Edit tour

Windows Analysis Report
#U6696#U901a.rar

Overview

General Information

Sample name:	#U6696#U901a.rar renamed because original name is a hash value
Original sample name:	.rar
Analysis ID:	1431995
MD5:	66e8c2c3f36382c5edadfdeeb68db951
SHA1:	e41cc919022006c58ae5a18b2d6453dc087a9aaf
SHA256:	d44c899f4abadd61548694a3db078895b6be973e8e3224461e1c5ac033bc31ab

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Drops files with a non-matching file extension (content does not match file extension)

Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

System is w10x64_ra

OpenWith.exe (PID: 7072 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)

7zFM.exe (PID: 5940 cmdline: "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\#U6696#U901a.rar" MD5: 30AC0B832D75598FB3EC37B6F2A8C86A)

Acrobat.exe (PID: 4064 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO43792B4F\??.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AdobeCollabSync.exe (PID: 5416 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 1360 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5416 MD5: 8A41FC5F946230805512B943C45AC9D8)

FullTrustNotifier.exe (PID: 4336 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri MD5: 92366A2F482926C3D0DD02D6F952F742)

AdobeCollabSync.exe (PID: 7056 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6536 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7056 MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 6152 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 1768 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6152 MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 3960 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 1904 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3960 MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 2120 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 2352 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2120 MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 2628 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)

AdobeCollabSync.exe (PID: 3568 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2628 MD5: 8A41FC5F946230805512B943C45AC9D8)

Acrobat.exe (PID: 4912 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO437BF08F\??-2.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6876 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3020 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2284 --field-trial-handle=1612,i,11901564035657534288,5559827856949093170,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

Acrobat.exe (PID: 1884 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO4376D6CF\??-8.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 4332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5764 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2164 --field-trial-handle=1216,i,17584164008921770117,15795344887374319695,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

Acrobat.exe (PID: 5756 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO4377A720\??-7.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 5404 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 4572 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1644,i,9793751150463550172,10423207747549681099,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: classification engine

Classification label: clean2.winRAR@76/39@0/3

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Source: C:\Windows\System32\OpenWith.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7072:120:WilError_03

Source: C:\Program Files\7-Zip\7zFM.exe

File created: C:\Users\user\AppData\Local\Temp\7zO43792B4F

Source: C:\Windows\System32\OpenWith.exe

File read: C:\Users\desktop.ini

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\7-Zip\7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\#U6696#U901a.rar"
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO43792B4F\??.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5416
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7056
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files\7-Zip\7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\#U6696#U901a.rar"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6152
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO43792B4F\??.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3960
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5416
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2120
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2628
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO437BF08F\??-2.pdf"
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO437BF08F\??-2.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2284 --field-trial-handle=1612,i,11901564035657534288,5559827856949093170,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=7056
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6152
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3960
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2120
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2628
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO4376D6CF\??-8.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2164 --field-trial-handle=1216,i,17584164008921770117,15795344887374319695,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO4377A720\??-7.pdf"
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO4376D6CF\??-8.pdf"
Source: C:\Program Files\7-Zip\7zFM.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\7zO4377A720\??-7.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1644,i,9793751150463550172,10423207747549681099,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2284 --field-trial-handle=1612,i,11901564035657534288,5559827856949093170,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2164 --field-trial-handle=1216,i,17584164008921770117,15795344887374319695,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1644,i,9793751150463550172,10423207747549681099,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: C:\Windows\System32\OpenWith.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinui.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwmapi.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: pdh.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: actxprxy.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.appdefaults.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.immersive.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uiautomationcore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dui70.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: duser.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dwrite.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47mrm.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: uianimation.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d11.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dxcore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dcomp.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: oleacc.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowmanagementapi.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: inputhost.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: thumbcache.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: appresolver.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: slc.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: tiledatarepository.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: staterepository.core.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepository.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: directmanipulation.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: ninput.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: explorerframe.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: dataexchange.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.ui.fileexplorer.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: structuredquery.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: atlthunk.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: windows.storage.search.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: linkinfo.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: twinapi.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: ntshrui.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: cscapi.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: winmm.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: networkexplorer.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: ehstorshell.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: cscui.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: pcacli.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\OpenWith.exe	Section loaded: sfc_os.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: textshaping.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: wldp.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: profapi.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: propsys.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: explorerframe.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: thumbcache.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: policymanager.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: wintypes.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: dataexchange.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: d3d11.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: dcomp.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: dxgi.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: twinapi.appcore.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: edputil.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: urlmon.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: iertutil.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: srvcli.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: netutils.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: sspicli.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: appresolver.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: slc.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: userenv.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: sppc.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: pcacli.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: mpr.dll
Source: C:\Program Files\7-Zip\7zFM.exe	Section loaded: sfc_os.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vccorlib140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: appcontracts.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cdprt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cdp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: wldp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: umpdc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: dsreg.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: msvcp110_win.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe	Section loaded: onecoreuapcommonproxystub.dll

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\OpenWith.exe

Window detected: Number of UI elements: 13

Source: #U6696#U901a.rar

Static file information: File size 4051181 > 1048576

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-19

Jump to dropped file

Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\7-Zip\7zFM.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 30000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe	Thread delayed: delay time: 86400000

Source: C:\Program Files\7-Zip\7zFM.exe

Process information queried: ProcessInformation

Source: C:\Windows\System32\OpenWith.exe

Process created: C:\Program Files\7-Zip\7zFM.exe "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\user\Desktop\#U6696#U901a.rar"

Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformation

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	11 Process Injection	11 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	11 Virtualization/Sandbox Evasion	LSASS Memory	11 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	1 File and Directory Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	12 System Information Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
#U6696#U901a.rar	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.69.128.125	unknown	United States	16625	AKAMAI-ASUS	false
23.193.120.142	unknown	United States	16625	AKAMAI-ASUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431995
Start date and time:	2024-04-26 08:15:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	36
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	#U6696#U901a.rar renamed because original name is a hash value
Original Sample Name:	.rar
Detection:	CLEAN
Classification:	clean2.winRAR@76/39@0/3

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.196.176.131
Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Timeout during stream target processing, analysis might miss dynamic analysis data

