Edit tour

Windows Analysis Report
R93FadYc2e.pdf

Overview

General Information

Sample name:	R93FadYc2e.pdf renamed because original name is a hash value
Original sample name:	eacd7f1d6733e1ce61cd7b0bdcc06205e22140cc2a1ea3467e70f9343efe84e5.pdf
Analysis ID:	1665016
MD5:	3cc81a519188b1d380a8ce3429dea82c
SHA1:	3aa21755e38acab65caad796b74f9699de072595
SHA256:	eacd7f1d6733e1ce61cd7b0bdcc06205e22140cc2a1ea3467e70f9343efe84e5
Tags:	pdfuser-sadboy
Infos:

Detection

Score:	48
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7860 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\R93FadYc2e.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 8100 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7636 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 5704 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2332 --field-trial-handle=1576,i,10324348253521878992,18048957707765539991,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: R93FadYc2e.pdf

ReversingLabs: Detection: 13%

Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org

Source: global traffic

TCP traffic: 192.168.2.4:49736 -> 23.216.73.76:80

Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 23.216.73.76:80
Source: global traffic	TCP traffic: 23.216.73.76:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 23.216.73.76:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 23.216.73.76:80
Source: global traffic	TCP traffic: 23.216.73.76:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 23.216.73.76:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 23.216.73.76:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 23.216.73.76:80
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 23.216.73.76:80
Source: global traffic	TCP traffic: 23.216.73.76:80 -> 192.168.2.4:49736
Source: global traffic	TCP traffic: 192.168.2.4:49736 -> 23.216.73.76:80

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.7.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.7.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: mal48.winPDF@30/59@5/1

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7952

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-14 20-33-15-523.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: R93FadYc2e.pdf

ReversingLabs: Detection: 13%

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\R93FadYc2e.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2332 --field-trial-handle=1576,i,10324348253521878992,18048957707765539991,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2332 --field-trial-handle=1576,i,10324348253521878992,18048957707765539991,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: R93FadYc2e.pdf	Initial sample: PDF keyword /JS count = 0
Source: R93FadYc2e.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: R93FadYc2e.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
R93FadYc2e.pdf	14%	ReversingLabs	Win32.Trojan.Generic
R93FadYc2e.pdf	2%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	high
e8652.dscx.akamaiedge.net	23.216.73.76	true	false	high
x1.i.lencr.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.216.73.76	e8652.dscx.akamaiedge.net	United States		20940	AKAMAI-ASN1EU	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1665016
Start date and time:	2025-04-15 02:32:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 28s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	R93FadYc2e.pdf renamed because original name is a hash value
Original Sample Name:	eacd7f1d6733e1ce61cd7b0bdcc06205e22140cc2a1ea3467e70f9343efe84e5.pdf
Detection:	MAL
Classification:	mal48.winPDF@30/59@5/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.0.175.56, 23.0.175.19, 162.159.61.3, 172.64.41.3, 199.232.210.172, 23.223.44.239, 23.223.44.242, 23.223.44.246, 23.223.44.231, 23.33.34.3, 52.149.20.212, 23.60.84.177, 54.224.241.105
Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, armmf.adobe.com, a122.dscd.akamai.net, geo2.adobe.com, c.pki.goog, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
20:33:34	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
23.216.73.76	SecuriteInfo.com.Trojan.Heur.TP.RuW@bOo3uBfc.2836.5163.exe	Get hash	malicious	LummaC Stealer	Browse	x1.i.lencr.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
e8652.dscx.akamaiedge.net	original.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	23.207.49.54
	pagamento8449.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	23.55.253.31
	STATEMENT OF OVERDUE INVOICES ---MARCH2025.pdf	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	23.207.49.54
	6499151747.pdf	Get hash	malicious	Unknown	Browse	23.207.53.54
	yap.bat	Get hash	malicious	Koadic	Browse	23.207.49.54
	RE_0078234567965441.pdf.wsf	Get hash	malicious	Koadic	Browse	23.207.49.54
	ShareFile received.pdf	Get hash	malicious	Unknown	Browse	23.55.253.31
	SecuriteInfo.com.Win32.MalwareX-gen.5654.2590.exe	Get hash	malicious	LummaC Stealer	Browse	23.207.49.54
	SecuriteInfo.com.Trojan.Heur.TP.RuW@bOo3uBfc.2836.5163.exe	Get hash	malicious	LummaC Stealer	Browse	23.216.73.76
	SecuriteInfo.com.Win32.MalwareX-gen.30756.7481.exe	Get hash	malicious	LummaC Stealer	Browse	23.207.49.54
bg.microsoft.map.fastly.net	original.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	199.232.210.172
	pagamento8449.pdf	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	199.232.214.172
	Galaxy Swapper v2.0.3.exe	Get hash	malicious	LummaC Stealer, Xmrig	Browse	199.232.210.172
	https://reviewcomenntsiite.com/	Get hash	malicious	AsyncRAT, DcRat	Browse	199.232.214.172
	js (2).js	Get hash	malicious	Unknown	Browse	199.232.214.172
	TemplatePedidoExtracaoDSI_original_.xlsm	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://rednosehorse.com	Get hash	malicious	Unknown	Browse	199.232.210.172
	ENQUIRY OFFICE BUILDING SHAKHBOUT CITY PURCAHSE ORDER454646.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	199.232.214.172
	Proforma Invoice 070425.js	Get hash	malicious	AgentTesla	Browse	199.232.214.172
	dwm.bat	Get hash	malicious	AsyncRAT, Batch Injector, PureLog Stealer, zgRAT	Browse	199.232.210.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASN1EU	spc.elf	Get hash	malicious	Unknown	Browse	184.51.34.42
	mips.elf	Get hash	malicious	Unknown	Browse	184.27.120.42
	jklarm.elf	Get hash	malicious	Unknown	Browse	172.235.25.35
	ATT73273.htm	Get hash	malicious	HTMLPhisher	Browse	96.7.218.8
	https://protect.checkpoint.com/v2/r01/___http://statsp1.thewishsendonline.com/fh5khhah5_Buywpdhqnhp?ifyf=s6WCZjJILUT7AuMD_yoU6nYy_hT7MNX/WzkYHLrkcUkgmySVTkAAr_i-s~8hMWDWwmnHED7llX_M1KbrC-KbuVD0jN78B-TgMUsZHixbIMnHhjLlIjAyE-7hb8JApOR/I2r49SwtxCyZhVcyYA5CvAT_Ng80F5A_/LZ8Ccp9AO6GgVrG3wAKg/19HuKgQwj14Ui03AER5B2zg2PXqmxLxqU16EjbS7~EuvhDYE/innOG~QFOaTbPNJajU9oNuW3FR_v1NQvc9acwJ5mNQ-HMNHZTCH-b2-U4o/Zyffx0RoifJr02IcwOufb/wlunw/aRH6gLF_zLQ5XK_ARPPQxiaBe8Ie8Ija58c5bc/6NTc7K0XPMvuE9U-SqPOSbRmxykUn9ywRSKi1D~-jGcRmDuI-CgjxCGg8mKxl337S0ZG1gFrA58CQFcswK4~Wapztzl1S2Rs5KhK8E_FJhA87PQOr-G6fgUDnxFVncmB0OkaVtzj-Q1SVOE1YtazHOKSkVmkcvvEIbFZ0DmKi-6VJNPAnVkOrgo7qKokyXlHzDDDUOUJQVEtgW6/umJWK~XNKPk7qEB4A0i8ZIWJqR4hPJ1qwqVhcnsqkQTALqLDXYGB_29k4U-jWqGW9UsZc7guIkAO2yk7wgcx12r1H1A2hTkCc8yvftuBHLpNjNJxJrSHkWtlO3sDYmz2IQ5hZPLaaX2tL3iBVO30zw68YNVwKMpgFtkbugnxD76PU5C9yh2NEGsLA/Dy-G2KtY3J3Z6~rrJ1pmns0_aM7bL-khCTP9jjqHgp6EWik/NShWz_I~8BMnxc9gPugXo9YY~8rxYiDx/g-gUl96jgLlUuqJOIuMZJa_HYM4VFKBhlGC7xFOGw8luP~FBoNk/H/V4MXjiZ3Z_SuQ__PT8Xn4nQ-5M7kE7L2uTDHj/OHKwuMkRRbao7KxWA0Bofu8c~EIa88kUK6il37mVOPTfhZYYm_LDQuRflha2EiMhJJ9ic-DSs-N40YW1VmBYDLLS1kJkItjT-kjSfoBLNrBfFHY-4q~V5MSF1IFHohNNFmE-k9ii1zFWHBooXs~xJ5RqusPau3Ku~_TMzbj_I2o8/2SV76CQ2AiIBCO4FXHGk99W8K5X1YKUjmxWYubXjQ14vuqJwtHgLWgDWSjwTZycoErt7lrE-Xs9-GSO0TpllBp6Ez7ZDqgz/HcQkba6VsrRaOfKq8bRsCvoJfGs20EL6kyiwzvA-UqGUY/FLsk_KEj9A/uA_2Ju24bZ0wJDkXCia~O2mMJ0Jw7NvghUW5jJb3nhqnD2y7QtMxNMy7nzNqBxmq8-y/m6rranbQrC9HtHRzbbNlhHvbPC2M1C0jQib0_fSlgX4jDv76NWsRi~cKA-YVhX1K3AOI7y-_NOEG9~jHoMI8tbj9P/tbUTCG7UJnm1xAx31yCpIvyrT9VPBC/5Q92XHspEC652lFsGy_8KTSV-MVKmEUcqMrA_jOh70RRJV5kaGq6sxkPmNtO2SVSgB2BhlGItoCB4-UpcbDnzJPByFkq-ZBhRO91YiKl04EPzDK~le8I___.YzJ1Omh1ZG9uOmM6bzphNDcxN2MzNjQ3Yjc3ZDQzM2Y2MmFjMDNkNTZiZmQ1Njo3OmFkZDc6MmI2YTVhYzg2N2IyZTY0MWQxMGYwMjJmODgyMjE1MTU1NmM3YzEyYzExOGU2MjFlNzI4NGI5YjkxYWVkZjY1ZDpoOlQ6VA#cm1haG9uZXlAdG9ycmFuY2VjYS5nb3Y=	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	96.7.218.43
	https://m.exactag.com/ai.aspx?bcg=d9959719bc4xtimr0b07205bbd26a23a8d2e6b6b4f9&url=%68%74%74%70%25%33%41towsila.com/dayo/xfhfco/kc1rzc/dGhvbWFzLnBsYXlsZUBoaWxjb3JwLmNvbQ==	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	23.0.162.236
	https://1234567890123456.bayareasantaclausexperience.com:8443/impact?1234567890123456789012345=no@no.com	Get hash	malicious	HTMLPhisher	Browse	23.1.33.15
	https://streamscenter.pro	Get hash	malicious	Unknown	Browse	23.1.33.7
	original.eml	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	23.0.162.244
	EXTERNAL Please DocuSign Required Clearance Documentation.msg	Get hash	malicious	Unknown	Browse	23.45.13.49

