C3720508162CD0955F7CD1D8909B5462FFF44AADE77F4FB0C6061A41693C51DFBC94D5002B85E79
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):291
Entropy (8bit):5.312266149534214
Encrypted:false
SSDEEP:
MD5:27F1188CA5BF3476A5C39B70D5F999CC
SHA1:755D9EDEF018590B4FF6C7F050418152358E89CF
SHA-256:7AC9DFE7647D93E3A0244155499605CFAFFB0CFF022201F8E1A657B2E264AADB
SHA-512:F1BDB5095E6772E2FA41407379F1F32BC7FABF81CB168B1BEC5CCED672355B077E9A1BFB8E2D1160B231B6A0F2D22744A270F7F4C001EAFE5B406B171D58E234
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):287
Entropy (8bit):5.316047735378944
Encrypted:false
SSDEEP:
MD5:F2547B62259B483148E59DF020032B6A
SHA1:5A921A3C76DA51F9C8E9FB6FC8F474AF705033F7
SHA-256:735DE05ABF22AFBDDB25BB2F3CF66FFBA86FBC0513D26134B6C01ED2390CD052
SHA-512:F5752C77DA76DEA74D5A4078B2CACD16300BF2BA7EC431B8E5A5D6BBAB6F58BF1E37BC5C3AB67384917E5BA1132AD7279AB3121D1CA4D4238C1F0A902277597C
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.335752928382237
Encrypted:false
SSDEEP:
MD5:076E9CCA851A79DA732372E76209C7BD
SHA1:9062D9A4DCB2756C2A9A1981A01324548DFA63FB
SHA-256:2D927BECB1909A1426D44BC7BBE12710A98F62737CEA3DA1A6EFD70001CB8049
SHA-512:F7DC3F88C2ACA56049EFB2C783F4F48C9F13023963DD17F0FDBAC2B02FF441166207631464B98351ED321F04DCEA43E2E9D284E797D51E35001D1939CEDDB2AF
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):286
Entropy (8bit):5.292802169613044
Encrypted:false
SSDEEP:
MD5:FE8195B11D4D3EF9A129FC1F09E39DEA
SHA1:0D15DABB3410B3824F3AFF79BF1B64CC46AF82D1
SHA-256:2B8276AB7233E59F0D49B291C2D2BFB847D0F4BE64D7FBBDF938E97EF0E26C1F
SHA-512:097F35EB06C6FCB295A140B496FDCCBB5E974C0B2FC6D20E23D3B24664A9CF8DE6DD38B57D456CE2F372D201E6E5AF60D617E979C8EE0934ABCE44DACC838E50
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):782
Entropy (8bit):5.378723564590521
Encrypted:false
SSDEEP:
MD5:F6755E7F355184BC5E1520FB8AEC39F9
SHA1:DC205A497139C7E69E6EF012FBB9B220585773A8
SHA-256:160F84A18F52EB8CD4360DB9AF86513CC3803978BCC4EF4F9205F0FC715B84A5
SHA-512:6B766BB8F4E26A15FFCCE5CAB787099C88B5EB18759982C9212D9E7B203F370ECD34B33B830142FFC13FEE2D4FB9A1FC2C84325F948CC843573E5DA0C8387394
Malicious:false
Reputation:unknown
Preview:{"analyticsData":{"responseGUID":"f53e7ff7-7b84-4ace-b1a4-232d78356392","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1714034165861,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713859610894}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Reputation:unknown
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2814
Entropy (8bit):5.133757607820949
Encrypted:false
SSDEEP:
MD5:A94B746DD6DBD540744C03AB353BCBE7
SHA1:CA089B6683B3D0E3BFB21318A864E9861D6F5B16
SHA-256:B97509C2435FD7F6DF646175F4E6C428C434AC766EC6A9E7E5F63D90D596FD26
SHA-512:C5F61153540E13A34F83D1727EA03BD6C4130A910C5485A874CC7524BA4FCB8AAD7AE1CCFA2B3612649AFB80A4A9CDC4755509B76DBF035D07D383DBB73733FF
Malicious:false
Reputation:unknown
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"b786cde8c2ccc1b36d2ecd6c774d9195","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713859610000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f88b77fe3d402d567898dfb3e2908987","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713859610000},{"id":"Edit_InApp_Aug2020","info":{"dg":"02cf12a82eb395d170593d0843c40ecd","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713859610000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"9766ae4f2e85f2f5525f9a86de8f4ff3","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713859610000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"d603d50202e00d46b03137f9e02558c6","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713859610000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"43b91e0b616588532ffdce73bd8a5431","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713859610000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:dropped
Size (bytes):12288
Entropy (8bit):0.9867372276215678
Encrypted:false
SSDEEP:
MD5:4C11EDD61DFB52EAC287E672A862DA9B
SHA1:2078F7708A5999E8036C9F6925C4C0A3B21E4778
SHA-256:39CF52A5340CB3179FF09EA93EB024226E019D4ED26CA5333565C9B43A9DB6C6
SHA-512:35F806F5EA3132AFDD6ACD4979846DAEB5D88321F8D92267050EF2C266BB455247F90A4D1846E942CD5F41501C7A9EE2EAE68DDEFF33A2572B06E576C569FBAF
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.3421902885735948
Encrypted:false
SSDEEP:
MD5:D3917F93A1648FAEE2931E3DFCDF8953
SHA1:79F0966FF737B0E50749BCE8652F2A8180F0B33A
SHA-256:BBF07D74280DA06064AF2A73BE787B250D72948FAF7EDC3C465E74943756327E
SHA-512:B246FE6626102D7B8F4F67630D5E27AFF511C7A8D7D51407809E2BFEC4F9219CD5ABA373362CCD78FBEC59273D6FBD057A55CE04DA28F55FC13A530B117D6CDE
Malicious:false
Reputation:unknown
Preview:.... .c.......M.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Download File
Process:C:\Windows\System32\Taskmgr.exe
File Type:ASCII text, with no line terminators
Category:modified
Size (bytes):4
Entropy (8bit):1.5
Encrypted:false
SSDEEP:
MD5:F49655F856ACB8884CC0ACE29216F511
SHA1:CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
SHA-256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
SHA-512:599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
Malicious:false
Reputation:unknown
Preview:EERF