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.234337284214099
Encrypted:	false
SSDEEP:
MD5:	E8139F1DC4F181B0F69D527FB54BEE5B
SHA1:	64580B5E86AEC55A4C251552A6EAC774F900339A
SHA-256:	C9A9DCE21F3B6FB321DC59BD0AA65FFB8B3974CD391C4E4E49783EB8FA5A6E61
SHA-512:	1C231015F9C590BC0ADAF400FA76A4A41C74B253BA795C3A081EA7D74065E666FE951E64642C1DDF9F346174AEF9924D5B7ADB040788847E5F28D4034E9D2B50
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:47.375 ac8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-08:16:47.375 ac8 Recovering log #3.2024/04/26-08:16:47.375 ac8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	E8139F1DC4F181B0F69D527FB54BEE5B
SHA1:	64580B5E86AEC55A4C251552A6EAC774F900339A
SHA-256:	C9A9DCE21F3B6FB321DC59BD0AA65FFB8B3974CD391C4E4E49783EB8FA5A6E61
SHA-512:	1C231015F9C590BC0ADAF400FA76A4A41C74B253BA795C3A081EA7D74065E666FE951E64642C1DDF9F346174AEF9924D5B7ADB040788847E5F28D4034E9D2B50
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:47.375 ac8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-08:16:47.375 ac8 Recovering log #3.2024/04/26-08:16:47.375 ac8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF5ff752.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	E8139F1DC4F181B0F69D527FB54BEE5B
SHA1:	64580B5E86AEC55A4C251552A6EAC774F900339A
SHA-256:	C9A9DCE21F3B6FB321DC59BD0AA65FFB8B3974CD391C4E4E49783EB8FA5A6E61
SHA-512:	1C231015F9C590BC0ADAF400FA76A4A41C74B253BA795C3A081EA7D74065E666FE951E64642C1DDF9F346174AEF9924D5B7ADB040788847E5F28D4034E9D2B50
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:47.375 ac8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-08:16:47.375 ac8 Recovering log #3.2024/04/26-08:16:47.375 ac8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF601682.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	E8139F1DC4F181B0F69D527FB54BEE5B
SHA1:	64580B5E86AEC55A4C251552A6EAC774F900339A
SHA-256:	C9A9DCE21F3B6FB321DC59BD0AA65FFB8B3974CD391C4E4E49783EB8FA5A6E61
SHA-512:	1C231015F9C590BC0ADAF400FA76A4A41C74B253BA795C3A081EA7D74065E666FE951E64642C1DDF9F346174AEF9924D5B7ADB040788847E5F28D4034E9D2B50
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:47.375 ac8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-08:16:47.375 ac8 Recovering log #3.2024/04/26-08:16:47.375 ac8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.19048242637138
Encrypted:	false
SSDEEP:
MD5:	B7AA95E072EEB00B0430BA77BA1FE057
SHA1:	F9378E09C8C23D488D8203417F1D03B343A84EAE
SHA-256:	2CA631507A6EAC8426713EAB1A74F0C52BD654CC5AA2EA692995F23CA2C994CF
SHA-512:	D0B395F141D749603D7D547A9B6B26607968F7526FEC4275DE2DAC93871C9D8740C72CFD7ABAAC8CB4BE8C906C57BCF7E57FA16C256CBAC474D692F40BA82905
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:33.656 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/26-08:16:33.659 1bec Recovering log #3.2024/04/26-08:16:33.659 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	B7AA95E072EEB00B0430BA77BA1FE057
SHA1:	F9378E09C8C23D488D8203417F1D03B343A84EAE
SHA-256:	2CA631507A6EAC8426713EAB1A74F0C52BD654CC5AA2EA692995F23CA2C994CF
SHA-512:	D0B395F141D749603D7D547A9B6B26607968F7526FEC4275DE2DAC93871C9D8740C72CFD7ABAAC8CB4BE8C906C57BCF7E57FA16C256CBAC474D692F40BA82905
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:33.656 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/26-08:16:33.659 1bec Recovering log #3.2024/04/26-08:16:33.659 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RF5ff771.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	B7AA95E072EEB00B0430BA77BA1FE057
SHA1:	F9378E09C8C23D488D8203417F1D03B343A84EAE
SHA-256:	2CA631507A6EAC8426713EAB1A74F0C52BD654CC5AA2EA692995F23CA2C994CF
SHA-512:	D0B395F141D749603D7D547A9B6B26607968F7526FEC4275DE2DAC93871C9D8740C72CFD7ABAAC8CB4BE8C906C57BCF7E57FA16C256CBAC474D692F40BA82905
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:33.656 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/26-08:16:33.659 1bec Recovering log #3.2024/04/26-08:16:33.659 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RF6016b1.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	B7AA95E072EEB00B0430BA77BA1FE057
SHA1:	F9378E09C8C23D488D8203417F1D03B343A84EAE
SHA-256:	2CA631507A6EAC8426713EAB1A74F0C52BD654CC5AA2EA692995F23CA2C994CF
SHA-512:	D0B395F141D749603D7D547A9B6B26607968F7526FEC4275DE2DAC93871C9D8740C72CFD7ABAAC8CB4BE8C906C57BCF7E57FA16C256CBAC474D692F40BA82905
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:33.656 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/26-08:16:33.659 1bec Recovering log #3.2024/04/26-08:16:33.659 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2ec1c631-a238-44be-958f-91c8cf71d3b0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	253
Entropy (8bit):	4.931682077316122
Encrypted:	false
SSDEEP:
MD5:	13D631550B4C3B7AEA8FEECC637DA63F
SHA1:	500A24C412713ECFF2D755B7771603349CEB35FB
SHA-256:	18E4BA82B8C4D6FC312D5F960160169F03709BEDFBCF8E7619729DEFE6B5B17B
SHA-512:	0E311AF1AE9BE5C904CA0A218E39F6B13F7E428067FCC603C882B1258AAFBB642BA140F1EC2561063F4DA2D6D54BB40C2678BE888971405EF1A3185AD72A749A
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5d987c3b-62e5-42c9-a2fc-2c920aa75326.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	371
Entropy (8bit):	4.983025109414513
Encrypted:	false
SSDEEP:
MD5:	E1EA57CD30057024D342CC7A81F2052E
SHA1:	0BF4731EB98548170FC11D7314CC103525F72F61
SHA-256:	CA9ECE68EB8FE62BBE15A45EA1ACC653BBB517D024F04FF1FDD121FEF89FBE8A
SHA-512:	E55C6BBDC855F13774A5808128E9E566B1D4159A866857827A44AF982CACC292143BA3A79A0551A4EFE003173A18337A3265DDFB79EBBB15793DBCBED52097A2
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358672221190621","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	13D631550B4C3B7AEA8FEECC637DA63F
SHA1:	500A24C412713ECFF2D755B7771603349CEB35FB
SHA-256:	18E4BA82B8C4D6FC312D5F960160169F03709BEDFBCF8E7619729DEFE6B5B17B
SHA-512:	0E311AF1AE9BE5C904CA0A218E39F6B13F7E428067FCC603C882B1258AAFBB642BA140F1EC2561063F4DA2D6D54BB40C2678BE888971405EF1A3185AD72A749A
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF603390.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	13D631550B4C3B7AEA8FEECC637DA63F
SHA1:	500A24C412713ECFF2D755B7771603349CEB35FB
SHA-256:	18E4BA82B8C4D6FC312D5F960160169F03709BEDFBCF8E7619729DEFE6B5B17B
SHA-512:	0E311AF1AE9BE5C904CA0A218E39F6B13F7E428067FCC603C882B1258AAFBB642BA140F1EC2561063F4DA2D6D54BB40C2678BE888971405EF1A3185AD72A749A
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4288
Entropy (8bit):	5.228974394625382
Encrypted:	false
SSDEEP:
MD5:	D2F67068F5C75ED279697E4A373F360C
SHA1:	8045DA6435857590BA8A07875331DB70E02C8F9F
SHA-256:	57EFEE534E6C33E13427624E76EB361E2A7AF7E6863C003FC364EDE2E2574A53
SHA-512:	2437598C25586FEF4B134DAEDDF3CF53833392ACFCA9C07206130199A8603F9C2FF4FFA4E9F846A68181870054BEC09F9C05CAE1417906CA8ECD9470A5C21460
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.21541091314194
Encrypted:	false
SSDEEP:
MD5:	850011D70B68EBF5ADB0FFE92C662263
SHA1:	05B065323B4E2602EF4E8BF23392AFADD04CB9ED
SHA-256:	5F1813BA1C2DB555A2582415889858C386329A3F8D816DF54FC80B5F324378DB
SHA-512:	B1E2BB104B1B30296B1025EBA672F5C6569D2B729A8E52275C83217B81C2D62918F39BDD97AF00BD0A633F1F0C3E3609C972755F9FE62853034FE92372D79131
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:33.784 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/26-08:16:33.787 1bec Recovering log #3.2024/04/26-08:16:33.789 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	850011D70B68EBF5ADB0FFE92C662263
SHA1:	05B065323B4E2602EF4E8BF23392AFADD04CB9ED
SHA-256:	5F1813BA1C2DB555A2582415889858C386329A3F8D816DF54FC80B5F324378DB
SHA-512:	B1E2BB104B1B30296B1025EBA672F5C6569D2B729A8E52275C83217B81C2D62918F39BDD97AF00BD0A633F1F0C3E3609C972755F9FE62853034FE92372D79131
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:33.784 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/26-08:16:33.787 1bec Recovering log #3.2024/04/26-08:16:33.789 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF5ff790.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	850011D70B68EBF5ADB0FFE92C662263
SHA1:	05B065323B4E2602EF4E8BF23392AFADD04CB9ED
SHA-256:	5F1813BA1C2DB555A2582415889858C386329A3F8D816DF54FC80B5F324378DB
SHA-512:	B1E2BB104B1B30296B1025EBA672F5C6569D2B729A8E52275C83217B81C2D62918F39BDD97AF00BD0A633F1F0C3E3609C972755F9FE62853034FE92372D79131
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:33.784 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/26-08:16:33.787 1bec Recovering log #3.2024/04/26-08:16:33.789 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF6016ff.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	850011D70B68EBF5ADB0FFE92C662263
SHA1:	05B065323B4E2602EF4E8BF23392AFADD04CB9ED
SHA-256:	5F1813BA1C2DB555A2582415889858C386329A3F8D816DF54FC80B5F324378DB
SHA-512:	B1E2BB104B1B30296B1025EBA672F5C6569D2B729A8E52275C83217B81C2D62918F39BDD97AF00BD0A633F1F0C3E3609C972755F9FE62853034FE92372D79131
Malicious:	false
Reputation:	unknown
Preview:	2024/04/26-08:16:33.784 1bec Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/26-08:16:33.787 1bec Recovering log #3.2024/04/26-08:16:33.789 1bec Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	0.08728080750134917
Encrypted:	false
SSDEEP:
MD5:	863BB379B267B2404CB64A3BC9B4A650
SHA1:	139EDCE2C64569B81175543D1DE743EF474F4432
SHA-256:	F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C
SHA-512:	6AFF907DDAFC78AF2186F58D7102A88527BCE5473D72C03607EFC49C56ABAA157191D391A1ED9350CC058E9BB37040C29DBA9E3A668F640DE0100A639F1D2F51
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.28499812076190567
Encrypted:	false
SSDEEP:
MD5:	183DA03613A889A3C5393AB5BCF722E8
SHA1:	F4358ECC441725DD93CDA386BF6AEED428DACE7B
SHA-256:	3F16F171C12419F3FC9841B57EF8C2BB5AD3F53B18364226322870571F7FE770
SHA-512:	FDE26753B9ACA50EE52E4F38941C30C613A5B66AB56F0DB832F075543CC44D2A7959D86D0585C1A6A3A8E2D35EE3F9F10AA90D2D3FFE756387C7A60EC3AB6974
Malicious:	false
Reputation:	unknown
Preview:	.... .c.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.06099776903883222
Encrypted:	false
SSDEEP:
MD5:	0E6036EAC5BED8BDCBBAB98B67C7E808
SHA1:	605DAB244FF7BCD127BE74E75566C77925430478
SHA-256:	16BF108FE099DF6B47785140D98BE8148B457E6F0C48AF410D217E98901937C5
SHA-512:	751575A581A7EB634836B36C137D01D3BEA6742AF083D4442830CF9D0A9A062A303AEC06E4D7134129DD61B7906B60B154F7DAB5736F46E4D1384EF9C0AD4A23
Malicious:	false
Reputation:	unknown
Preview:	..-......................}h;,..(;.fH>..i.\|......-......................}h;,..(;.fH>..i.\|............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	119512
Entropy (8bit):	0.964302484618932
Encrypted:	false
SSDEEP:
MD5:	C8CBF7DE4FDD2D43FD3249DA2996BB5E
SHA1:	103066683915613681A598BFFA03745099C169FB
SHA-256:	34216A29597625C934949AFCCDA1B87B6A734D78E41E902F64B6348E8D4AF675
SHA-512:	75CA2D38CABDA74E03F29D36C3A83428C5CD704D42E5B25DDF113C418A43EF5D0D26F5CC826F2FB31C1F82400DF2A55006167D8DF82DF681C5C3AFC15DDE4EAA
Malicious:	false
Reputation:	unknown
Preview:	7....-..........(;.fH>..;.>;.T(........(;.fH>..1*fa..6.SQLite format 3......@ ..........................................................................c....................A...}...~...............D....................................................?...S-..indexsqlite_autoindex_pending_requests_1pending_requests..<...++../tabledevice_mappingsdevice_mappings.CREATE TABLE device_mappings ( .device_mapping_id TEXT PRIMARY KEY NOT NULL, .content_item_id TEXT NOT NULL, .content_item_type TEXT NOT NULL, .include_rel_types TEXT DEFAULT NULL, .include_depth INTEGER DEFAULT 0 NOT NULL, .branch TEXT DEFAULT NULL, .device_mapping_created TIMESTAMP DEFAULT (strftime('%s', 'now')) NOT NULL, .collection_id TEXT DEFAULT NULL, .TTL INTEGER DEFAULT 0 NOT NULL, .Priority INTEGER DEFAULT 0 NOT NULL, .app_info TEXT NOT NULL, .unPinned INTEGER DEFAULT 0 NOT NULL, .UNIQUE (content_item_id, branch))=...Q+..indexsqlite_autoindex_device_mappings_2device_mappings.=...Q+..indexsqlite_autoindex_device_mappings