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.234109272996249
Encrypted:	false
SSDEEP:	6:iORPM/mTgQL+q2Pwkn2nKuAl9OmbnIFUtDPM/kaG1Zmw9PM/kaQLVkwOwkn2nKui:7REecVvYfHAahFUtDE7G1/9E7I5JfHAR
MD5:	2C6C0E8372CA41DC42A1F5EE84741419
SHA1:	87E5B2A0D51FDF28F8698A5D5421F54AD22D2238
SHA-256:	C3612E1C44E712023FA3E1F30B0D2A44EC5123E6645AB6D2A7871D9B2A023B0E
SHA-512:	A34B0ADE55737413DEDB2B4FC269E81F0C856903C1E06ECE64A430F934FB0D01D1D21D4A939588F601F959930DC901D9E63D0AE608ADB698A2CA3857043AE38F
Malicious:	false
Reputation:	low
Preview:	2025/04/14-20:33:20.696 16c8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/14-20:33:20.858 16c8 Recovering log #3.2025/04/14-20:33:20.858 16c8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.234109272996249
Encrypted:	false
SSDEEP:	6:iORPM/mTgQL+q2Pwkn2nKuAl9OmbnIFUtDPM/kaG1Zmw9PM/kaQLVkwOwkn2nKui:7REecVvYfHAahFUtDE7G1/9E7I5JfHAR
MD5:	2C6C0E8372CA41DC42A1F5EE84741419
SHA1:	87E5B2A0D51FDF28F8698A5D5421F54AD22D2238
SHA-256:	C3612E1C44E712023FA3E1F30B0D2A44EC5123E6645AB6D2A7871D9B2A023B0E
SHA-512:	A34B0ADE55737413DEDB2B4FC269E81F0C856903C1E06ECE64A430F934FB0D01D1D21D4A939588F601F959930DC901D9E63D0AE608ADB698A2CA3857043AE38F
Malicious:	false
Reputation:	low
Preview:	2025/04/14-20:33:20.696 16c8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/14-20:33:20.858 16c8 Recovering log #3.2025/04/14-20:33:20.858 16c8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.173707525696573
Encrypted:	false
SSDEEP:	6:iORPM/Nc3+q2Pwkn2nKuAl9Ombzo2jMGIFUtDPM/KIZmw9PM/KYVkwOwkn2nKuAv:7REVcOvYfHAa8uFUtDEV/9EH5JfHAa8z
MD5:	CC0ADF5510E3AB41A90A1C1A44809293
SHA1:	572AB138D1A6F01A4DC3C6ACE39F30D74263D49C
SHA-256:	49D2278EA5B7644CE3CFB5BB3F74285541B49502D52B501AE0B94AB47091C6D4
SHA-512:	BBEAC85D702CF82295DC1E59FC4CF2B26DC603356F1AB98999E7DE8FC6F0D7A8BAF75944643BCA3DDE6E21EF4E74CC95362C92798F061D8470555649DDB07582
Malicious:	false
Reputation:	low
Preview:	2025/04/14-20:33:20.336 1628 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/14-20:33:20.342 1628 Recovering log #3.2025/04/14-20:33:20.342 1628 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.173707525696573
Encrypted:	false
SSDEEP:	6:iORPM/Nc3+q2Pwkn2nKuAl9Ombzo2jMGIFUtDPM/KIZmw9PM/KYVkwOwkn2nKuAv:7REVcOvYfHAa8uFUtDEV/9EH5JfHAa8z
MD5:	CC0ADF5510E3AB41A90A1C1A44809293
SHA1:	572AB138D1A6F01A4DC3C6ACE39F30D74263D49C
SHA-256:	49D2278EA5B7644CE3CFB5BB3F74285541B49502D52B501AE0B94AB47091C6D4
SHA-512:	BBEAC85D702CF82295DC1E59FC4CF2B26DC603356F1AB98999E7DE8FC6F0D7A8BAF75944643BCA3DDE6E21EF4E74CC95362C92798F061D8470555649DDB07582
Malicious:	false
Reputation:	low
Preview:	2025/04/14-20:33:20.336 1628 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/14-20:33:20.342 1628 Recovering log #3.2025/04/14-20:33:20.342 1628 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.963804898002851
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq4AsBdOg2HNpcaq3QYiubInP7E4T3y:Y2sRdsfdMHNQ3QYhbG7nby
MD5:	98006CD9B1403468F1DF92C61BDCA187
SHA1:	068DDFEDA9F3DD4C2A9DC77E500EAD23860402B8
SHA-256:	142123B680437D02172438E883E3788914CE6FD4D6198703944DB7661F71E2B6
SHA-512:	DFC38ACEB75DDC9D03E420AB76F74030A1F1BAF970A44A00511CE36846F35F45A74B9DE9B0A432723D1B5C0BF099D431BC707990D241AB37D669F73EB87A2854
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389237217652819","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":145982},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a8ac08a1-f762-4c37-a000-cc0026d816de.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.963804898002851
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq4AsBdOg2HNpcaq3QYiubInP7E4T3y:Y2sRdsfdMHNQ3QYhbG7nby
MD5:	98006CD9B1403468F1DF92C61BDCA187
SHA1:	068DDFEDA9F3DD4C2A9DC77E500EAD23860402B8
SHA-256:	142123B680437D02172438E883E3788914CE6FD4D6198703944DB7661F71E2B6
SHA-512:	DFC38ACEB75DDC9D03E420AB76F74030A1F1BAF970A44A00511CE36846F35F45A74B9DE9B0A432723D1B5C0BF099D431BC707990D241AB37D669F73EB87A2854
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13389237217652819","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":145982},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	5919
Entropy (8bit):	5.2735600858171505
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7cYe+e+rD2pm3WYHqoRutL:etJCV4FiN/jTN/2r8Mta02fEhgO73goy
MD5:	B0B9F60584B52A330DADBF240DDAB880
SHA1:	D9993471EA4CB170943D4E0B145A112AFDDD2781
SHA-256:	AF3EB3DD21A1B56EB7DDC6614979F387B9F608B47177D6F25906BE5AF135A31C
SHA-512:	8A051438B7399042E110C37A2F6026B2ABD75D716897F3D495CF3610B84F888B1ACAB5354835B1C5B0325AC5E46C7C5B4EA397B8A2745F496B922B6D7CB1FAA2
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.201513642715222
Encrypted:	false
SSDEEP:	6:iORPM/S+q2Pwkn2nKuAl9OmbzNMxIFUtDPM/owZmw9PM/o2tVkwOwkn2nKuAl9Ob:7RELvYfHAa8jFUtDE//9Er5JfHAa84J
MD5:	27C8CA68AE0AB75F7FB8C2258DC92E8B
SHA1:	A4D49674EF887F8AC3293ABCCC8CA94DBBDC5A18
SHA-256:	BCC7C76A93B75570202575A1FB831D7E0AF5C13DC25DF6DC7204E4DABCB6E8FB
SHA-512:	D31CB5DC37E3A0FFBA997433275FAA64452830B05D5255BD7DFCC5E7FA7689DC4DE24E19632689759EBB2CB502084EDFDFB5056304223853B02D7AC960869971
Malicious:	false
Reputation:	low
Preview:	2025/04/14-20:33:20.888 1628 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/14-20:33:20.890 1628 Recovering log #3.2025/04/14-20:33:20.892 1628 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.201513642715222
Encrypted:	false
SSDEEP:	6:iORPM/S+q2Pwkn2nKuAl9OmbzNMxIFUtDPM/owZmw9PM/o2tVkwOwkn2nKuAl9Ob:7RELvYfHAa8jFUtDE//9Er5JfHAa84J
MD5:	27C8CA68AE0AB75F7FB8C2258DC92E8B
SHA1:	A4D49674EF887F8AC3293ABCCC8CA94DBBDC5A18
SHA-256:	BCC7C76A93B75570202575A1FB831D7E0AF5C13DC25DF6DC7204E4DABCB6E8FB
SHA-512:	D31CB5DC37E3A0FFBA997433275FAA64452830B05D5255BD7DFCC5E7FA7689DC4DE24E19632689759EBB2CB502084EDFDFB5056304223853B02D7AC960869971
Malicious:	false
Reputation:	low
Preview:	2025/04/14-20:33:20.888 1628 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/14-20:33:20.890 1628 Recovering log #3.2025/04/14-20:33:20.892 1628 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250415003318Z-250.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 152 x -152 x 32, cbSize 92470, bits offset 54
Category:	dropped
Size (bytes):	92470
Entropy (8bit):	0.09076937255297778
Encrypted:	false
SSDEEP:	24:aKfYORJmoR2TeaFMRDU8E1TYRa8zeR/PS8GxEKZlalt7sY:aa/RdRaXMRmGR8RCsASH
MD5:	65561B8F65FBE6F72B62B98267C9A822
SHA1:	1C23593E65A5F27CA3DD4258A9C9550BCD8C7A57
SHA-256:	CC0CE5F74EA594138AF9DAD749F65CBC51F6F9E9819127BC2DAF4D08FC4B434A
SHA-512:	F317BDF5A2A58C2259815486394430BF3D9CD924903DCF9603E0E245C746810869237405048D6F0A5A51A248F358C284EAF2B1CECA2FC38B2C536E727C698A04
Malicious:	false
Reputation:	low
Preview:	BM6i......6...(.......h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445163919795259
Encrypted:	false
SSDEEP:	384:yezci5tmiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rps3OazzU89UTTgUL
MD5:	70DAD35875D32277D8195AD328F90C66
SHA1:	F32D04A1842B03685C4F0D551E67D52AEDC682C2
SHA-256:	7DD8E1F947CEA2C905EFE31D9A1AB174CCE64F429DF67C8E78BCC4D9B5A450AE
SHA-512:	FD6DF2CFC0730FC2C38DE9D19F3BA369DA6D02CC32F84F08904FA475400BE5B852FE466D77E7BF5444D504B5857ED7A905A04E491544AA3FD147A5607C05CC13
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.771500172359349
Encrypted:	false
SSDEEP:	48:7Mjp/E2ioyVHioy9oWoy1Cwoy13KOioy1noy1AYoy1Wioy1hioybioyfoy1noy1Z:74pjuHFqXKQ+db9IVXEBodRBkj
MD5:	908A3671AE2A87F7EE95B8932CE9E63B
SHA1:	D07A22801452E718D8A1D2414F943B75BF64CAD3
SHA-256:	FCD13BD4D3186740D13B18CD6E9C3EDDD0B8FD22F2F00F455743720B763FCD7F
SHA-512:	0633692EB73DDB6EB65E1B92E287039B5C24E125093EA921819ABEBB02B29F5B7F27DD4BF53A51369AD33F213803BF6D4A298EA31C59A006B87205CAFE6691B7
Malicious:	false
Preview:	.... .c.....0x.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	73305
Entropy (8bit):	7.996028107841645
Encrypted:	true
SSDEEP:	1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
MD5:	83142242E97B8953C386F988AA694E4A
SHA1:	833ED12FC15B356136DCDD27C61A50F59C5C7D50
SHA-256:	D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
SHA-512:	BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
Malicious:	false
Preview:	MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH..M.KB."..rK.RQ..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j\|w...#.oU..Eq[..P..^..~.V...;..m...I\|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.\|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.756901573172974
Encrypted:	false
SSDEEP:	3:kkFklhel/tfllXlE/HT8kncltNNX8RolJuRdxLlGB9lQRYwpDdt:kK5l/eT8ucdNMa8RdWBwRd
MD5:	637B4BBD1DC5B8B414882CD14D54890E
SHA1:	482D8D8AB62D63EDD818528CF09A6BEEF3E51BE3
SHA-256:	B8BEE8F22CC3517C141D832343C13CBE6F9517227C22FC07A878A87B99BBD1B1
SHA-512:	B301112E6FB2F1E3F527A6699F9AF2C770FAEA6AA158A830BD6240B7ED2E8E3DF0DDF0C25230CD9868675488854C66996DF245829639399EB0937D3ACB0D6F6C
Malicious:	false
Preview:	p...... .........`?.....(....................................................... ..........W.....C..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	3.2871362927554144
Encrypted:	false
SSDEEP:	6:kKeptImcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:WtImfZkPlE99SNxAhUeq8S
MD5:	5F8CF3FF7CFDB2F915184EF711B906A2
SHA1:	E0759E83FDC46015A000E6879EA3A9F6E6B01469
SHA-256:	CF78D537FFEC92A0A7204AD86B2AEEE1274000C55522BD101E128085FF9BD1A7
SHA-512:	D0D50C756717DBDF2F148E3C315480A3AAAD8787D584449845F62D41ED0876FF5FBD506E8BAA0C0B6D089AD9D087618E4CA9B4F7F486C8C1C9230933EFC44748
Malicious:	false
Preview:	p...... ..........J.....(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7952

