Edit tour

Windows Analysis Report
MB & Fed Docs.pdf

Overview

General Information

Sample name:	MB & Fed Docs.pdf
Analysis ID:	1431642
MD5:	752791345cb7add0b6b550b7084a0462
SHA1:	33bd2ec64ff8a6ec1700cde312393d524cdd9538
SHA256:	cb53e4d0f67225e1d24a20f2b2c5e500e19f66a94c832a305b59363a61d0e02e
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 1220 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\MB & Fed Docs.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 344 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5668 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1568,i,10842768265828006530,4991868021115319105,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean0.winPDF@14/41@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3752

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 14-53-38-860.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\MB & Fed Docs.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1568,i,10842768265828006530,4991868021115319105,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1568,i,10842768265828006530,4991868021115319105,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: MB & Fed Docs.pdf	Initial sample: PDF keyword /JS count = 0
Source: MB & Fed Docs.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: MB & Fed Docs.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431642
Start date and time:	2024-04-25 14:52:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	MB & Fed Docs.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/41@0/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.54.200.159, 54.144.73.197, 34.193.227.236, 107.22.247.231, 18.207.85.246, 162.159.61.3, 172.64.41.3, 23.34.82.7, 23.34.82.6
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com
Report size exceeded maximum capacity and may have missing behavior information.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.196928287387296
Encrypted:	false
SSDEEP:	6:TcM+q2P92nKuAl9OmbnIFUt8WqdXZmw+WyMVkwO92nKuAl9OmbjLJ:T9+v4HAahFUt8WqdX/+WfV5LHAaSJ
MD5:	D3E0DA05542AB4DAC7798DF05D9B4CE7
SHA1:	2D0A1D57456FD0B69B42D9AB1C1454BD2120B1A6
SHA-256:	068E92423C7E0A24048CAA74E306254D3FF506BA821C578671D5718596357521
SHA-512:	4BC6AABE793751D2FF72FF1F5E832979DA7551F04E9F55D18F80A892A51B841481DC162A09B50E9418C5B505921E4761EC048DC29E04D306DDF7D2993902B78F
Malicious:	false
Reputation:	low
Preview:	2024/04/25-14:53:36.545 15ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-14:53:36.546 15ac Recovering log #3.2024/04/25-14:53:36.547 15ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.196928287387296
Encrypted:	false
SSDEEP:	6:TcM+q2P92nKuAl9OmbnIFUt8WqdXZmw+WyMVkwO92nKuAl9OmbjLJ:T9+v4HAahFUt8WqdX/+WfV5LHAaSJ
MD5:	D3E0DA05542AB4DAC7798DF05D9B4CE7
SHA1:	2D0A1D57456FD0B69B42D9AB1C1454BD2120B1A6
SHA-256:	068E92423C7E0A24048CAA74E306254D3FF506BA821C578671D5718596357521
SHA-512:	4BC6AABE793751D2FF72FF1F5E832979DA7551F04E9F55D18F80A892A51B841481DC162A09B50E9418C5B505921E4761EC048DC29E04D306DDF7D2993902B78F
Malicious:	false
Reputation:	low
Preview:	2024/04/25-14:53:36.545 15ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/25-14:53:36.546 15ac Recovering log #3.2024/04/25-14:53:36.547 15ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.199938807762304
Encrypted:	false
SSDEEP:	6:TiEjL+q2P92nKuAl9Ombzo2jMGIFUt8WiN1Zmw+WibLVkwO92nKuAl9Ombzo2jM4:TiEjL+v4HAa8uFUt8Wif/+WibLV5LHAv
MD5:	A1E8A3066C55FD2125FB317AA2C9C23B
SHA1:	BB0DF5556E57CF98AAE30FBA6D580E90E9AF07E8
SHA-256:	6A3D1B7C26F199BB5809CAEE8C22B09E195CC9C79C0FDE9C341E62D1DD59E73F
SHA-512:	273B7F90B97BFC119A1F8DD6EE25A41427F256299C7A0B14CE41D7A3CE899088DCFBDF30C5E35FD5D30A1F47F45189E63C32A0819397B9B719FD1E1A8400BBC1
Malicious:	false
Reputation:	low
Preview:	2024/04/25-14:53:36.672 a7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-14:53:36.675 a7c Recovering log #3.2024/04/25-14:53:36.675 a7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.199938807762304
Encrypted:	false
SSDEEP:	6:TiEjL+q2P92nKuAl9Ombzo2jMGIFUt8WiN1Zmw+WibLVkwO92nKuAl9Ombzo2jM4:TiEjL+v4HAa8uFUt8Wif/+WibLV5LHAv
MD5:	A1E8A3066C55FD2125FB317AA2C9C23B
SHA1:	BB0DF5556E57CF98AAE30FBA6D580E90E9AF07E8
