Edit tour

Windows Analysis Report
Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf

Overview

General Information

Sample name:	Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf
Analysis ID:	1438419
MD5:	3cefa9f5174baf368a71e17592692f15
SHA1:	c002c219b828aae3ff940d2d1ff774ebbc0c1330
SHA256:	6c004f29e5fb4050a85b141319669b764dd73860fe38e47bf2abf288f1a04b41

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Stores files to the Windows start menu directory

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 3672 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2788 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6236 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1580,i,2690051050023038129,15551241143277578108,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://signaturedo1rture.arcencieltour.info/get/9a831435-d8a3-3bce-bc11-4d7f727eb6ee MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 7268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1832,i,11350477795455199426,8346384971983572533,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: chrome.exe

Memory has grown: Private usage: 23MB later: 31MB

Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 23.213.36.145
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	TCP traffic detected without corresponding DNS query: 5.230.44.76
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: classification engine

Classification label: clean0.winPDF@32/32@2/68

Source: Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf

Initial sample: https://signaturedo1rture.arcencieltour.info/get/9a831435-d8a3-3bce-bc11-4d7f727eb6ee

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4468

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-08 17-45-48-442.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1580,i,2690051050023038129,15551241143277578108,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 7FEC8C42FA479053FD4FBC4332D638B5
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1580,i,2690051050023038129,15551241143277578108,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://signaturedo1rture.arcencieltour.info/get/9a831435-d8a3-3bce-bc11-4d7f727eb6ee
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1832,i,11350477795455199426,8346384971983572533,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://signaturedo1rture.arcencieltour.info/get/9a831435-d8a3-3bce-bc11-4d7f727eb6ee
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 --field-trial-handle=1832,i,11350477795455199426,8346384971983572533,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf	Initial sample: PDF keyword /JS count = 0
Source: Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	142.251.211.228	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://signaturedo1rture.arcencieltour.info/get/9a831435-d8a3-3bce-bc11-4d7f727eb6ee	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
74.125.135.84	unknown	United States	15169	GOOGLEUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
5.230.44.76	unknown	Germany	12586	ASGHOSTNETDE	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
96.7.156.186	unknown	United States	16625	AKAMAI-ASUS	false
142.251.33.110	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.211.228	www.google.com	United States	15169	GOOGLEUS	false
142.251.211.227	unknown	United States	15169	GOOGLEUS	false
18.207.85.246	unknown	United States	14618	AMAZON-AESUS	false
23.213.36.145	unknown	United States	2914	NTT-COMMUNICATIONS-2914US	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1438419
Start date and time:	2024-05-08 17:45:15 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@32/32@2/68
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 96.7.156.186, 18.207.85.246, 54.144.73.197, 34.193.227.236, 107.22.247.231
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\21c86540-b372-4c00-9c33-dd8ff9286bfa.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	476
Entropy (8bit):	4.967507736098325
Encrypted:	false
SSDEEP:
MD5:	4641F417ED5B8E3E04E307C009AE8EDB
SHA1:	9AEAF15560CE3E609A7DB1E5C95E5E06E9409EEA
SHA-256:	FEB3A99FC25F1A73CA67F8BF6B022742520B8A760E4BC8545B9973F12BA89A73
SHA-512:	D750EE4CF9AC06F5E1D82FCFFED907C62C9C004638BCAB41330E4F1AE999196A9A40C158245F6EF79A66833DD03FCE29DA0BBDB5E4401BBD9B88B60364D9521E
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13359743157885859","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":164599},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4641F417ED5B8E3E04E307C009AE8EDB
SHA1:	9AEAF15560CE3E609A7DB1E5C95E5E06E9409EEA
SHA-256:	FEB3A99FC25F1A73CA67F8BF6B022742520B8A760E4BC8545B9973F12BA89A73
SHA-512:	D750EE4CF9AC06F5E1D82FCFFED907C62C9C004638BCAB41330E4F1AE999196A9A40C158245F6EF79A66833DD03FCE29DA0BBDB5E4401BBD9B88B60364D9521E
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13359743157885859","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":164599},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.17","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	unknown
Preview:	MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Reputation:	unknown
Preview:	MANIFEST-000001.