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.362377879660522
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJM3g98kUwPeUkwRe9:YvXKXHblZc0vBhsGMbLUkee9
MD5:	ECB8F40D41926660ED21D16A3449B78F
SHA1:	FCC6FB1C246B61839DF60810D9DFAB838CAEC61D
SHA-256:	15EED9C0EB4E2E49B5C55B202752570B945868A0EFEE9147896D689F3B45447D
SHA-512:	3E6BD3E2023AB72F23BF670CE963B781547568633111A669FC8AB15C225CB9E1B4C7CD37ECFCC47D264441889DD5D8987F5EA8A35D5E212339FC874959A28C1F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.3145103445824375
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJfBoTfXpnrPeUkwRe9:YvXKXHblZc0vBhsGWTfXcUkee9
MD5:	278BCBABA2116F94C114265832EF5CFA
SHA1:	78296FD127539A5CFF6F81953880679672E8DE25
SHA-256:	22C02D987CA5D84B768D4F2E5DEDD8FDA618587A8B30B1B2D6710151162FC615
SHA-512:	F6630A6655EB3F0CFBFCC79B4D000CF6727A2527C39AC2481C0D41723ACD0EEE514C6F08E56A3B7FE1127CE93FE61D1CC5CD8C36B3352C4943AD748B1FB24B79
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.292909663450868
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJfBD2G6UpnrPeUkwRe9:YvXKXHblZc0vBhsGR22cUkee9
MD5:	F0CBEE94BB8F920236B44064396F9EFA
SHA1:	B467D1A4742896D79CDE8F5E8671BD84DE368947
SHA-256:	3136FF54E821B192A19B16C0AC0ADE3520C6724FFF4B27B1741D9B2066EC7C10
SHA-512:	0543534705FBD49C87600496B8CEBCF2A7756E3A56DB5195FF5DFD433016E8ABE38B6B1F45F5F46C3C12F2ED21416C9E7781277A1D770A03D7024087BEE321E7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.3493538066747455
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJfPmwrPeUkwRe9:YvXKXHblZc0vBhsGH56Ukee9
MD5:	6E17133EE8CC1CB0D0818F09D4586FAD
SHA1:	728B512A4D208391B035D1A0ADA5CE8D451A520A
SHA-256:	165A0ACB081C14F900576A793966710436708A2F9FD3174164567B54524E02F3
SHA-512:	952EFE4D250214E184BD37B7796AA41B551922139AEDA066D8779F947A4431132449E6F91CCE9652512C08DEE98DA520D7E5EE8F9DC771958E48AC5BC78E00D2
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2213
Entropy (8bit):	5.852828063053159
Encrypted:	false
SSDEEP:	24:Yv6X7lzvrJpLgEGycjycR84b0nNFmerISIedJGWQxiEDtbpEsrAr3IAHlO25FEEQ:YvMJTJhgly48zFm/TWCt8KOP/nDi/V3
MD5:	08A2D07504093CC515B4CBD9AADA0204
SHA1:	5F72F82381E354D3D9A0F9604CCC84593A07D09F
SHA-256:	5017EAAD6CAB15D4ED71E649FDE5776FD13B630870137954886B52415134EEA1
SHA-512:	59793778628DC6D3AEC3BFBA6DDC10FD1CFB9C61E6D970D398FA3C6943230F2E7C98361B63252E56CFE483CDA17A6B41B3ACD1FD6FB3D0AA4E60EE992846ADBE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.299598370840859
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJf8dPeUkwRe9:YvXKXHblZc0vBhsGU8Ukee9
MD5:	FBBF2CC46F7F41BF70A6B2A04488515F
SHA1:	7408E15CA96260391C4F418405A60154F3C87DAD
SHA-256:	3CBC0762346827272D27FCE945375ACE31563739259D097E0CBC9F666AFE0B25
SHA-512:	BA758C74A6E51964A10C885A9514941FDD7ACFB0D52B6138ECD52F021A43232CD7D79F3C285E8505E5E60AE2A2662EDC83C3D72E162C19C0756E2B4082958E8C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.303793932187547
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJfQ1rPeUkwRe9:YvXKXHblZc0vBhsGY16Ukee9
MD5:	2FEAA66EEA0BB5B9C0CE21ACF3B1A97C
SHA1:	FD77B2446070F898A0F2C6A43B5A3F92D50AC6B7
SHA-256:	9B680AE1962BE708E10D2590F2CD87A18B8066D59520176CC427441A4A56EA5E
SHA-512:	A0566367C3BA6690609DE985B986F790CCB27B93F74B8ED8438BB1261C074063C21272101D23E11252DB943102B59435102E3025BCD4B92C2D09908E8E4CF787
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2160
Entropy (8bit):	5.841523991747056
Encrypted:	false
SSDEEP:	48:YvMJTEogbN48uOQ/GiyL4TwKOkQJi+ohJ3:G6g54nf/IQOkQJiFf
MD5:	C86579DFDAFC46EBE4145295D51EB460
SHA1:	091290654DC6C1596CD0D18B3F526B95CA1F84D6
SHA-256:	90BB20D81D9212F4FABEBCFC49FBED4A7C5B0D9D21087413BE725107B2C8A2D9
SHA-512:	E55D19B07400D82A1AF485D8418ECAA74B7F821F4D0731F3F7AFA77931A4F3531C14ED8D8CFD7B4A92800EA4298BD859293E533665C8001D39F1281D10AC75F6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.32551735312377
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJfzdPeUkwRe9:YvXKXHblZc0vBhsGb8Ukee9
MD5:	4A4BCF3B5B1543269CCDBDFBF5DBDB44
SHA1:	D7ECF1F953A3AE8828CD559337327F22FD44168E
SHA-256:	B6CD0696D9FD34CAEBC31BAE14443A9DABED28E106FF6806B106C7305E967031
SHA-512:	77FB8B2D6F7DED09CF233CAE52C3B3350AC6D363299174C21B6C731FB3D4A753613F29783685397044B5FA39431119A4169764EE7A67292BEBD4F3ACF48EA1D1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.305995036969364
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJfYdPeUkwRe9:YvXKXHblZc0vBhsGg8Ukee9
MD5:	5EA94ADAC1C45A8091F76FEC4A5EDF0F
SHA1:	A39830B2C0EC503998ADE38128CEB244EFE4FB27
SHA-256:	8ECE4BAB0A2BA5F1C4342EAA47AF3A4939FEB7F1BF7D6B90AAEE635595C5F1C7
SHA-512:	6B014841F451D6B6DB98282E1595600C8BD393E607F9C940F2218A1734F0DED1840E3F615B9617A412547CD7D8253D4C2DC1304630871F2D0037B22ED51088FF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.291833254684714
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJf+dPeUkwRe9:YvXKXHblZc0vBhsG28Ukee9
MD5:	158F86052BA6119464348A5C2A446331
SHA1:	49BF807C77A0DCEBD6724FA53B7787F59783B1C4
SHA-256:	5C86321D5BF6E1FCA444827CE031E7964716463AFA8195DAC6AFC4C91C603D91
SHA-512:	0D562D9B587C9FFC2645268DCFB2D4A810301626FDCA9029708713402E042E5C0465FC002894A432CC526DC71BE762EB823101299BF9C155F32DAE53B2DA4120
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.289500931640001
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJfbPtdPeUkwRe9:YvXKXHblZc0vBhsGDV8Ukee9
MD5:	9A060B76B8A8CCF107740515E20B694C
SHA1:	9E8F18941210628C0A04AEA96E6DDCCF759833AF
SHA-256:	78C9FD0218341EF5444C50EA1ACEAE5317D2DE1ECF154A96CE07E374D5DF97BB
SHA-512:	E18BE064D0574D917DD54A845616425B11D6C8C65F6E648A33F3DBD2312D9446655F4AD0CAFB8FC5700FCB53A83C5426AFC9829AAD53FFCFE0EDA67B86680819
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.29392098392947
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJf21rPeUkwRe9:YvXKXHblZc0vBhsG+16Ukee9
MD5:	D3306E492BEA034386D97C04BE2725E9
SHA1:	A6AF7801B3D0AA505D37E4F99521829646012AB4
SHA-256:	E52D9F58CB52D712D0AE11CD04FA55B98410D5C4C443FB3EFA238A83F5A0B507
SHA-512:	C1429E8FA8D65DF02504E63B6B5CC1DDE43ADD693C3B5A33798B7F3C3135D95939F8D22AFB14518E83F4E3188E39E580FB541120BB28E2E476790A10D8CE928D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2112
Entropy (8bit):	5.856230731202439
Encrypted:	false
SSDEEP:	24:Yv6X7lzvr5amXayLgEdycgNaLcR84brvXJkoerISIQ1iyLVFgKy1N8IAHlOBJEES:YvMJTFBgBG48kJko/SiyL4T0AFDA/V3
MD5:	E5C039174657268C98EFCA126AC25198
SHA1:	1578FDB4274E117D31789B01BB99F7C800E57985
SHA-256:	84E5607E0FFC1A042D6D7F4C8FFF93AEBB82C0BC600A55272F75744E0B10AD97
SHA-512:	A8D2D4A57FABF3F742D230C1D216E2EC813B6A47675277C0E919D052FA518AF6209B545CF9B05D62AF32FEE0D673BA6BDAEEFC562B75765301B9002A3E91B2A3
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.270301151817768
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJfshHHrPeUkwRe9:YvXKXHblZc0vBhsGUUUkee9
MD5:	4BEB35480ECF2E49D3643A545E7DEC2C
SHA1:	B63FA4EA73927F9DD966F4BC4CDBF3F9089D7FDD
SHA-256:	A3F53902485294F17DF16941D3D3E51409DE9865A36F9A1C3FBDD51B830D4CCA
SHA-512:	4E6116E4E6A24A6618D633EC1D69F20EF542A4FB190F405170122B016ED2AA25BE7D60B16EE338B7DB54949332E180938464F1FC4CC9C3A0299391D0167B057D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.268656609175762
Encrypted:	false
SSDEEP:	6:YEQXJ2HXk4bkVoZcg1vRcR0YQPZDoAvJTqgFCrPeUkwRe9:YvXKXHblZc0vBhsGTq16Ukee9
MD5:	B9EDB73461DCA2E58DBEA2C8118B71AD
SHA1:	AE5A91BDD45BE5988CBF4C98ADE43F5921691D41
SHA-256:	FCFFB3F2FCCC095F6E0E48FF14F60ED409FA0C4AA6F812B58BE5BB4CEBF03356
SHA-512:	9ACFDD107FC50B4537C4EEC73E1B8C8E6046A7AC622F4F88B62C6FAFDAB9ED3915BC783B6E56351F961CF4BD6E31D433EE4DDB33DB3C76207A98A30926574077
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"1563782c-9286-4158-ad02-527f0820f440","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1744853004876,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.148843209830088
Encrypted:	false
SSDEEP:	24:YjkVwh+GaBqaylFr/RPbPLcQY3/JoJ0L4ov6QTfG4TPj2VJBj0S9fk2dkC2CA2LI:Yj/hARoJ0zGI2VHSGiRAu5JIl5bW9DQG
MD5:	ACAD35BFEC39871EB67A84221FABB888
SHA1:	E43B80DB05A26A7D276E4A9FCF770DD412D27B10
SHA-256:	736A2E948EBA413A076845C4F3A99B63C78FE4796A407E5A2475F6B04F080A48
SHA-512:	EB937170D93F757EF8D9B24828630312845BB9097D5E29DD6B30958D37EF582DE2154D35520F792DF1772C43048B787CEEFA04C3F5AF1A3A78EDADD3A79F3D05
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"6b11542d2fb55a0ab4334b9bc36720bf","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1744677219000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"34809eab615113933449045eabec823f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1744677219000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"a51821494b19d797fdbe989322588fe6","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1744677219000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"a54a33c0f06978f11fbb1b320a7d6124","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1744677219000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"6bea98997aa676930c33db25ad00cbdb","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1744677219000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"1da56dc84aa3a9b0dbb4368ec3c82764","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.187823082317734
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUTSvR9H9vxFGiDIAEkGVvpf:lNVmswUUUUUUUUT+FGSItL
MD5:	2703B71C7080C4EE000ACC9DB57AC53B
SHA1:	05EBC6B85BE46E396A62AA6F735B1E03F37DEEB2
SHA-256:	100387C8F3D3CDCD755028F6EEDE2CE91BD0D6D6D4E3BCB572FCBE90F7F3FBCC
SHA-512:	9A39D0B621683B49A0CF53C528F2E4A95F32D0810374F8253947704B24B60AB099CBD98FE65792DB98CCF19E3C87168C7DD1C75DA90D3F196484A98FE24B5C1D
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.6065826172608
Encrypted:	false
SSDEEP:	48:7M+gKUUUUUUUUUUXvR9H9vxFGiDIAEkGVvgqFl2GL7ms3:7ZUUUUUUUUUUvFGSItmKVms3
MD5:	6DFA9991F940A0A91B3CC39569D24223
SHA1:	653DF6163260A0A7C9AE3AD621D91D9026216839
SHA-256:	22EF387837AAB69C963BCBC40ABEB231C60E7B85D040AAC8D98AEC7872F0FFD4
SHA-512:	E9476AEB749A931FE7BD4993BD903E507A5E7749E0F5744DCA6A5B83E3DB04D435292C51D4E6AAD84EED8258BCC19B478612F6661A8FC4BA35E97F4B5041BCBE
Malicious:	false
Preview:	.... .c.....?.RB......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSId7b55.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5197430193686525
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84RClVfnH:Qw946cPbiOxDlbYnuRKO
MD5:	A396A72FC751A15391823040FA1B2BFC
SHA1:	DD3BE5F0BB6319C43EAE12EF2DF71278244FCFA8
SHA-256:	A46E1E930B23AD611F154E2E28B9F0DFF5D10AFC35A9E1EA3ED376D3B96DA71D
SHA-512:	70854A2DD12DE4A63E20042C93CFAB70A847DCE06E1CFCED314A97A589907FED8A0B7F1877D8899FCDEA07FE4F4302B456F43730BAC4106307D4F6E1F7E1B91A
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.4./.0.4./.2.0.2.5. . .2.0.:.3.3.:.3.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-14 20-33-15-523.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.37756318441024
Encrypted:	false
SSDEEP:	384:k1xsaGUiMeNl0zRAebIzicBQI30yVxP/1piLcdB/zf7KUOheg86WO3ODWn1U6vXs:xkQ
MD5:	ABFE6A9DDFEBEBCA8EB49615E3B4FABB
SHA1:	5C440F3581A160DCF07042E5F8F5340F1C31FD0F
SHA-256:	2A7D1907F9708054CB89A351C3563251ADCF42C30B45E1BCF9E182CC559DD1DB
SHA-512:	A59C96727861184A9EEE300E28EA2D6E65A6AC85C4FF8BB4937C15F926E0F0DCBEC71516254A08250B3EB7A359CBE5E8D258618815D01188F01E6CD20F07E27E
Malicious:	false
Preview:	SessionID=a94bd3a1-b2df-4f47-961b-f62b86158671.1744677195613 Timestamp=2025-04-14T20:33:15:613-0400 ThreadID=8144 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=a94bd3a1-b2df-4f47-961b-f62b86158671.1744677195613 Timestamp=2025-04-14T20:33:15:630-0400 ThreadID=8144 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=a94bd3a1-b2df-4f47-961b-f62b86158671.1744677195613 Timestamp=2025-04-14T20:33:15:630-0400 ThreadID=8144 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=a94bd3a1-b2df-4f47-961b-f62b86158671.1744677195613 Timestamp=2025-04-14T20:33:15:630-0400 ThreadID=8144 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=a94bd3a1-b2df-4f47-961b-f62b86158671.1744677195613 Timestamp=2025-04-14T20:33:15:637-0400 ThreadID=8144 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.395196317973805
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rq:e
MD5:	EAA79052373815B236920C6B5725114D
SHA1:	71030B9896FDEDF3313655BE9F74EDD35313B0F3
SHA-256:	05B81C646CEA407445B73EAE8FFE6FBBA8800B51D2B3ACC475945442C05C89F3
SHA-512:	FF819922AB44C5A909EC440A469C25BA3D5C27FB9C0880D1E87C38C9021982DFEAF081149B2386FD65DED401018B9F4A7C60DFDCBEAFCB7F93E8190AFD912151
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\183ba639-ce78-4fb8-9f62-5a087ab92260.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
MD5:	774036904FF86EB19FCE18B796528E1E
SHA1:	2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
SHA-256:	D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
SHA-512:	9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
Malicious:	false
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\283b9738-a8a3-499c-b345-c3d08fdc92a8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3PhTJJJJv+9UZP5+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEas:O3PJJJJJm94kegf121YS8lkipdjMMNBn
MD5:	0FD93E20C1612CF7CCA0771CD40D762F
SHA1:	696E5156CF167B4CF06FF0D5DF3B5D46FABDBD77
SHA-256:	9CA209D9F3FEF3163FA292A2523DFFB0CE40E2E1067F4E4502A3B9DC8263B56A
SHA-512:	4CD9E26DE55F15209FD93F553965596986144C4B9A5301FFA8A067492DDB2E19DB2CE1B35F33BED0883705972151F058E6AAD5A143AD1BC0735D94B056BA6B58
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\41b9c2b6-8830-42ff-91bd-6e9cbfd765a2.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3PhTJJJJv+9UZP5+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEas:O3PJJJJJm94kegf121YS8lkipdjMMNBn
MD5:	0FD93E20C1612CF7CCA0771CD40D762F
SHA1:	696E5156CF167B4CF06FF0D5DF3B5D46FABDBD77
SHA-256:	9CA209D9F3FEF3163FA292A2523DFFB0CE40E2E1067F4E4502A3B9DC8263B56A
SHA-512:	4CD9E26DE55F15209FD93F553965596986144C4B9A5301FFA8A067492DDB2E19DB2CE1B35F33BED0883705972151F058E6AAD5A143AD1BC0735D94B056BA6B58
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\51a1eead-f0db-4a56-8caa-42dd877e3c61.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
MD5:	774036904FF86EB19FCE18B796528E1E
SHA1:	2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
SHA-256:	D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
SHA-512:	9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
Malicious:	false
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\52b9024a-a7e6-4099-af93-5e20285e46eb.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+fBYCERXTJJl:O3Pjegf121YS8lkipdjMMNB1DofjEGJH
MD5:	BAEB02CA18ECB74EF8E03548852D207E
SHA1:	938A6EC3EDE559AC243A95F30E8AB9FC7B0FCCFF
SHA-256:	6600D8F4A7E866FBB4A67A02983976662050AF139C88C978748CC221E899E92D
SHA-512:	1E7BE870ED21E20E9DA74C71B57C2BC6A41AB0039DD45DB76115157C1F97D6DE581DBBBA25B9FF3D55E3A164498A9E92A609B1F11586BEDFE9EF150BD607E8CC
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\65467481-9e1b-4d98-90fa-1c5a36e96c74.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
MD5:	774036904FF86EB19FCE18B796528E1E
SHA1:	2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
SHA-256:	D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
SHA-512:	9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
Malicious:	false
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\86a9bb63-d764-4e1b-b8b0-5ed9de4f2100.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:eXl7oMOWLaGZjeYIGNPLdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:Q+VWLaGZjeZGR3mlind9i4ufFXpAXkru
MD5:	EEE67D86337DCFD7749BAA47AFDDD6FD
SHA1:	BAB5D7A204BC8CBAC61EC59EAD724A8B633AB3E9
SHA-256:	F1F5A9957A6D3E8BEF5516AA21FB26D04468B1DE9ED31296473F6AB2C6572787
SHA-512:	CCE4C7332A9E53AE660ACB66923CCBCF651B74563169DE0796D02A7B789AAD5785CB2AE982A0F4074A8C23A813C64847958E803D97A65E9B989A15D664F58DD3
Malicious:	false
Preview:	...........]..8.}. .)."{g.-.}plw.A........,..Y.tI.g.....)Q.H..'p#p`.U.S.H.)....e....a.><..w.....Dw..9.0Y~.......1.._......j.....Oh.q.\,....tn.....w..i.f..?A../.h.D..........n^......M..w......C....!..4.........w4q..F.1I.!A....(.........TN..'8...Q.........^...za..0Hm/.....{.....\....' ..1..0.qzD........'Y...... .m..8Bh... ...4...z..}.9..Lqp..M \Xe......Q..0..+C.B.4Ijm...o..co..q.d.~.8...\/.4.]....8...1.].D....K.\|...hp\..... .ch.....\.g..Qpf.{N....n<......'.....KS(.k..$Q.R...6..'.....7.!....{.....b....C.v~...x...FO^..O.d.>'>...........&.. ..WR...6...^.D..A...d1\|..F.g..g;.\...m..V..0..le.......4J..p.(..l'.....n_........n.0..P...Y.KJ.S.B.><.\C.}..~....,..k..V....XI#w..B..Q.B...t..\.lB;&!.n.(._=..>...+..a.......N.X{.{..ly.$V......@..E.....R.j.x[..V.....Ij.....mQ....-D....U1..J...F+.%...6.g.T.....X....(...w...8a..\1..^z.6...@R....l.i.A..,.......o..~^bM.E..qW^?.......!..)u.(&*.v....."c.H..Pp..uy...DP8.m3.:T..U=............0-~.B..w...D..'