SHA-256:	6A3D1B7C26F199BB5809CAEE8C22B09E195CC9C79C0FDE9C341E62D1DD59E73F
SHA-512:	273B7F90B97BFC119A1F8DD6EE25A41427F256299C7A0B14CE41D7A3CE899088DCFBDF30C5E35FD5D30A1F47F45189E63C32A0819397B9B719FD1E1A8400BBC1
Malicious:	false
Reputation:	low
Preview:	2024/04/25-14:53:36.672 a7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/25-14:53:36.675 a7c Recovering log #3.2024/04/25-14:53:36.675 a7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.063139707842253
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZtpyhsBdOg2Hxcaq3QYiubxnP7E4T3OF+:Y2sRdsipdMHI3QYhbxP7nbI+
MD5:	E5E17D40CC284C1B5D4592AE12626152
SHA1:	49BEB4ED54AC5DEABEFABAF407B3A8EB2059410B
SHA-256:	203828E344797BE728B4B873D55E8506B801788CBF43BF0F056C96C6C04E113A
SHA-512:	3933EA94D1BE56E4D38822F27EC5777DB7BE088E236B1FBB58A2FD2BD4E030510425F6536C3DF3E5AC5169B778AC1F491F06766EEDE0272B91D128C950990CBE
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358609628407884","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":110937},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\eeb7e4f9-7b63-4d5d-846c-fc471501937d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.063139707842253
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZtpyhsBdOg2Hxcaq3QYiubxnP7E4T3OF+:Y2sRdsipdMHI3QYhbxP7nbI+
MD5:	E5E17D40CC284C1B5D4592AE12626152
SHA1:	49BEB4ED54AC5DEABEFABAF407B3A8EB2059410B
SHA-256:	203828E344797BE728B4B873D55E8506B801788CBF43BF0F056C96C6C04E113A
SHA-512:	3933EA94D1BE56E4D38822F27EC5777DB7BE088E236B1FBB58A2FD2BD4E030510425F6536C3DF3E5AC5169B778AC1F491F06766EEDE0272B91D128C950990CBE
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358609628407884","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":110937},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.246202141325017
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUSwzeSwgzzZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLi
MD5:	F1B0FAC8542AE1B2A09DE72021C1EC10
SHA1:	812C8EFD749EEE612617FE1A5E4DA0EFF13ED1CF
SHA-256:	C033D67C4EB7B4B01F3D4E33AA70FE241C33DBD603AF46AA4AED68771FEF0375
SHA-512:	6A1E4DE8D5AE93D0BD8E80812F2D0A4B72CAA48C6FA6E00EB8C3618A74A85393CDA2E6A3DCBE0F870F8DAB7C4BC9AFD1E2D22023C183ADB79F5F9596CE7639ED
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.180592863801733
Encrypted:	false
SSDEEP:	6:TWoqL+q2P92nKuAl9OmbzNMxIFUt8WWi5mj1Zmw+WWiHgLVkwO92nKuAl9OmbzNq:TqL+v4HAa8jFUt8WpmJ/+WQLV5LHAa8E
MD5:	83A9B402D688505DE094E572A561FCE1
SHA1:	63C5D4A3F07A18549108EF92C3D28DC098B17679
SHA-256:	592980976C3079B4F5803986F5AEF66E3874D90D17DD58F7D11BFC2DD103C43A
SHA-512:	376F0DD96092CAF00DDDC4BD65449352EE565B2EB1477B27177D56436B50F420D1229E5C222C284FA56945CDC4BBA52F232CE5AA141EB2ACF6E9F30EE1D5E773
Malicious:	false
Reputation:	low
Preview:	2024/04/25-14:53:37.272 a7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-14:53:37.306 a7c Recovering log #3.2024/04/25-14:53:37.322 a7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.180592863801733
Encrypted:	false
SSDEEP:	6:TWoqL+q2P92nKuAl9OmbzNMxIFUt8WWi5mj1Zmw+WWiHgLVkwO92nKuAl9OmbzNq:TqL+v4HAa8jFUt8WpmJ/+WQLV5LHAa8E
MD5:	83A9B402D688505DE094E572A561FCE1
SHA1:	63C5D4A3F07A18549108EF92C3D28DC098B17679
SHA-256:	592980976C3079B4F5803986F5AEF66E3874D90D17DD58F7D11BFC2DD103C43A
SHA-512:	376F0DD96092CAF00DDDC4BD65449352EE565B2EB1477B27177D56436B50F420D1229E5C222C284FA56945CDC4BBA52F232CE5AA141EB2ACF6E9F30EE1D5E773
Malicious:	false
Reputation:	low
Preview:	2024/04/25-14:53:37.272 a7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/25-14:53:37.306 a7c Recovering log #3.2024/04/25-14:53:37.322 a7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425125340Z-165.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	4.181458337093595
Encrypted:	false
SSDEEP:	1536:7g49FI2G2u/8fqHgAmTZ3GeCQ5sMlpL9bH1lh:7T9vS3AAm93fXi2N
MD5:	805C2EC87FC373C325878396226436F6
SHA1:	700D7C45C4E8E5598969F571BD8A23063233E54A
SHA-256:	EAA26F0098630EBD2EDE04B95B3A0B765A78F43095BDDECB873803CF725AB37A
SHA-512:	B0D6422B6A046A9B77A377DBF190B3819CADDA73432DE04AB8D123C66884A83C0D3BDFBFC59356E8C06F11057FCA0D5814796894E6699E04ACF5A00CBC1A5B43
Malicious:	false
Reputation:	low
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3752