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.704993772857998
Encrypted:	false
SSDEEP:
MD5:	5AF87DFD673BA2115E2FCF5CFDB727AB
SHA1:	D5B5BBF396DC291274584EF71F444F420B6056F1
SHA-256:	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
SHA-512:	DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
Malicious:	false
Reputation:	unknown
Preview:	.\|.."....leveldb.BytewiseComparator......

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240508154550Z-165.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.0963789511113242
Encrypted:	false
SSDEEP:
MD5:	EB5A7253E5BE20155EEF71EDDA91818E
SHA1:	C05C3BC996839B6A0B871DD07EDDA447799C8D8E
SHA-256:	4C16BD7FC5977A2E0126549419DC4E0BADC67E7E381E8623728AF89E9E99D31A
SHA-512:	5A6180C4171749525CDD9DC02AD73E0C864A68766441B7FD89D08E063DDCC2E7814153B22D3B18A4725DFA17232E7B1C485E115B14DC3EF7481612331D17B43B
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445169778252367
Encrypted:	false
SSDEEP:
MD5:	DF21DA742E6ADDD6AD2279AC72A4FF8F
SHA1:	916E7D84BBC2CC0A4D9CC3B1584EFF8162C6F8A2
SHA-256:	748350E10E0F24543A704ED48DE7637207B00BAD6D214A41E78C5C180908F80A
SHA-512:	8C30CBB2FC4ED4007FFB64F66D3CFD3E5783246556E3DCB1C1904E227C9CEFC3FA005B63B7F3E6F80EFDFE8DDC51193E8C3AF138731763777CE4800DA0860974
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7706233756102243
Encrypted:	false
SSDEEP:
MD5:	E1737E6AAC6BFAF7A4F9D6013CFBE855
SHA1:	08684F7D4F02DE8CCEF7CEA439C84524004A7466
SHA-256:	2196C1FC68D3598B4CF5970A9155BF42A0501140DA94178AF76BBD438F3032E8
SHA-512:	A9AA70D4AF0A0B0FB7FEC64B0F07B2EE708D7BB50A57F6C3B485BFAE0A5740B0071C4ACD0AD8AE477382070BC9639928E21CA0E1557893005295A838F9F20C68
Malicious:	false
Reputation:	unknown
Preview:	.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4468