C:\Users\user\AppData\Local\Temp\acrocef_low\97c40caf-6a46-4fc2-bb63-6b8dabd2a70d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 25552
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:eXl7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZjeYIGNPn:Q+B3mlind9i4ufFXpAXkrfUs0kWLaGZ9
MD5:	71E7640187F41D54C410BDE1ED0140D8
SHA1:	BBDC26E9B4172E5243C23745D31882F1C2C0BA6F
SHA-256:	F3746C4DC5EBC77985505ACF8CD469370D23CB52EF760742F653E672D054A4EE
SHA-512:	CAE63502DBFCA785BC59C505FF464E6C43D4477B3D78D0A9F2EF8AB5100A09DF45D9585E3D089B40959F37F93F31ABE99D53B8D991291ABCBE3344F9304598F2
Malicious:	false
Preview:	...........]..8.}. .)."{g.-.}plw.A........,..Y.tI.g.....)Q.H..'p#p`.U.S.H.)....e....a.><..w.....Dw..9.0Y~.......1.._......j.....Oh.q.\,....tn.....w..i.f..?A../.h.D..........n^......M..w......C....!..4.........w4q..F.1I.!A....(.........TN..'8...Q.........^...za..0Hm/.....{.....\....' ..1..0.qzD........'Y...... .m..8Bh... ...4...z..}.9..Lqp..M \Xe......Q..0..+C.B.4Ijm...o..co..q.d.~.8...\/.4.]....8...1.].D....K.\|...hp\..... .ch.....\.g..Qpf.{N....n<......'.....KS(.k..$Q.R...6..'.....7.!....{.....b....C.v~...x...FO^..O.d.>'>...........&.. ..WR...6...^.D..A...d1\|..F.g..g;.\...m..V..0..le.......4J..p.(..l'.....n_........n.0..P...Y.KJ.S.B.><.\C.}..~....,..k..V....XI#w..B..Q.B...t..\.lB;&!.n.(._=..>...+..a.......N.X{.{..ly.$V......@..E.....R.j.x[..V.....Ij.....mQ....-D....U1..J...F+.%...6.g.T.....X....(...w...8a..\1..^z.6...@R....l.i.A..,.......o..~^bM.E..qW^?.......!..)u.(&*.v....."c.H..Pp..uy...DP8.m3.:T..U=............0-~.B..w...D..'