C:\Users\user\AppData\Local\Temp\MSIbf043.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.5309417490522437
Encrypted:false
SSDEEP:
MD5:B8B8B460A780B85C7080D01258833658
SHA1:A78E9D881B7A75AE8BA945548D95094B145609EA
SHA-256:6486B88C7272E01DE054AB5641DB70E67A0151212621777CCF022AC3273C6BEB
SHA-512:4434DE62FD010EF8646CF338B565E3DB5B53192C8E951292752EFAD43CBB0982B1830A2572BBA07B17BD14B6EFEDB990A19D2CA06910488463125745E3F548B2
Malicious:false
Reputation:unknown
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.0.4./.2.0.2.4. . .1.0.:.0.6.:.5.3. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-23 10-06-48-305.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.353642815103214
Encrypted:false
SSDEEP:
MD5:91F06491552FC977E9E8AF47786EE7C1
SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:false
Reputation:unknown
Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29752
Entropy (8bit):5.417998646406768
Encrypted:false
SSDEEP:
MD5:6382DBFCA6CC0C144C87780D230CC58D
SHA1:7893819462B49E7A5F87AC4C150702DE12546732
SHA-256:444E51F25BA8A58CEF2AB6DA9B32D0CDF08D8C6B625CC1618E1E49FD0BCB448D
SHA-512:46565D378AD8203CD742E35851E8D6EBEA3C6CA7038C5D033037C1F26B007AC015DA3B395CC0DEB4AE4685434B4DCE67C6FAECAC252B952B7981473C6A8304CA
Malicious:false
Reputation:unknown
Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

Static File Info

General

File type:PDF document, version 1.4, 3 pages
Entropy (8bit):7.798856320987464
TrID:
  • Adobe Portable Document Format (5005/1) 100.00%
File name:$DS_122189.pdf
File size:259'549 bytes
MD5:cfa36c0f6cacc9c47dd1e30ea80e7701
SHA1:8932c26ac38a4537767ae0cbd6fcde32e16eac2c
SHA256:8b464491752c8edb5a64c1891c0ca07845e02648d27045356272ba2d0f7b701c
SHA512:9e3481c67c87b4af27cab11aa42377cf3b7f6ab12a091c6d499c66cf6c6daf587ce1d38128807dbfde24aa65e1c2b89760dd4457f3c8f99126507b4c544b752e
SSDEEP:3072:ceUHwYJxEHaubwqMVEOTGaW/a4tMON/+2ZfAoDjTWbZ5VbgYvKwxLixLUK:ceqXWbwqefT7ZON/tZfAoDjWPJixl
TLSH:4844F168A4C86DECD5A2C7F37F3DA0816B9CB327C1CD90A2996D4E935907E855CE3413
File Content Preview:%PDF-1.4..%......1 0 obj..<</Lang(fr-FR)/Pages 2 0 R /Metadata 3 0 R /Type/Catalog>>..endobj..2 0 obj..<</Kids[ 4 0 R 5 0 R 6 0 R ]/Count 3/Type/Pages>>..endobj..3 0 obj .<<./Subtype /XML./Length 1130./Type /Metadata.>>.stream.<?xpacket begin="......" i

File Icon

Icon Hash:62cc8caeb29e8ae0

Static PDF Info

General

Header:%PDF-1.4
Total Entropy:7.798856
Total Bytes:259549
Stream Entropy:7.813267
Stream Bytes:239048
Entropy outside Streams:5.095638
Bytes outside Streams:20501
Number of EOF found:1
Bytes after EOF:

Keywords Statistics

NameCount
obj109
endobj109
stream20
endstream20
xref1
trailer1
startxref1
/Page3
/Encrypt0
/ObjStm0
/URI0
/JS0
/JavaScript0
/AA0
/OpenAction0
/AcroForm0
/JBIG2Decode0
/RichMedia0
/Launch0
/EmbeddedFile0

Image Streams

IDDHASHMD5Preview
7000001000d3d3d03b5ee4937703e3d3bd4591d544f0ff858
80000000094aa2080138ac50dff1ed2337a51e4c92cc88678
9000101494a840080e4f981ef4cdbe302ab13f285d40df39f
1500020697b5290010f70c7198c11dd57573ea2b56733e44a0
160000000094aa2090ad0b4434ee73776e2d8723230a536955