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.372172868802688
Encrypted:	false
SSDEEP:
MD5:	9199EC4BEE029504C7CCF4821E125024
SHA1:	2FF216FF3399885FCD213A52CFF8FBEBE198DF2E
SHA-256:	1479E57E3AF9AC766178989CA817862345C3BD515B77D8C9DAA9B268F5C31501
SHA-512:	4E32F10ECCE20E08E49F03197CCBD7E76EF6700C91934F4EE47DEE15DD320E481EB4F707014F72834B1EC696DAD75DEF18267396225EE563DF0DE4925F7F7A91
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3162650774581595
Encrypted:	false
SSDEEP:
MD5:	8249C6B586B31A024013C1B8839217E5
SHA1:	4D9BD1946B42AB03B9C7EC8246969C0D7CC54385
SHA-256:	80764B77BE2F71D762F893A51EDE719153F00E7DC8B9AA570869331AEAA0944D
SHA-512:	51F6A343475BAEF8D9F5791D29525C823CEF33A9806E2C8075036A47B07539F2A5CD326F00AEA6E06B44F04BF0B8FAC273F4231A50DDC8862CF3A53FB6728E94
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.295791260532193
Encrypted:	false
SSDEEP:
MD5:	48A3B52957704665645D7E595178C193
SHA1:	F6A146CB560CC11273EF98AA1CA6819E8598E21D
SHA-256:	0A729DC3251C3EEFEA8DDCDA745EA6FA62D7D68388795EAB35B78A37060D2250
SHA-512:	A7E9A14578C80681BD08D509E0BB5B4AFFB3A12A9B2D2110DB3E5E20768312226EEB045273361ADE23ACBB451FBAFF57632EAB70783C4C32DADF961014F5627C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.358578457214805
Encrypted:	false
SSDEEP:
MD5:	AA4BDC6EEA1547801805BEF13192929C
SHA1:	0D18931C3F332ABDED8EC5E9528BCF8FCAA1E71D
SHA-256:	872FD52351C90F5AFA629E0486CF5B816B6BB5A46731408E772E035BE9C23822
SHA-512:	80162410B059C9EA65163FAFFBC4AAED330C07BC9C9CB9C0B7FC850D6C4646679E6550EBB93FBD15A2436773435B5F1E3D42638D985D15F8B0ECE3B04494FF29
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.320895510790912
Encrypted:	false
SSDEEP:
MD5:	895620C983B87521216ACAB8CDAE786E
SHA1:	87A18C29B9B495E654D31898658239F5FA8EE2A6
SHA-256:	423E0927EEC625CCE5E3BA8D5BD181D9CB1778C7A24021073773BE69EAA0E63C
SHA-512:	F6B68CBCF6F2E079DE5B46955BAFCFD8877990BB3D781256926C28B879FED15157E96520A5987BFF3A24C12D17BCA80A82F9E0A0A4873474F442F7C9860863DF
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.308309773848293
Encrypted:	false
SSDEEP:
MD5:	43628D173769AA835E1D5773EB43CA77
SHA1:	085CBD63FD4274A43DCF6EB2B445A4AF4E1A713C
SHA-256:	F8F3B8B5A8CF3F2B6D0B72014A8C5313FF8820929C51BDC6421C52A3FBBA2A1F
SHA-512:	799E8936572926762B5007D827B598DCA035A4EE9F83399C2C711CF1D7598FAE695F1F61D20DFABA5F4CAF6B6CB42763DE2A0F8985EC6D68A670AAF042D7C78F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.308354015819152
Encrypted:	false
SSDEEP:
MD5:	5F9B168C184CCDBA363BE572DB5AD53A
SHA1:	78AB4176A33D7571EAA6C3CB24EB33435DE8A7BF
SHA-256:	0E841DA4D052E2498AD6EAC424E4FD0D1190DF001AAAFBF2D0E962F8EEDC758F
SHA-512:	8EF3FFBE0252EE4FEA2ECA294B6173F1F03818D05EF84D8CC031E92ED5A2E79D1116EB6B52B03A6005D0B00B090E3D17852710A2A0F1097FF11D5B8D9964BB1E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.318743628156892
Encrypted:	false
SSDEEP:
MD5:	FDA1C9AE4A64378DE99F3A0C50E9FF25
SHA1:	427BD0B7F14AF30FB57187A047D228FB604100C7
SHA-256:	648F2FD3BB66A41333AA8F08D509CF9DBEACA828183D88A65E5336C1F8F623BB
SHA-512:	5900C382C58F1A582265D20045E01CCB2750E54A7450696D6E5CAC16E5ABA8AEFD85206F6240F40CA06AE2BCB4848A87BD68E75810EC4D94416D130CB4D39AB7
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.737372638036026
Encrypted:	false
SSDEEP:
MD5:	0EB1C136AD49418835F29454215190E5
SHA1:	440A42F5AA8ADBF3146352BA1E15DB774B662C14
SHA-256:	F066201FC5F4F561964AB6CE9E96EA4839FE328E93B82633DB1971C3EDD0BFD6
SHA-512:	5D9C5D1BBF8B6FF378FE213D3276F188A02C953CBA74913A3BD6879486E45B0241D310D296B74ACA8E5F1C9BF407C2ECCBEA0B871093E239A0CD2B72B7200065
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.314185718146131
Encrypted:	false
SSDEEP:
MD5:	9ECD8843C32784AE68B79D2156C9C3AF
SHA1:	B5BC75163A46FC59319A015E4D7C9A43CE8A5C0D
SHA-256:	053BF4363584EA6F08D2FBC679D82E0E35C3D45EF66CA3527C1916774ED032CE