C:\Users\user\AppData\Local\Temp\acrocef_low\97f23b74-eebe-4783-a1e3-82a106eb36cd.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3PhTJJJJv+9UZP5+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEas:O3PJJJJJm94kegf121YS8lkipdjMMNBn
MD5:	0FD93E20C1612CF7CCA0771CD40D762F
SHA1:	696E5156CF167B4CF06FF0D5DF3B5D46FABDBD77
SHA-256:	9CA209D9F3FEF3163FA292A2523DFFB0CE40E2E1067F4E4502A3B9DC8263B56A
SHA-512:	4CD9E26DE55F15209FD93F553965596986144C4B9A5301FFA8A067492DDB2E19DB2CE1B35F33BED0883705972151F058E6AAD5A143AD1BC0735D94B056BA6B58
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\ab40db74-cbe9-4304-a5fb-08e70e5a33f3.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:rBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOFjNOX1Lj3vfE4JvWTlP:r+Tegs661ybxrr/IxkB1mabFhOXZ/fEh
MD5:	C14EBC9A03804BAB863F67F539F142C6
SHA1:	FD44F63771819778149B24DD4B073940F5D95BFA
SHA-256:	A495629FA5E71EE50BB96F9C4CAEAC46E8B44BFC3F910A073348258F63DFAFCE
SHA-512:	8ED832A54A3925914E3BCFC96A3ABFF63A511ADAC79A869AD1569BB175CC1AF84E6C2BD20FA2187A5C3B733625EDE5D95C2172B24ED2F252835689F6D4A0F5A2
Malicious:	false
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\bbd59cfa-bef4-403c-ba7b-159942042615.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3PhTJJJJv+9UZP5+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEas:O3PJJJJJm94kegf121YS8lkipdjMMNBn
MD5:	0FD93E20C1612CF7CCA0771CD40D762F
SHA1:	696E5156CF167B4CF06FF0D5DF3B5D46FABDBD77
SHA-256:	9CA209D9F3FEF3163FA292A2523DFFB0CE40E2E1067F4E4502A3B9DC8263B56A
SHA-512:	4CD9E26DE55F15209FD93F553965596986144C4B9A5301FFA8A067492DDB2E19DB2CE1B35F33BED0883705972151F058E6AAD5A143AD1BC0735D94B056BA6B58
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\bfe682ae-67d4-437e-bcfc-3722dcece790.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\cac940e2-ccbd-4283-8f81-1fefe074bc1d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 160932
Category:	dropped
Size (bytes):	669332
Entropy (8bit):	7.976659911351141
Encrypted:	false
SSDEEP:	12288:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1mabFhOXZ/fEa+DNh3P6Q21ab5/eOMHxUc:qegf1JJJJm94dMNB1Dofjc3PJ21abRe1
MD5:	24D7AD98A91C1EDD78496C22FF9E3279
SHA1:	C3C25238C60B427EDB496EB2C960A4F907242B5E
SHA-256:	58EBD665845A0782D49F054F1AD0D3AF7DB4F4C09C5304B517DE43C4242F2AB3
SHA-512:	F0C53F57C8700D725DE6ABCD07411B5F685CDCB80AB78735F196FF067A36497C4569F87FF882150292480C9CCFD2956FE8BF8D6EC8A261BB9076109130CD7021
Malicious:	false
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\cbb0e475-89fb-4070-af3c-6e860cc5c32d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
MD5:	774036904FF86EB19FCE18B796528E1E
SHA1:	2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
SHA-256:	D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
SHA-512:	9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
Malicious:	false
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\d181728c-3d40-46cf-9b54-cd51bc714dcb.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3PhTJJJJv+9UZP5+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEas:O3PJJJJJm94kegf121YS8lkipdjMMNBn
MD5:	0FD93E20C1612CF7CCA0771CD40D762F
SHA1:	696E5156CF167B4CF06FF0D5DF3B5D46FABDBD77
SHA-256:	9CA209D9F3FEF3163FA292A2523DFFB0CE40E2E1067F4E4502A3B9DC8263B56A
SHA-512:	4CD9E26DE55F15209FD93F553965596986144C4B9A5301FFA8A067492DDB2E19DB2CE1B35F33BED0883705972151F058E6AAD5A143AD1BC0735D94B056BA6B58
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\fdc87292-d4f5-4016-85f1-cdb5ae395027.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 921996
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:rBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOFjNOX1Lj3vfE4JvWTlP:r+Tegs661ybxrr/IxkB1mabFhOXZ/fEh
MD5:	C14EBC9A03804BAB863F67F539F142C6
SHA1:	FD44F63771819778149B24DD4B073940F5D95BFA
SHA-256:	A495629FA5E71EE50BB96F9C4CAEAC46E8B44BFC3F910A073348258F63DFAFCE
SHA-512:	8ED832A54A3925914E3BCFC96A3ABFF63A511ADAC79A869AD1569BB175CC1AF84E6C2BD20FA2187A5C3B733625EDE5D95C2172B24ED2F252835689F6D4A0F5A2
Malicious:	false
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\ff892d5b-d3b3-42dc-bfa0-42c366c4ce4e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3PhTJJJJv+9UZP5+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEas:O3PJJJJJm94kegf121YS8lkipdjMMNBn
MD5:	0FD93E20C1612CF7CCA0771CD40D762F
SHA1:	696E5156CF167B4CF06FF0D5DF3B5D46FABDBD77
SHA-256:	9CA209D9F3FEF3163FA292A2523DFFB0CE40E2E1067F4E4502A3B9DC8263B56A
SHA-512:	4CD9E26DE55F15209FD93F553965596986144C4B9A5301FFA8A067492DDB2E19DB2CE1B35F33BED0883705972151F058E6AAD5A143AD1BC0735D94B056BA6B58
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.7, 1 pages
Entropy (8bit):	3.961112410059605
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	R93FadYc2e.pdf
File size:	43'527 bytes
MD5:	3cc81a519188b1d380a8ce3429dea82c
SHA1:	3aa21755e38acab65caad796b74f9699de072595
SHA256:	eacd7f1d6733e1ce61cd7b0bdcc06205e22140cc2a1ea3467e70f9343efe84e5
SHA512:	34f6fa7a7ce2eea0f7311f26a63ab7937957c7e96d0a5de054488807c3f3d7b83f8872b9d54c05caca6aebcdd477822dd34eb2addbd4836580608ecf2937d2d6
SSDEEP:	768:9Z2dJyXy1y9i9ZmlyCgL35YjxH1MgpShXJaWeDrCvF+P6S7VljTj:9Z2dJyXyui9ZpCXddrOWTlPj
TLSH:	9E13B8D8A799D01766CD1E83BF427EEDE076A4B698C8F34786A47A5D24BC407C2B4DC0
File Content Preview:	%PDF-1.7..1 0 obj % entry point.<<. /Type /Catalog. /Pages 2 0 R.>>.endobj..2 0 obj.<<. /Type /Pages. /MediaBox [ 0 0 200 200 ]. /Count 1. /Kids [ 3 0 R ].>>.endobj..3 0 obj.<<. /Type /Page. /Parent 2 0 R. /Resources <<. /Font <<. /F1 4