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-04-26.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2420
Entropy (8bit):	5.155347277917015
Encrypted:	false
SSDEEP:
MD5:	062018179CDE4CB39AF24E6646507CAE
SHA1:	401F8DFCBC586CBB1F563B682049839555DD8C33
SHA-256:	2E284F678FF6A45603EB5BB6D9132800EB595DC568C3AB8825F7ABC19954E53F
SHA-512:	F0AEC2AF7E7A2DCE5787565FE96564C0AA5DB2656A9091F1C611E0CEF05739F3CEAFE2C85737E7DBB9A9EB0663C2967C594320487E0E47E802E40180928C7F00
Malicious:	false
Reputation:	unknown
Preview:	20240426-081653.844: t=0190: Info: app: Begin Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20240426-081653.844: t=0190: Info: app: End Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20240426-081653.844: t=08a4: Info: AppShell: End start (AppShell.cpp.musync::AppShell::startup.173)..20240426-081653.860: t=08a4: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20240426-081653.860: t=08a4: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20240426-081653.860: t=08a4: Info: Cosylib: getEntityClient (CosyLibImpl.h.cosylib::CosyLibImpl::getEntityClient.166)..20240426-081653.860: t=08a4: Info: ES::cosylib: EntityClientImpl::getRegisteredLoginInfo : (EntityClientImpl.cpp.cosylib::EntityClientImpl::getRegisteredLoginInfo.944)..20240426-081653.860: t=08a4: Info: ES::cosylib: RequestHandle :