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.3404290809688915
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJM3g98kUwPeUkwRe9:YvXKXtxe0YpW7FZGMbLUkee9
MD5:	6CF4CCB282D1D488C7F7DBFFC3AA6496
SHA1:	A9D3ED3C50E3F239A298B38156E278CA8A7EC2B5
SHA-256:	F5FDA67D030C30949451FD310ECC34B52D3BA304A9F1A920FC353EE577625548
SHA-512:	EF4F59B834050C0C82BD0B3729A058A8012A5DC7531CE4351D386DEFA833FE1D8A972D0770DCB5FA899AAEC1A007C226B00CDF8B03E2F40C8599523FDE861B16
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.277878656918835
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfBoTfXpnrPeUkwRe9:YvXKXtxe0YpW7FZGWTfXcUkee9
MD5:	4E572E71A9EA0B8646987D84C762C1FA
SHA1:	410C641572C6C76CBF0AA52A75AD7817F6CC407F
SHA-256:	720B124C61C408E95BC11E4A49371F4D6822A83EBF80C19BAAC0E4C9BABAC753
SHA-512:	F7CEF11429A237C6011F7DFBF299643E41A32F4568F1D107EE22220C3E51820B655124DF0441A9FD8D46A20D732AC0A411AE841B4EF19A4F91FC0CE5C6BEC752
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.256138152276643
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfBD2G6UpnrPeUkwRe9:YvXKXtxe0YpW7FZGR22cUkee9
MD5:	31D46920BE34E59A8276BC4F9301F77D
SHA1:	E7DB69F92B97C12333D1F938F7D803805B64B0C1
SHA-256:	91CBC69089C67C3DA52D7F6E651ADACC7482D0D92E2003D0A7AC9386C6781568
SHA-512:	4D6693CADAC398005839800917842B49A77865D2FD7D148F2DB5A777A9AEA660E1B4F15F604103E526491B480B625EFF97FAF8EAE1FD794F69DC386571526E54
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.318517246154466
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfPmwrPeUkwRe9:YvXKXtxe0YpW7FZGH56Ukee9
MD5:	4A1C4E5768111ADA4DCE9DC182F0B0C2
SHA1:	63EB8500C81C8FC0A45C74276A00DFC5423AB348
SHA-256:	58D212E2C07B04B881B458FBE1B3FBFF8FB41B7EED62F73EC63A59580EEB7F89
SHA-512:	F67260A962250FACFB38628850B5754F2FE3E15F04B780637F89700874C8DB42AB37675DB0678F4B1060BA1D746237D6978E4B0B4276FAF783219E2403006B86
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2795696900748865
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfJWCtMdPeUkwRe9:YvXKXtxe0YpW7FZGBS8Ukee9
MD5:	C1029CDC98C52514E06955B6E6F2C0C4
SHA1:	13626D0A1D0FE6643E2467BA2524EA410D05FBBA
SHA-256:	F3A77F85DA58F54C603392291CED88C925249EC42ED2FDF469F9B6EAF14D8EE0
SHA-512:	81D9591E59584AF2EDC43F4641B2390C9B764D4A58560DCC27060F23026D21CC4CBCE447A9EE377C414CF325A99C84919FABE8E81441B2951D3BE6CEBAF9B116
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.265170088041755
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJf8dPeUkwRe9:YvXKXtxe0YpW7FZGU8Ukee9
MD5:	57F8EA628CF7D40DB0781D22AE36D3F6
SHA1:	736DFC36441FB9E903B4EF82BC373ACA4BA6A8CD
SHA-256:	7B3B2D411782DB0F312A4A2DF0BBCB0DAA43336A49C82CB38805D2A862CE2386
SHA-512:	4679DB7F1CF45BA8FD11D627613F18156371E60C7733D1EA7CE44B47AE36E02E8BEDFDE42CD0180BB491DC61B3DB5285A852282B3046A1F33C34E449B2819E0C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.266153504183615
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfQ1rPeUkwRe9:YvXKXtxe0YpW7FZGY16Ukee9
MD5:	6BA9BCD316D2AD473A76D606AE1CB26D
SHA1:	2491078D7E764600C9B2AE52B064C3D27D401C24
SHA-256:	A95B1BD83468F3BECC8180516E3F91537079EB07F4DB17A14C237D813DD95FDB
SHA-512:	9955C69385D0D86CB579E2153411CA8A4EE74247C5421A317A34D2D759B51F0B2AFE5467B3975016A88BA4CFB196F5630A3DB76E6E1DA1DB45F192917533699A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.285687147229627
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfFldPeUkwRe9:YvXKXtxe0YpW7FZGz8Ukee9
MD5:	DAFAAC5EAC4251679E74A9851443EE9A
SHA1:	744AA81DB372F7B82BCC2417715C2AD4B33D8D55