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	3.961112
Total Bytes:	43527
Stream Entropy:	4.305540
Stream Bytes:	45
Entropy outside Streams:	3.955718
Bytes outside Streams:	43482
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	5
endobj	5
stream	1
endstream	1
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 02:33:35.246608973 CEST	49736	80	192.168.2.4	23.216.73.76
Apr 15, 2025 02:33:35.352839947 CEST	80	49736	23.216.73.76	192.168.2.4
Apr 15, 2025 02:33:35.353122950 CEST	49736	80	192.168.2.4	23.216.73.76
Apr 15, 2025 02:33:35.353266954 CEST	49736	80	192.168.2.4	23.216.73.76
Apr 15, 2025 02:33:35.459156036 CEST	80	49736	23.216.73.76	192.168.2.4
Apr 15, 2025 02:33:35.461177111 CEST	80	49736	23.216.73.76	192.168.2.4
Apr 15, 2025 02:33:35.461188078 CEST	80	49736	23.216.73.76	192.168.2.4
Apr 15, 2025 02:33:35.461268902 CEST	49736	80	192.168.2.4	23.216.73.76
Apr 15, 2025 02:34:35.879509926 CEST	49736	80	192.168.2.4	23.216.73.76
Apr 15, 2025 02:34:35.984945059 CEST	80	49736	23.216.73.76	192.168.2.4
Apr 15, 2025 02:34:35.985037088 CEST	49736	80	192.168.2.4	23.216.73.76