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 8, cookie 0x3, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.36835287347338636
Encrypted:	false
SSDEEP:
MD5:	F391306DD8BAA3198B26D3C80A906E19
SHA1:	6CD1B24D186F1CC68BF9097177DA5676C4A56422
SHA-256:	62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680
SHA-512:	5AD524078462D761F0F01933EBFC3714B44C93296BD4EDAB34B59CB833D1D9334CE830E196D2BD2BDA82837914E91B2B53E848EDC9BD04B7EDCC31D7DFD9DD53
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......2........h...2................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-19

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	PDF document, version 1.6 (zip deflate encoded)
Category:	dropped
Size (bytes):	3752458
Entropy (8bit):	7.993825685020828
Encrypted:	true
SSDEEP:
MD5:	EACF7FAE6113CA0DC6577BF4A0B4CF8C
SHA1:	A070901FB29267AAA25E1F85F77BFED1B3EF8446
SHA-256:	F0CBB9BED3F12EA767EE9572AEFDEA89338643B6B803B180F3C494A83745E83F
SHA-512:	9EF45A231319F1B86F7FC9A2F15048A3D28BED9E8FCC6007921AD9AD2DAE9D9B3C3B0EE15CEFBB9D80AF8059C4BCB0ED5CD2EBA4D4E3B27B29E6146F8EB9E22A
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.6.%......18 0 obj.<</Linearized 1/L 3752458/O 20/E 36618/N 1/T 3752139/H [ 454 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<D371CD948250D4409F6F20834E0EEB33><A489BE87DAC856408694A9BF2B37C728>]/Index[18 11]/Info 17 0 R/Length 49/Prev 3752140/Root 19 0 R/Size 29/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`....M@...Ht....y.L...@b..H...............endstream.endobj.startxref..0..%%EOF.. ..28 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``.`.........Y.8.8.......A...s#.r.......B3.h.......i..`...?.+c.b1....Gu.@.6.K..P.......V....endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 26 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources<<>>/Rotate 0/Type/Page>>.endobj.21 0 obj.<</ByteRange[ 0 1044 35594 3716864]

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 36, database pages 23, cookie 0x11, schema 4, UTF-8, version-valid-for 36
Category:	modified
Size (bytes):	94208
Entropy (8bit):	1.5681553253073213
Encrypted:	false
SSDEEP:
MD5:	B14D5214C5934720DA7429FB6713F561
SHA1:	756A2F88EDA0CAA1F60E887BFF530F0CB894E008
SHA-256:	B94CC15BF31DB5A4AFD143CB3AFB17B2B1834CB15D5F5AFA77495A78E060BDC1
SHA-512:	B4A22D484AFCDD10EF3E33623AE1F9FBC7F1F0FBD428289B3C9EF7D23BF91877508F834AF800787EE89834B07EB4DBEC8E4F0D864345DF76E98A3937817EBAFB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...$...................................................................$..c......................7...4.....d...k.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z...-%.qindexdependencies_diddependencies.CREATE INDEX dependencies_did o