SHA-256:	5996E3C2B9496307EB7AAA6B65E67C40C57375B803BC1D1BA524357B75ABA899
SHA-512:	54C783E4F2B224E901EBD8D4D56B840E371C1C73BE54C9F47D47C4A6E52EFA951B9CB1A91C9537E1D8CAADDB98E2404B69EAC3D98699E3C0D8011BB29DC6E8E1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.739136117744216
Encrypted:	false
SSDEEP:	24:Yv6XoiFFKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNX:YvIFFEgigrNt0wSJn+ns8cvFJV
MD5:	F6E6FE8104BBA3E3323EF4C7AF96174A
SHA1:	D3D6BBB03AF90348BD8925E77BE980CBAE352823
SHA-256:	10D4DF64C7FCCED29B1E2C09C478271C5CF5ECD5AC2E68EC707369C5429C513E
SHA-512:	041DA745EBDD8E5617DC2A5A66A19CEF6E62EF99C553F807348B4AE60E99B0416BFFC2FCA2613C87F82A7193EAEA023CBE1B5675612AEDE0A73514E22F033F16
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.27343607941386
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfYdPeUkwRe9:YvXKXtxe0YpW7FZGg8Ukee9
MD5:	D3EB87B101BE9A232B60B112E79A5B4E
SHA1:	D35DEE61BD16503CA2A74074613F03484B41F605
SHA-256:	63462645CB5C9B6F6BA9C49E34C30B3B96B8C44AA64AF2711B3F6718EE0CE1C1
SHA-512:	93EF59CDE4BE21B095544ED9BEB2E5EBD3862EBE8BF0793A26FB7ADB59A54D63A25BE2AFA039DD4F28142A0BD23D483F123EA5C5471128EEEF54A91B8BFA7D89
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.778084929582163
Encrypted:	false
SSDEEP:	24:Yv6XoiF4rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNP:YvIF4HgDv3W2aYQfgB5OUupHrQ9FJB
MD5:	3FE17D2B86996F03CF43A234CCA36772
SHA1:	F84CE251FF400800DFA350E3669B870E897F67C9
SHA-256:	9B0A9258C88BF3DC49D4EA7F749FBBAF37136FD99FAF5144DF7FFEE6EE85F3C7
SHA-512:	8275A7762C5A9F37194EDB085F6DBCBF93FDA1A1F10108880D896DE4E8DE8795872B81794E43A3CFB3C5DB6F1B8B0733C93CFC2EF69FFC8EC621270DE51FCAF1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.257165746988659
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfbPtdPeUkwRe9:YvXKXtxe0YpW7FZGDV8Ukee9
MD5:	149EFD5B8140D179D15E6B65269A5ADB
SHA1:	30BE5AA63D6A62C52BD60F033CA4F7E205D0BB25
SHA-256:	DF06F68FAD06238398E320723F931F12CD7D90EAC4956E1E01A49866F1CEF397
SHA-512:	1F9A99342F9D726EFC04659DCE5572D9D3161CFD5E4400028C1CEB10F1075EA1BCA292761B7EF133172FAB9462CA072CDE75D7D51C077355E39FDE9A6AAD6998
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.257821531851545
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJf21rPeUkwRe9:YvXKXtxe0YpW7FZG+16Ukee9
MD5:	B0D84D32965AC51D0DEF0F960F21D7F8
SHA1:	59812BDFF4A6C421A1CE81C3A7682EC8A8D37C48
SHA-256:	39BB84EB9321C178A6A78DB463471AC561C7CB3A709119DF2E1FBB91B85DF1F3
SHA-512:	7873A1F18DA93EEB80516EAE9A2AF03EF13AD9C03A5135F5680B3AFB130DAC5B23F7F0704501EDEC5ED517FE45776BDAE971E72D08F903B4EED692F3210C9E78
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.279977390097786
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfbpatdPeUkwRe9:YvXKXtxe0YpW7FZGVat8Ukee9
MD5:	788FD9072136004D543FB689EA7287D5
SHA1:	C86AE065BA4B418BC6B3A93C09CEF27E7D1E3503
SHA-256:	9E62C034F5DDAD4EC4952B6322A7E036BD9920E54284D9B9A328EA55AC961A67
SHA-512:	194FD09AE51639FA3106261E705C7D962E40FCE60097D6525A6E46A873D070337E21690BCB0BB3BECF354235175E1A9728EBA4E298E02A464756FB46C9E59700
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.232696072862044
Encrypted:	false
SSDEEP:	6:YEQXJ2HX6GxAPs0R+FIbRI6XVW7+0Y/uqoAvJfshHHrPeUkwRe9:YvXKXtxe0YpW7FZGUUUkee9
MD5:	98567B004733379B79849E1A715C55BB
SHA1:	18765A09BBB9BE8C4D55A972D84D77524B772D23
SHA-256:	17E7517A67EE079CD6235A0C23E857889231B5204979254AC09E498ECB071CDD
SHA-512:	C13AEEC5535C0BD5CE6E197424C5468A99C9A5BACC8D15F8790411C44C6C32B55AC425283A4390A78DEA1A897ECC352685C99EE9BF8669520F4447295C9E7CE6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.367670787872763