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 02:33:35.133071899 CEST	56221	53	192.168.2.4	1.1.1.1
Apr 15, 2025 02:33:35.241525888 CEST	53	56221	1.1.1.1	192.168.2.4
Apr 15, 2025 02:33:55.830856085 CEST	62958	53	192.168.2.4	1.1.1.1
Apr 15, 2025 02:33:55.939030886 CEST	53	62958	1.1.1.1	192.168.2.4
Apr 15, 2025 02:34:19.924776077 CEST	58906	53	192.168.2.4	1.1.1.1
Apr 15, 2025 02:34:20.033935070 CEST	53	58906	1.1.1.1	192.168.2.4
Apr 15, 2025 02:34:43.989525080 CEST	56778	53	192.168.2.4	1.1.1.1
Apr 15, 2025 02:34:44.098140001 CEST	53	56778	1.1.1.1	192.168.2.4
Apr 15, 2025 02:35:08.089756012 CEST	64888	53	192.168.2.4	1.1.1.1
Apr 15, 2025 02:35:08.197428942 CEST	53	64888	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 15, 2025 02:33:35.133071899 CEST	192.168.2.4	1.1.1.1	0x8c2f	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Apr 15, 2025 02:33:55.830856085 CEST	192.168.2.4	1.1.1.1	0xa05c	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Apr 15, 2025 02:34:19.924776077 CEST	192.168.2.4	1.1.1.1	0x79a1	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Apr 15, 2025 02:34:43.989525080 CEST	192.168.2.4	1.1.1.1	0xd59	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Apr 15, 2025 02:35:08.089756012 CEST	192.168.2.4	1.1.1.1	0xb8d3	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 15, 2025 02:33:27.333782911 CEST	1.1.1.1	192.168.2.4	0x756c	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Apr 15, 2025 02:33:27.333782911 CEST	1.1.1.1	192.168.2.4	0x756c	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Apr 15, 2025 02:33:35.241525888 CEST	1.1.1.1	192.168.2.4	0x8c2f	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 02:33:35.241525888 CEST	1.1.1.1	192.168.2.4	0x8c2f	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 02:33:35.241525888 CEST	1.1.1.1	192.168.2.4	0x8c2f	No error (0)	e8652.dscx.akamaiedge.net		23.216.73.76	A (IP address)	IN (0x0001)	false
Apr 15, 2025 02:33:55.939030886 CEST	1.1.1.1	192.168.2.4	0xa05c	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 02:33:55.939030886 CEST	1.1.1.1	192.168.2.4	0xa05c	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 02:33:55.939030886 CEST	1.1.1.1	192.168.2.4	0xa05c	No error (0)	e8652.dscx.akamaiedge.net		23.207.49.54	A (IP address)	IN (0x0001)	false
Apr 15, 2025 02:34:20.033935070 CEST	1.1.1.1	192.168.2.4	0x79a1	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 02:34:20.033935070 CEST	1.1.1.1	192.168.2.4	0x79a1	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 02:34:20.033935070 CEST	1.1.1.1	192.168.2.4	0x79a1	No error (0)	e8652.dscx.akamaiedge.net		23.216.73.76	A (IP address)	IN (0x0001)	false
Apr 15, 2025 02:34:44.098140001 CEST	1.1.1.1	192.168.2.4	0xd59	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 02:34:44.098140001 CEST	1.1.1.1	192.168.2.4	0xd59	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 02:34:44.098140001 CEST	1.1.1.1	192.168.2.4	0xd59	No error (0)	e8652.dscx.akamaiedge.net		104.123.201.50	A (IP address)	IN (0x0001)	false
Apr 15, 2025 02:35:08.197428942 CEST	1.1.1.1	192.168.2.4	0xb8d3	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 02:35:08.197428942 CEST	1.1.1.1	192.168.2.4	0xb8d3	No error (0)	crl.root-x1.letsencrypt.org.edgekey.net	e8652.dscx.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 02:35:08.197428942 CEST	1.1.1.1	192.168.2.4	0xb8d3	No error (0)	e8652.dscx.akamaiedge.net		104.123.201.50	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