SHA-512:	0952CD4A5E6D8C807387020E413D8FC760DE53B7C5BD8476F9EA21E12EC9B903CC779CE8255F92F94C5A5227F3DEDA4E5B31B2FA9C37125B03BF03BC21534B54
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.773428335806999
Encrypted:	false
SSDEEP:
MD5:	49AB382B4E303338739F988F19D12D1F
SHA1:	73B6F0992A072F9C6BB39C1D632643B45DCFE36A
SHA-256:	C9DD460247A4BF3DF9816C016554978619D6CC13F7C9C192FE2AF2B4EE2B4DFC
SHA-512:	15ED33CB4B851F7688731705405B89DC2FB4C88C3161AA8C06A03C7E5C06D2C5AA4B1A8FE12E875A4526A4DBE9D6F6B09CDCC6A5A6B6C5090F035C5BC9B6683D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.297635319475346
Encrypted:	false
SSDEEP:
MD5:	3D02E9BC06B313231F2E06FC553E742C
SHA1:	E2A124C06726BB0AE975B21567C386489F175A19
SHA-256:	9BAF72112404715D1E59E4849E73C819E9CA6CA693099FB6EBD5326ABADB817A
SHA-512:	02F79C502FB2F376A00985DAFC44A4826E3C56D6FC142D03F5C5A713850FC1FA908DD3F6790605904C9DA595333FF3A7B7494CAAB06548A6A8A49887C342FBBF
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.299190509670976
Encrypted:	false
SSDEEP:
MD5:	EAE09597C3991E712483C5A6F47B075D
SHA1:	FEE0EA49537B655D61D4F3EDB8DAE599A5AE06D6
SHA-256:	69C5C3B3AEBCAD2140C0177EDD6F13CF4250A03F2A371437A98F830DC55EDD5F
SHA-512:	8F7ADEAF929617F9AB4E8079892E8550D6E0467CD9158DC62FFEDB8F5FB691652CE95F47EC89ED0B1F048B82B779A2EF17CE613D9A38A529D355A1A3CAE67561
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.321561183989446
Encrypted:	false
SSDEEP:
MD5:	5CA40F345EE0067C0A7E8667144E4719
SHA1:	49126440746D25F800755DB84C29132537C13EBD
SHA-256:	A4F33E417C629A046F7B94268F6218D9B4910DE5BB14B3C0AA421C0312C9079B
SHA-512:	659AF46C6DA994DFDCF349BF275E91ADAD4F955D51E22763F0480BA641B5BD99F5EECCB866F407CE5094A7820EEA96695DF02639D768EC7A66579A1C6B208F8B
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.276747487357135
Encrypted:	false
SSDEEP:
MD5:	9B50D1EF4064DEAA6494AE9091FEA4AF
SHA1:	A5762A203AC081D3B34D28D3387248F7E79F278F
SHA-256:	9679C931099E13A5DDE6196D5B21002FD4AA9F929A52EDE4C97B298B9A351D20
SHA-512:	549119EFDD0B255DE4B0C3AE30D86B40B0A26400AA895663BB4DF0139469388DFC5089A21F5E36F43A149AB1E18840F0EF4934CB0E45CED3A9837740E23106CE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.370706547426508
Encrypted:	false
SSDEEP:
MD5:	8877AFB701F0D5F2ECF3C7475F687FBA
SHA1:	4966A0A49114F565ED127F0CB2BE31F675EE55AA
SHA-256:	FF2A642A4298E7CC45808717693AD561A370A6ED971ACAB9A0115A1E44510432
SHA-512:	8BAC1619DB21037EA7DE9B7AF9A5D17C57EEF101437A6EE59D6AE0B472921CCCDAB86A98FB5F3AB67EC500DCB68B076F665BD41A2FDC0F08911F0A6EA857A1E6
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"09929e50-fe7b-4bf5-9b17-1bdcf6eea323","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1715359822677,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1715183152706}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.125401902892191
Encrypted:	false
SSDEEP:
MD5:	E156347952C38DA9EA1DC4FF6433AAF8
SHA1:	F5EC21D0804129525A3F97A5250EFB10E39FEBEA
SHA-256:	6B643A64F9EC575B8BD428BCD873B1293FEDDADCB373B115AFA0F8F274876DAA
SHA-512:	E0950CA2EC98E9F54F655F98142DBF07181B0248AE7DA13E103DE09FA82D6FD5536C1936672F513D8871580D043BB21305058DB83C95D97E871315C309D55EDB
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3dda62522f1ff3029e1335d1b8a53399","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1715183152000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"90612b599a9adb4de14f1b98597a35cf","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1715183152000},{"id":"Edit_InApp_Aug2020","info":{"dg":"0b2f79206ef15b3de1acfd34c50afe33","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1715183152000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"ef1ea8bd80055a7a096cab2da7a9f19e","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1715183152000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"bfe6a030277aa9a6183e3cf875834aad","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1715183151000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"77527b53f4c40f7df3480b2f261def9a","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1715183151000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.3567282234124376