Encrypted:	false
SSDEEP:	12:YvXKXtxe0YpW7FZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWYU:Yv6XoiF1168CgEXX5kcIfANhu
MD5:	39884A2C1F922366A12B73080B9DBA96
SHA1:	DBCC6E0E5278AFC49E1898EC6FFF89CF4B88CB76
SHA-256:	BBA5181A05D63D3B9A79913BFA75E991CFA00027C0B1983B9922835967F9782A
SHA-512:	B730268A020F2DB596B3BE304D435241770A10E6BFFD079754FB63FE7B19B38B461E570C1A6CFDCBD6A345EC2DEC62A759A3AAF21795000C57F8D811FD9FD9A6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"7684cfed-60bf-4f4f-b557-409d775b7fc1","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714227268075,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714049623106}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.127063259564262
Encrypted:	false
SSDEEP:	24:Y6BW/EzVM8kYCc+YoeRLGbdVvaQMCayf/ZA/N4hjN5j0Svtr2jdb2LSpTBMs5J9h:Yb/wZcYdC5xR2NuNtNWdbnNMsX9h
MD5:	A85D5585D7E7C607771EF478BF30BF0A
SHA1:	5767BEF01ABD4EB73856135647245FADEC435DA3
SHA-256:	B43A61DF0DCC330545E6B4D25D08F62C74176B881D35448D31A8B64ED062D2FB
SHA-512:	0CFD04E85C9924D8673A1808E3219C9A9C59AF91D4B0B943C4C587D05BF501D79144E1DB3AEAF6DE6823DCAA23C952FA1EE6FE742AA2483ED0718334B7CDEC1B
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"9309d8ad20ecd1932b95dbc5513f97b8","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714049622000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c51d46def2f3e03a15b20639d71924f9","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714049622000},{"id":"Edit_InApp_Aug2020","info":{"dg":"8719f6e002d5803b3c074140cb40839b","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714049622000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"7b74b716a656160b0fc0ea4b9301276f","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714049622000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"fbf855d93f2035fba1e3881ef71f9af2","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714049622000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"daed34b0e4ed1b51c5915038bcaab8a2","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714049622000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9839393630296503
Encrypted:	false
SSDEEP:	24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpA54zJwtNBwtNbRZ6bRZ455F:TVl2GL7ms6ggOVpAazutYtp6Pmb
MD5:	F72B986E0C62E0A8660AB4BB06F397A3
SHA1:	A03E22007366EDB17CF0839FFB2B9CEDFC84C891
SHA-256:	7391AB2EEE4C6345EE5B03FFB2E9AF6B7E95476F4FB97725B49995A7157592FF
SHA-512:	68723CAA72E2E9443D66484DB1B03128BFC4515CD669BF7D6E0A145B48D682545C42FDB5B32ABB7B450EA2C904B17C58C97ADAC1C3461550FBA9BD3A2DE8664F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3383296164835754
Encrypted:	false
SSDEEP:	48:7MopGgOVpABzutYtp6PM3vqll2GL7ms6/a:7LOVpAMa1vqVmsR
MD5:	4C6C1A21DFBC78205E01822036C270A6
SHA1:	F49954A2F5612A198300B589BC2EF8B7AC638F48
SHA-256:	3ADE05AD2FE2E9B5BDFE62499CD9092C7E03910A9CD795A74B7B05606DF35E52
SHA-512:	BCA3C9C7AAD955A22E3E46F38A0D467263F7A80072B4FE2EF77CEC093904C92F0D191948AECEE2CCD13954BBE815423C4049FB5569A4D779DC0C354A489999F9
Malicious:	false
Preview:	.... .c........z......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI40e30.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5162684137903053
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+aRb:Qw946cPbiOxDlbYnuRKG
MD5:	F5A723D0D9D494D2FEA0486CB30DAA19
SHA1:	6B1E399A50F68747500FE0F557AAEC49335C198B
SHA-256:	44637BDF0253A4A76A0AEC730A89A8D563196B8DE621904DC2BAFF5D75BC60FA