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	SQLite Rollback Journal
Category:	modified
Size (bytes):	37448
Entropy (8bit):	2.113384289884118
Encrypted:	false
SSDEEP:
MD5:	DF337DAFB760C030F394AB85E29D4316
SHA1:	3EE7C5E5F83BBC7A309FB2CC9CECC4678BB2ABC8
SHA-256:	46FB0E577AE8EB8BD42E912C3AFBC1173544DD6B311701704B0BA89CF0F25FD7
SHA-512:	4AB01378EC2282A4BFD1ACCEB35BAE2D4063096B331AD7260E2264E53BCB7932A10D82FDC28EAB5467065C6D9A584C4579836EAC81B0CC9D3BD9ACB8AA9FA094
Malicious:	false
Reputation:	unknown
Preview:	.... .c......Pu...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................m.C. ...............c.A..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-19 (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	PDF document, version 1.6 (zip deflate encoded)
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	EACF7FAE6113CA0DC6577BF4A0B4CF8C
SHA1:	A070901FB29267AAA25E1F85F77BFED1B3EF8446
SHA-256:	F0CBB9BED3F12EA767EE9572AEFDEA89338643B6B803B180F3C494A83745E83F
SHA-512:	9EF45A231319F1B86F7FC9A2F15048A3D28BED9E8FCC6007921AD9AD2DAE9D9B3C3B0EE15CEFBB9D80AF8059C4BCB0ED5CD2EBA4D4E3B27B29E6146F8EB9E22A
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.6.%......18 0 obj.<</Linearized 1/L 3752458/O 20/E 36618/N 1/T 3752139/H [ 454 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<D371CD948250D4409F6F20834E0EEB33><A489BE87DAC856408694A9BF2B37C728>]/Index[18 11]/Info 17 0 R/Length 49/Prev 3752140/Root 19 0 R/Size 29/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`....M@...Ht....y.L...@b..H...............endstream.endobj.startxref..0..%%EOF.. ..28 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``.`.........Y.8.8.......A...s#.r.......B3.h.......i..`...?.+c.b1....Gu.@.6.K..P.......V....endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 26 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources<<>>/Rotate 0/Type/Page>>.endobj.21 0 obj.<</ByteRange[ 0 1044 35594 3716864]

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1036

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	DIY-Thermocam raw data (Lepton 3.x), scale 16384-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, userbration: offset 0.000000, slope 2.800000
Category:	dropped
Size (bytes):	236401
Entropy (8bit):	3.3540176897974336
Encrypted:	false
SSDEEP:
MD5:	8129F04436D4C24A3AC12C9089841AD4
SHA1:	23F223CC88F4CC695934933EB8EB8BF764A0C8F4
SHA-256:	0D966C7921811E36E05A2EC8C8BD68D6B37CE2BD11CD4ED04F6D443DA01AB222
SHA-512:	8437B4018551A06A42882A2382932CB5E77FB74261A3C197CF3B9F9E2A51573063CB060295A4B87ADFA6816EB06BAE4503695A51798E9152F50C9AB9354A4082
Malicious:	false
Reputation:	unknown
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.144452512608312
Encrypted:	false
SSDEEP:
MD5:	5EB2DCF6880ECD79589128247908F2A7
SHA1:	E657CD32BBD06CBED25F7F00B171EB7AE07EEAF7
SHA-256:	4BEBB236F3D0975229C8FD913DC9A31332D555E8FD014A95B8FF2C538AB2CB6C
SHA-512:	785C099AF7590C2F69439353C27603FF3BE315AED62628E413CD16791BA517907651FD0A433383E04778E22F8829625BE012F4593681AE14E495F710FA0C088F
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f44756c6e08822e64c0e471a2499e34d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696585148000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e8f53b6740aba22a83a1a569cebedbcc","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696585148000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"7f7864d14ddfb32712806b54466336e7","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":5220,"ts":1696585148000},{"id":"ACROBAT_READER_MASTER_SURFACEID","info":{"dg":"d01f2f8f10261bfe5b6c0f6923d8ac2e","sid":"ACROBAT_READER_MASTER_SURFACEID"},"mimeType":"file","size":295,"ts":1696585148000},{"id":"DC_READER_LAUNCH_CARD","info":{"dg":"243b14d2a26c2620c5e79e7da23ec83f","sid":"DC_READER_LAUNCH_CARD"},"mimeType":"file","size":285,"ts":1696585148000},{"id":"DC_FirstMile_Home_View_Surface","info":{"dg":"e60a17134c5dc41d99acfacff34ba00a","sid":"DC_FirstMile_Home_View_Surface"},"mimeType":"file","size