x1.i.lencr.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	23.216.73.76	80	7636	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2025 02:33:35.353266954 CEST	115	OUT	GET / HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/10.0 Host: x1.i.lencr.org
Apr 15, 2025 02:33:35.461177111 CEST	1358	IN	HTTP/1.1 200 OK Server: nginx Content-Type: application/pkix-cert Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT ETag: "64cd6654-56f" Content-Disposition: attachment; filename="ISRG Root X1.der" Cache-Control: max-age=17282 Expires: Tue, 15 Apr 2025 05:21:37 GMT Date: Tue, 15 Apr 2025 00:33:35 GMT Content-Length: 1391 Connection: keep-alive Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED] Data Ascii: 0k0S@YDcc0H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G\|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urIAv5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP\|Ctt0[q600\H;}`)A\|;FHvvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!~Lq`9!VPYYbEf\|o;'}~"+"
Apr 15, 2025 02:33:35.461188078 CEST	387	IN	Data Raw: 0e 8f f2 8a 34 5b 58 d8 fc 01 c9 54 b9 b8 26 cc 8a 88 33 89 4c 2d 84 3c 82 df ee 96 57 05 ba 2c bb f7 c4 b7 c7 4e 3b 82 be 31 c8 22 73 73 92 d1 c2 80 a4 39 39 10 33 23 82 4c 3c 9f 86 b2 55 98 1d be 29 86 8c 22 9b 9e e2 6b 3b 57 3a 82 70 4d dc 09 Data Ascii: 4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{^FS\|7B*HL9GR+3S}MmBo@'5\(3#PylFn~:R-?[$

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7860, Parent PID: 3964

General

Target ID:	1
Start time:	20:33:10
Start date:	14/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\R93FadYc2e.pdf"
Imagebase:	0x7ff7fc350000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 8100, Parent PID: 7860

General

Target ID:	2
Start time:	20:33:11
Start date:	14/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6c4cd0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7636, Parent PID: 7860

General

Target ID:	7
Start time:	20:33:19
Start date:	14/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6c4cd0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 5704, Parent PID: 7636

General

Target ID:	8
Start time:	20:33:20
Start date:	14/04/2025
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2332 --field-trial-handle=1576,i,10324348253521878992,18048957707765539991,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6c4cd0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report R93FadYc2e.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a8ac08a1-f762-4c37-a000-cc0026d816de.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250415003318Z-250.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7952

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Windows Analysis Report
R93FadYc2e.pdf