Encrypted:	false
SSDEEP:
MD5:	B6CADF62FB8100F80D0F2F3F7FCB4D22
SHA1:	A8E632A78A1DA0EF8D000A00DD4AE8481121B0DC
SHA-256:	7FC5401BFA0A8951E3CF24D1D5F2E0653123C1C3DED843A9CE043B0273C1750B
SHA-512:	0C28087D9B4E95CDB0C595AB390D9C7B7DD8FCC6FB3D1B52FDCE81CBBAFE294700E3D70BFA16B8963926200B546DD7E3C0CDF231661643E313D48E8DFD9DE0ED
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.829565269811026
Encrypted:	false
SSDEEP:
MD5:	5C52673702BDBD7A73B09D64FDD032D5
SHA1:	56BF4C88D99F6B27AAFBC3DC76F3C3A108A5D743
SHA-256:	A6630EFF2D7C2D8FD83320AA442E3E45208DA3E9C083E59B9A960088366DECB5
SHA-512:	E43A400C0EF51445264CED041D4C584274821031CA37F9B9CB749FFB61851778E6A171B4E6EE3CCCBD7096E5BFE89E9224E401BA4F399D0B8B87202A898467FA
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....`3........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI98fe.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5379959665055347
Encrypted:	false
SSDEEP:
MD5:	1524FD56622A7B1E59CD5715B19A8EC3
SHA1:	5165C4E0D48E204AB4989E2C7793EF0E86908090
SHA-256:	D0E46ACBDFB6A79D6CB241441212067A16EBE45F192836DB9EE5515345F90F75
SHA-512:	2B939866C927D4A937495D6E08F0121F41BC1275EE7729D0F701FBDAED7946EB40B70CAEC0FD9B4D02A433CCE871FE66898A7441FF6D778F3897311C92E2FB68
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.8./.0.5./.2.0.2.4. . .1.7.:.4.5.:.5.3. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-08 17-45-48-442.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.359827924713262
Encrypted:	false
SSDEEP:
MD5:	06DEAEDB81D09FD8FB5FF668D8E09CB2
SHA1:	28A02BCBD5975117B97A08AFB049F2C94F334726
SHA-256:	D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
SHA-512:	948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
Malicious:	false
Reputation:	unknown
Preview:	SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35721
Entropy (8bit):	5.425350779413918
Encrypted:	false
SSDEEP:
MD5:	24AD10F00D98C12604AFCC1E95C851C9
SHA1:	3171B32137062DA4DA587A7368E71FEB4C06E046
SHA-256:	B9053247FC007716A770F866B467524FF0E4036405B35324203677D3DCE404BF
SHA-512:	87BE2A058DD905EF8AE7883665DF77BFD3750C8D600D7975EBE6CEA18602C8D2BAE9AF6138167DB8C9A7E1504CE1528213897F6A57F12CC0B9DA3877B7E00F76
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\92897961-78b5-4473-9129-1abfe3cdff7a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
Category:	dropped
Size (bytes):	543911
Entropy (8bit):	7.977303608379539
Encrypted:	false
SSDEEP:
MD5:	5B21A6981E55EF9576D169BBED44BCDB
SHA1:	B3A14100B7E7C2C01D61B010A54937952D111E20
SHA-256:	9555E661370D1DC26605DAE88BDBC1ABA68038C769BF6E354A256B1A1C4C110E
SHA-512:	FCA72A5131D8780A17DF65BBFF37FBA88DBEA3B7AE991C3D893B21B9E6C1EED44DC12945C8DA39DE471FAC5013BE71D43E5BBB892994742BC33EF5934469B1B1
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.018537451908927
Encrypted:	false
SSDEEP:
MD5:	4C7E4DA6B8077945D04D0D1A36EDBF50
SHA1:	3D20885F776889B046474D46C6183A93440C8DFF
SHA-256:	4A28B323C6B968DE6DFD016784B01B4D2411A36BC050CF54FE39257C4B6A0573
SHA-512:	A5A5E1661FE96DED4BC8F6F86D7C96C509847F132A8F4814A18ABF8EBC7E9139E43DE405E1473A314B4794A5387DDBAB93CA863EF20DE1C5CA7701171E7B21BC
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.}....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.}....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.}...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........}F4......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