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 21, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 21
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9958849436184566
Encrypted:	false
SSDEEP:
MD5:	5E6B852EDE78D52ACB06DA1B27409157
SHA1:	A49D9BBEAC43FA65FF0FA3C68DCDEBBBEDDD5E3C
SHA-256:	3989516D0779A2553F28B528534CF190BC02965773F4A97F3688B664439C4647
SHA-512:	ABB090164FA8AA206B45A968D21B720DFA1295B7524B2CF12735252D08865CF09DC6807394CE79D6485978D09A9F33D6F509DDF0918EC1291B8D4D0051C88FD8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3583156911861307
Encrypted:	false
SSDEEP:
MD5:	261976FBFEDDBCFE11B8EF38354C8737
SHA1:	700861E466D560119BFC865889CD86906E82FF48
SHA-256:	15ED8A032BBACBF15E33CC391091A03E8242903F9145575A775B678D53935808
SHA-512:	3DE261327ECDD3BD121F2387EDBF5475CFBE151452B8A35D997DCC4AD0AE5865C79578388E641A27654559166EBFBE3CB16D1E8A58CF0685E320FE1AE698E347
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....w-........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j..........r...........7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\CBFKJ4AB\tl12[1].acrobatsecuritysettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
File Type:	PDF document, version 1.6 (zip deflate encoded)
Category:	dropped
Size (bytes):	395086
Entropy (8bit):	7.922245580843847
Encrypted:	false
SSDEEP:
MD5:	9460CFEB80BD0F443EA1396AE851BF1F
SHA1:	CA855214F176D4D9A83E6ED949660C3064F9DC03
SHA-256:	21E9E8EFB506621107D2D9A6082E63760213C6E9D7EEA618408DAA8DF9C90DB6
SHA-512:	166F4D958C8D98CB46B7746CAE4118797A846A918CF778A1F885954B1B065989E619B9F0880052F22936E89FCA66A9C3DABDCBCDF6843146A3B9B2C385A75EEA
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.6.%......18 0 obj.<</Linearized 1/L 395086/O 20/E 36612/N 1/T 394767/H [ 453 195]>>.endobj. ..23 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<EA2919BC541D53488B796B87F3B5F438><379E2B363C327B44A965464EDC1A847D>]/Index[18 11]/Info 17 0 R/Length 49/Prev 394768/Root 19 0 R/Size 29/Type/XRef/W[1 2 1]>>stream..h.bbd.``b`....M@...HtY...%.L...@b..H...............endstream.endobj.startxref..0..%%EOF.. ..28 0 obj.<</B 108/Filter/FlateDecode/I 133/Length 99/O 69/S 38/V 85>>stream..h.b```f``rg..._.....Y.8.8.......A...s..r.......B3.h.......i..`.....+c.ba....5....l.l..P............endstream.endobj.19 0 obj.<</AcroForm 24 0 R/Metadata 2 0 R/Names 25 0 R/Outlines 8 0 R/Pages 16 0 R/Perms<</DocMDP 21 0 R>>/Type/Catalog>>.endobj.20 0 obj.<</Annots 26 0 R/CropBox[0.0 0.0 612.0 792.0]/MediaBox[0.0 0.0 612.0 792.0]/Parent 16 0 R/Resources<<>>/Rotate 0/Type/Page>>.endobj.21 0 obj.<</ByteRange[ 0 1043 35593 359493]

C:\Users\user\AppData\Local\Temp\7zO4376D6CF\??-8.pdf

Download File

Process:	C:\Program Files\7-Zip\7zFM.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	619459
Entropy (8bit):	7.5570416408691194
Encrypted:	false
SSDEEP:
MD5:	82EF48B4E929F7E80EC0A3D713F58274
SHA1:	D2C53FD46735A1ACD7F101FCA658A8FD364EE7E6
SHA-256:	1F51BB70CFAA40DEBDDB3906149720FF167EBCB05A8BAC584F6992B654B0CD5E
SHA-512:	CC7241B2E9C3F4C30BDDE58C414652D93FBE657AF74867B65B54C719A0E5742EF1C7037184258607ABD1A433211363D2B47B24561B8B69D2622D4B0720DF7EB0
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7.%....8 0 obj.<< /Length 91287 /Filter /FlateDecode /DecodeParms.<< /Predictor 1.>>.>>.stream.x...f.&v...O.........;........6n.........9g...E....P.B.P........._...._?.....C~.......2.............P..?.................w........?......is..........o..?....?...........u......?..g...<I?..s.S.O.vI.8Li=(.t.....'Sj.6v!...3ZcJI.6Y..GR.%J=+(.m..r..t..+...G`.....$)"dP...e......J.L9=(..lg.l..+.....3.Rk.6...gR.I0{...S...s..dM..gm.m...e.,.\.\........yl.%e.6.26Svhg..<........F....'ew......($y.!.S.>.......S...H5.7TZ:he...'_.....D.>.h[I.^..D..E.=i.....H{..........oH...=i.v.?I.w..=.wOM.i..<.-(....)..<......l..]9./..=.t.e.....Om..s.V.J.....R.V[KZ1.pT..H.....y.c...I{.1..I{..6N.....3&m.q8.).v'.."9../Z#.r^.+..R.x.j....I.{.JJ...Q..&.x....<.\|w......_...!CO..F.VvP...........<FU.2B?..2..O...y..C;g.v...,15 ....=..4.......l...j.7dY.wt....h%.q&.z.Cz{....R...Z.).Y.:....s.....q..B'wYc.6OR.bJM..I.w..y&AL))A..4..TR.c\.[.,[Qgcp!..XFy......3#%.^

C:\Users\user\AppData\Local\Temp\7zO4377A720\??-7.pdf

Download File

Process:	C:\Program Files\7-Zip\7zFM.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	552671
Entropy (8bit):	7.556876781523627
Encrypted:	false
SSDEEP:
MD5:	8E9B6538D8B7AB26D3A62EBB8A6A6D49
SHA1:	31BF147BA8AA75E0A92298ACFB65C54F4A696185
SHA-256:	62536430AB8187739A49AB0DA500097120EB9F3B893FD5650D7DEAEE8EF7117E
SHA-512:	B4178523D1C5A983FA302603F34E5DE47D52FA5D52A22F8D5F113491980023CFB9622A59D80764BD958065FBB62D8D7CFA2B9ACC979A7B9064F523C92B3FE8E7
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7.%....12 0 obj.<< /Length 32914 /Filter /FlateDecode /DecodeParms.<< /Predictor 1.>>.>>.stream.x....%.q.x.......3.[S....C......D.....`.o?q..ZM..lq..g...........%}...?LT.../......%.5...K.T3P).....?../.s.........o.?......Uz........?....??~._~....K.........._C{:.........~.O....1.G...}).:gQ2....+`i..X...j..X.[..S...."..!......).F..E...Y3.$.....$........h....g5....b...E$%C..;c7..hs.......Q..........5"..k.HY...#R.;...H..;..w...H...- 5p..m.#....H.3".Sa..$..H.;p..f.).R........J..0a.$....J......B...S,..n.!q..S,....!q....P9 ".L..pZ.E.....$.Bi...X\$=VD....E.d...P.c."T.H...q....S,....I.....X\4.#R.;&.B..H...q..P- 5pG..&.L..Hz.d..P$..6q...wL\z....iaW.H:....eD..O-!.>0.\J..1.^Dl.^L....L/.hzqZ..P...K(.^...%T..L/.xzQz..b....kD..h..b....sD..g....$..1.oC..P.:R.w.O/Jw.^L.............!M..P...H+.).;.N.N.) uuGV..I..`u.[-..RV.H5.9.. .j).PK.$Y.&.R(I.B...J.....-..f).bK.......VK..[.M.....Y..r@D..bq.Z..Z@Z`.X.J..`.EY.cE....R...1K!T3.........Y..X.5]#..;