SHA-512:	291A1F9E5F7AD4F701F0E4BE640358D44CE1116B05045B7291BFA28685770ED918F4FBF2EDB094BEF84B6625FB30C2A6EC9C1F252503E2473CDAC99061C30BCC
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.0.4./.2.0.2.4. . .1.4.:.5.3.:.4.4. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 14-53-38-860.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.366591262119228
Encrypted:	false
SSDEEP:	384:XFxsCyrefIAVidSAl9T/aD2W1uozF1rIvw280t/44uHx5elTiaT7G7GjnRYbQ4oV:6Fn
MD5:	EEEB1075ABF2CEC7A10BC0D1A13BAE3E
SHA1:	CC9F69A87945573CB165E3ED67BE5913827E6B78
SHA-256:	3705A8C414DD282AFCE1FC8DE8F4A5CF4BD7DF0E22B84142FA665C8CD906CC96
SHA-512:	50B6C8805AB25EA9A539BF332857613FC41ABECE3BC41BB75DA659152BA23B439CCF58853994988CF71AC1B8B26069A6F653CB74E2E29D093673B9760226A23C
Malicious:	false
Preview:	SessionID=a06c6498-6121-4eac-89ec-3dc6ac99bf6e.1714049618871 Timestamp=2024-04-25T14:53:38:871+0200 ThreadID=7532 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=a06c6498-6121-4eac-89ec-3dc6ac99bf6e.1714049618871 Timestamp=2024-04-25T14:53:38:893+0200 ThreadID=7532 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=a06c6498-6121-4eac-89ec-3dc6ac99bf6e.1714049618871 Timestamp=2024-04-25T14:53:38:893+0200 ThreadID=7532 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=a06c6498-6121-4eac-89ec-3dc6ac99bf6e.1714049618871 Timestamp=2024-04-25T14:53:38:893+0200 ThreadID=7532 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=a06c6498-6121-4eac-89ec-3dc6ac99bf6e.1714049618871 Timestamp=2024-04-25T14:53:38:894+0200 ThreadID=7532 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.391366039512032
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGby:m
MD5:	C1E99F946A4D00B5C89142D5AC6C45D7
SHA1:	7E4D04B45D6D390B4D61CF56970DA41DEAE5C9D6
SHA-256:	EB0544AB505DC2F4D0244A17A2CA4CA19F2D5711864BA191710EE47798D03A07
SHA-512:	1F5F4A8FE9FBA4B4973B7EF807F77CE30119E4FC6D06F74542E0CAA9162DBE286CD8CDECB77FA96A9577C59DB2D676B4D53B8676E81B9A5842F62B93185B0F3F
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\32a16445-ec0f-4ca2-b53c-98daff2b4d27.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\5f523172-3c1d-4487-a9f9-d3daaa04a2d8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
MD5:	8B9FA2EC5118087D19CFDB20DA7C4C26
SHA1:	E32D6A1829B18717EF1455B73E88D36E0410EF93
SHA-256:	4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
SHA-512:	662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\71404076-b650-4f59-b3a8-d769972dd52b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\dcc59719-1fb1-4147-b84b-0218f213728c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.5
Entropy (8bit):	7.875549098833751
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	MB & Fed Docs.pdf
File size:	4'028'742 bytes
MD5:	752791345cb7add0b6b550b7084a0462
SHA1:	33bd2ec64ff8a6ec1700cde312393d524cdd9538
SHA256:	cb53e4d0f67225e1d24a20f2b2c5e500e19f66a94c832a305b59363a61d0e02e
SHA512:	c085f2ff1a80e2bf3453f425ddc1fe787a8222d8e1ffbd151092ec3ba99bde6f3045e399c46f3bb8719fd51c8ca52358000d5da61643c072495db82eb44bd3d5
SSDEEP:	98304:zqJlKnKkCOVnBy3K2hy6zmRLFsnWOv9m9QBPfTRu+/834mtE:zqsFCUBy306zaFKHU9QBPd/83g
TLSH:	4F165D1388049B43A53997E8BE431F6C1F5A7F1CE98279FF10664DDB7E602621C9E42E
File Content Preview:	%PDF-1.5.%.....11 0 obj.<< /Type /Page. /Parent 3 0 R./Resources << /ProcSet [/PDF /ImageB /ImageC /ImageI]/XObject <</I13 13 0 R>> >>./MediaBox [0 0 612 792]/Rotate 0/Contents 12 0 R >>.endobj.12 0 obj.<< /Length 76.>>.stream.q.Q.q.W.0 0 m.612 0 l.612 79