General

File type:	PDF document, version 1.5, 1 pages (zip deflate encoded)
Entropy (8bit):	7.951132808092928
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf
File size:	259'648 bytes
MD5:	3cefa9f5174baf368a71e17592692f15
SHA1:	c002c219b828aae3ff940d2d1ff774ebbc0c1330
SHA256:	6c004f29e5fb4050a85b141319669b764dd73860fe38e47bf2abf288f1a04b41
SHA512:	31a2d0ca3e0134242d319bf1a0147462913ac744d64e289b88dd7f6070e38aa3a70df8c9b3153872a42b36d2a16effee5948ba63520d35edbec7472145a283e7
SSDEEP:	6144:B4B+owoyJRxRiOmuLx8FVfSjXCGzBrOu8+cS+oTjW8B8gXGcWaYZ:B22oCRxRiOjxOSjSS2SiurYZ
TLSH:	844423D961B04700E1C227FFD42B32A28D2532C257997D8124638776B45ADFBB42EBDB
File Content Preview:	%PDF-1.5.%.....1 0 obj.<</Contents 2 0 R/Type/Page/Resources<</Font<</F1 3 0 R/F2 4 0 R>>/XObject<</img8 5 0 R/img7 6 0 R/img6 7 0 R/img5 8 0 R/img4 9 0 R/img3 10 0 R/img2 11 0 R/img1 12 0 R/img0 13 0 R>>>>/Annots[14 0 R]/Parent 15 0 R/MediaBox[0 0 612 79

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	7.951133
Total Bytes:	259648
Stream Entropy:	7.950109
Stream Bytes:	256667
Entropy outside Streams:	5.305642
Bytes outside Streams:	2981
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	18
endobj	17
stream	10
endstream	10
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
13	c0f2b3cddb95c141	0768fe701a0d830061584f665019b45d
12	498e2b690c4d4d0c	e298d674d9024c1d553a7fb921a363c2
11	d2c1c4c4d4d4c8d0	d894bbd36c758525b0340b453516b577
10	0000000000000000	62640df3608f0287d980794d720bff31
9	e8c0e0a2c82ac0d4	a56499bdfc6957790b4a64231aaf9482

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\21c86540-b372-4c00-9c33-dd8ff9286bfa.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000001.dbtmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\CURRENT (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\MANIFEST-000001

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240508154550Z-165.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4468

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI98fe.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-08 17-45-48-442.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\92897961-78b5-4473-9129-1abfe3cdff7a.tmp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Static File Info

General

Windows Analysis Report
Report_85730cdd-1ba3-4d7c-8ecf-103ec107fc6b.pdf