C:\Users\user\AppData\Local\Temp\7zO43792B4F\??.pdf

Download File

Process:	C:\Program Files\7-Zip\7zFM.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	267937
Entropy (8bit):	7.107405305779808
Encrypted:	false
SSDEEP:
MD5:	A1DFB4956C1C2488F14E989B6ACBF75A
SHA1:	A1EC8D3DE548BE10A2855CA2D08544BB50A939A7
SHA-256:	DCC69E6513C73BE470B7F596E5695791BBEC406E07C0BBE5E707DF74994D916F
SHA-512:	4FD09735683CF61FCCE9AE58954F2022C4F08A7CAA24DB46283D3D18CFE735DA499FA3CB772F599E1801C3E8689ED6396E938EDFCB8A5D5513F18AE211605021
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7.%....3 0 obj.<< /Length 53 /Filter /FlateDecode /DecodeParms.<< /Predictor 1.>>.>>.stream.x..2.34R0.A.....s....@B.\&.f F..afan.d#1.R...y\...a...endstream.endobj.4 0 obj.<< /Type /FontDescriptor /FontName /SimHei /FontFamily (SimHei) /FontWeight 400 /FontBBox [-12 -156 996 859] /Ascent 859 /Descent -141 /CapHeight -312 /Leading 141 /Flags 34 /ItalicAngle 0 /StemV 80 /FontFile2 1 0 R.>>.endobj.6 0 obj.<< /Type /Font /Subtype /Type0 /BaseFont /SimHei /Encoding /Identity-H /ToUnicode 5 0 R /DescendantFonts [.<< /Type /Font /Subtype /CIDFontType2 /BaseFont /SimHei /FontDescriptor 4 0 R /CIDSystemInfo.<< /Registry (PDFAUTOCAD) /Ordering (Indentity0) /Supplement 0.>> /W 2 0 R.>>].>>.endobj.11 0 obj.<< /Length 365 /Filter /FlateDecode /DecodeParms.<< /Predictor 1.>>.>>.stream.x...j.1.....`G.d..C6.B..4..g<..4d.-....e....[....1.$......4Y..3X......?....22.]"..E....d.......x..!;...+...8<....=.c..B..q......!.R$....?..^s)..D....wp...^........f.Q.g.$.kp<U.*..%.......X.dRR%

C:\Users\user\AppData\Local\Temp\7zO43792B4F\??.pdf:Zone.Identifier

Download File

Process:	C:\Program Files\7-Zip\7zFM.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	false
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Local\Temp\7zO437BF08F\??-2.pdf

Download File

Process:	C:\Program Files\7-Zip\7zFM.exe
File Type:	PDF document, version 1.7, 1 pages
Category:	dropped
Size (bytes):	445244
Entropy (8bit):	7.3842367108781115
Encrypted:	false
SSDEEP:
MD5:	D6831B0747F9BFA36E6342BDB9ED441C
SHA1:	84DF935D271C0E9007363E2FD69E79D967EA6020
SHA-256:	4874253FEB4B54A6728D6666D59D92D3753C718DF436F4AA787501EA0466E552
SHA-512:	264173A1894122CAD3DEA8EFA12967597CEA511F57D2B57F614CDFDA74DBC7777CC05131B4D92F6A985F8719CC39FC6E4BC64190E812539CF9C5668ACF1FE92B
Malicious:	false
Reputation:	unknown
Preview:	%PDF-1.7.%....38 0 obj.<< /Length 27490 /Filter /FlateDecode /DecodeParms.<< /Predictor 1.>>.>>.stream.x.....e..%....!..J.._.n..../....9...M...o.s..#...c.I...[.R(...B......Gz..?..._......z...........[..A).zR..o?.._.f........_.a..............._....?...........O......_......r^.....Reh.>..>...:..............O...UVyQ.o+...%......e0o2...f...Do).!..Y..c.}Y.5Y.._.5.........FyiD.4..k.....:.....7.:........V.r,.('8.n..J'...f/.s..ZQ,5...._.r.... ....--C.......>....X.d..... .e/..Nw..m.....n.mN.........mX.....q.........h+.....QGe9V.NQ. cB...c..I...G.....X......u..[...=......a..vrj.....?W.....i[+HQ3...j9..r..9Y.F...<.,..s....).......L1M24rD.i5"..>K.%...u./?.SeQk.a...l.:v[j.VR'...).4\|W.s....1..,a.6....s...@.Br[.h.\7p.#..P.~&.A.z"E+.,".+...6B..H..x......UK..i...n=..1..$.Aw7...m.;>....#.UD......$]B.).......9.f.uu..^T.Vh..- il.\|.i....ig.pN..V.DQ3........._oj...H.....8K.Q/.........a.^D%...Q..(.!cL.T..v...=.o8.{.:.5.Y.-^.....P.....t.[...Fh.F.Z...ks

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 08-16-57-862.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (392), with CRLF line terminators
Category:	dropped
Size (bytes):	16575
Entropy (8bit):	5.371503363425494
Encrypted:	false
SSDEEP:
MD5:	A1C7250FBC6B982A8A8040BF52968D7D
SHA1:	9C71904C18788AFA1B6D7DDD39C2D304567DC17C
SHA-256:	12ABF415856A0EC3E23BE84C1CAB843CE28C0367C90FD473878515D23770F0AB
SHA-512:	5C0362C7683CF6A1A3CC322C7AD35E084C50544AE6203F8B8BB18B8A69C2FD2D95A49A391F443D5F257CCAE0DCC02456580034387DFF474310EB6B0E020178AD
Malicious:	false
Reputation:	unknown
Preview:	SessionID=9825434f-52b3-4807-beb6-275f1ac02b49.1714112217874 Timestamp=2024-04-26T08:16:57:874+0200 ThreadID=5504 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9825434f-52b3-4807-beb6-275f1ac02b49.1714112217874 Timestamp=2024-04-26T08:16:57:875+0200 ThreadID=5504 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9825434f-52b3-4807-beb6-275f1ac02b49.1714112217874 Timestamp=2024-04-26T08:16:57:875+0200 ThreadID=5504 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9825434f-52b3-4807-beb6-275f1ac02b49.1714112217874 Timestamp=2024-04-26T08:16:57:875+0200 ThreadID=5504 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9825434f-52b3-4807-beb6-275f1ac02b49.1714112217874 Timestamp=2024-04-26T08:16:57:876+0200 ThreadID=5504 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.4247236489189605
Encrypted:	false
SSDEEP:
MD5:	C49A278E8DAC9C69650B56806402278B
SHA1:	F9A341A214BC0F5A6D1ADB9900BFE948D39579ED
SHA-256:	EBE62B0073024A44023CB44EC458FE559DD86EF0D9DCC21B3DB2B8D3F5CEDA99
SHA-512:	F8ECAB7B78D6FDD39DBE1874C20E9D28AEE9AE2CF0AF73AEB2EBEEFC8C6BA1B35937BF01C18F819E096208F450A0AF6B75BD7B73EBD26DF066236C79231A9445
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobData

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	22
Entropy (8bit):	3.4594316186372964
Encrypted:	false
SSDEEP:
MD5:	4AC65FD0505524C840E4B8ED9352125F
SHA1:	F914B6F0DF85ED7B5AA059AFDBD993E18748493F
SHA-256:	913EF675AA4754FBB1A0B07E73B75D515B05C2058CB1144BC115E0430A90CC11
SHA-512:	9E8913B2E71CA3C0D422A2ED1CA6E2BEE3C7C7F493A0F79573CA4E0341946FFB1D38F669521190B1303B4F3F6F392E20B7694ED25A177301C93816BB8B073438
Malicious:	false
Reputation:	unknown
Preview:	<</global [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Reputation:	unknown
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
Category:	dropped
Size (bytes):	14456
Entropy (8bit):	4.2098179599164975
Encrypted:	false
SSDEEP:
MD5:	32FCA302C8B872738373D7CCB1E75FD4
SHA1:	DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1
SHA-256:	CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6
SHA-512:	57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F
Malicious:	false
Reputation:	unknown
Preview:	%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R]/NextID 1006/Type/AddressBook>>/Type/PPK/User<</Type/User>>/V 65537>>/Type/Catalog>>.endobj.2 0 obj.<</ABEType 1/Cert<308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F74204341301E170D3033303130383233333732335A170D3233303130393030303732335A3069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CC4F5484F7A7A2E733537F3F9C12886B2C9947677E0F1EB9AD1488F9C310D81DF0F0D59F690A2F5935B0CC6CA94C9C15A09FCE20BFA0CF54E2E02066453F3986387E9CC48E0722C624F60112B035DF55EA6990B

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	36
Entropy (8bit):	4.294653473544341
Encrypted:	false
SSDEEP:
MD5:	5C6B932A79952B4B27833691305E61DB
SHA1:	09804DB0986A989C2C49CDCEA563567FB4C7B1A0
SHA-256:	DEE5A5925227B125F4AC6D9B70A277E6EC8494FFC73D1CCE9E08CC7A78D6208A
SHA-512:	4FAA9585BB10156D5DEA3B62D3A3A1BFA92430BA6E1E3381FC4C76C3071C85E53D5CBCE0016DBA1D1F9EA1B7AF37B4A4EFBAF4F3106B7D958B6E2E90AA0DF059
Malicious:	false
Reputation:	unknown
Preview:	%PDFTrustManagerDocsData 1.0........

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	54
Entropy (8bit):	3.7119196645733785
Encrypted:	false
SSDEEP:
MD5:	6A614A7743B0C781AAECA60448E861D6
SHA1:	67B7DF5EBEB4527E4C31F3F9B7E52A0581DC4B6D
SHA-256:	9703120DC62C2C3F843BAD5B1E77594682CA7820F0345AE0BBD73021C1427146
SHA-512:	3A45B27ED6F3AAA8C2113FBB21637675CC91D1239754447A7032D1A86CB1E7381575B28F992E5FFC9986354C2B9C173C614F1F703CA4C2BEE63AB3BC6ED909A6
Malicious:	false
Reputation:	unknown
Preview:	%PDFTrustManagerGroupPerms 1.0........................

Static File Info

General

File type:	RAR archive data, v5
Entropy (8bit):	7.9987864678869185
TrID:	RAR Archive (5005/1) 100.00%
File name:	#U6696#U901a.rar
File size:	4'051'181 bytes
MD5:	66e8c2c3f36382c5edadfdeeb68db951
SHA1:	e41cc919022006c58ae5a18b2d6453dc087a9aaf
SHA256:	d44c899f4abadd61548694a3db078895b6be973e8e3224461e1c5ac033bc31ab
SHA512:	2a14b5fd6df8dc80967b37d20bb8a45ea010fb8cfca25e853af4c91aeeab9bc6ae3f5a65456d71ed5e6a1758af554d91f62bfa6d9df3c5b0154c9f36f488cc2d
SSDEEP:	98304:P4t2cTRWKpQXJ5Ji1kmg4JC7nb8MZYZq1cK7lydwN7YUXH:P+2kQoqHJFmKs7qekX7F
TLSH:	D8163364C3AD57D06DB7912F45E3293385F4BA0F765C31E8BAE348D402B4E6D0AAB4D8
File Content Preview:	Rar!......................J../.......... </M]........../.......pdf...Ydl......T.CPvEd"WVPDfD@P@D.Jh.E...D...W...Ia.. .E).Id...R..%...o{.......o.s..7..&I......9.Fc1..Qa?u.Q..F#......... ...^.b1.....Vl............~....%....2y.......nal............P.j...46.d

File Icon


Icon Hash:	72e2a2a292a2a2b2

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report #U6696#U901a.rar

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF5ff752.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old~RF601682.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RF5ff771.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old~RF6016b1.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\2ec1c631-a238-44be-958f-91c8cf71d3b0.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5d987c3b-62e5-42c9-a2fc-2c920aa75326.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF603390.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF5ff790.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old~RF6016ff.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-04-26.log

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\inprogress\download-19

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-19 (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1036

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Low\IE\CBFKJ4AB\tl12[1].acrobatsecuritysettings

C:\Users\user\AppData\Local\Temp\7zO4376D6CF\??-8.pdf

C:\Users\user\AppData\Local\Temp\7zO4377A720\??-7.pdf

C:\Users\user\AppData\Local\Temp\7zO43792B4F\??.pdf

C:\Users\user\AppData\Local\Temp\7zO43792B4F\??.pdf:Zone.Identifier

C:\Users\user\AppData\Local\Temp\7zO437BF08F\??-2.pdf

Windows Analysis Report
#U6696#U901a.rar