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	7.875549
Total Bytes:	4028742
Stream Entropy:	7.875296
Stream Bytes:	4025679
Entropy outside Streams:	4.986348
Bytes outside Streams:	3063
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	23
endobj	23
stream	10
endstream	10
xref	1
trailer	1
startxref	1
/Page	4
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
13	c547737b7f7b6f88	1716ea3c611accf9e4c92c1d0bd7c180
17	7373777d7e675d58	a2f1ac99b81d643405ba07111b7dddf6
21	4d477f7f7f7f77cc	128d29dfd40586e264924ec97f95389a
25	7937777d595c00c0	e7b945e2c98675bee411593f6112afce

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 1220, Parent PID: 1028

General

Target ID:	0
Start time:	14:53:35
Start date:	25/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\MB & Fed Docs.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 344, Parent PID: 1220

General

Target ID:	2
Start time:	14:53:36
Start date:	25/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 5668, Parent PID: 344

General

Target ID:	4
Start time:	14:53:36
Start date:	25/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1568,i,10842768265828006530,4991868021115319105,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MB & Fed Docs.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\eeb7e4f9-7b63-4d5d-846c-fc471501937d.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240425125340Z-165.bmp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3752

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI40e30.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-25 14-53-38-860.log

Windows Analysis Report
MB & Fed Docs.pdf