Edit tour

Windows Analysis Report
privacy_cieb_hipaa_authorization.pdf

Overview

General Information

Sample name:	privacy_cieb_hipaa_authorization.pdf
Analysis ID:	1542131
MD5:	71fdbd1f71a05334d91d5faeef704c37
SHA1:	c57b4ca78af0c4c546c653d480d38a889c467e85
SHA256:	bc422583a4ee5158e05add18f2673b09aa451023fdc5c78562565ffd2e50fea3
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7280 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\privacy_cieb_hipaa_authorization.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7480 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7672 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1536,i,9421411581824083625,169098937294326978,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.dr

String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean0.winPDF@14/31@2/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A94azkde_1msciff_5oo.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\privacy_cieb_hipaa_authorization.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1536,i,9421411581824083625,169098937294326978,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1536,i,9421411581824083625,169098937294326978,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: privacy_cieb_hipaa_authorization.pdf	Initial sample: PDF keyword /JS count = 0
Source: privacy_cieb_hipaa_authorization.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A94azkde_1msciff_5oo.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A94azkde_1msciff_5oo.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0
Source: A94znwnv_1mscifg_5oo.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A94znwnv_1mscifg_5oo.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0
Source: A9yuz94x_1mscifi_5oo.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9yuz94x_1mscifi_5oo.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: privacy_cieb_hipaa_authorization.pdf

Initial sample: PDF keyword stream count = 68

Source: A94azkde_1msciff_5oo.tmp.0.dr

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: privacy_cieb_hipaa_authorization.pdf

Initial sample: PDF keyword /ObjStm count = 8

Source: privacy_cieb_hipaa_authorization.pdf

Initial sample: PDF keyword obj count = 72

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
privacy_cieb_hipaa_authorization.pdf	0%	ReversingLabs

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
x1.i.lencr.org	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.1.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542131
Start date and time:	2024-10-25 15:27:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	privacy_cieb_hipaa_authorization.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/31@2/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.143, 2.19.126.149, 54.144.73.197, 107.22.247.231, 18.207.85.246, 34.193.227.236, 172.64.41.3, 162.159.61.3, 2.23.197.184, 88.221.168.141, 2.16.202.105, 2.16.202.97, 2.16.202.9, 2.16.202.59, 2.16.202.16, 95.101.54.218, 2.16.202.83, 95.101.54.243, 2.16.202.66, 72.246.169.163
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: privacy_cieb_hipaa_authorization.pdf

Simulations

Behavior and APIs

Time	Type	Description
09:29:00	API Interceptor	1x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.261638815524676
Encrypted:	false
SSDEEP:	6:RTSleyq2Pwkn2nKuAl9OmbnIFUt8ETS2/1Zmw+ETSvRjRkwOwkn2nKuAl9OmbjLJ:1SleyvYfHAahFUt8mS29/+mSvpR5JfHi
MD5:	2E30563F6C0F1840B4E25B3CF08FA58E
SHA1:	8405CE42A13E3D88710DB60D621839703852B9D6
SHA-256:	32DA22CCFC5387AF3892FF1B9889E3FE07DC9C3395C5801A844EF87916A932A3
SHA-512:	020759426C752D6828E7D1137F5D3750E46E0408F125EF724C41995CD95871C1139D1D1FA6D024201E373355BA81592EA41CD8A9055CC8EC1BF0907D21D9EFDD
Malicious:	false
Reputation:	low
Preview:	2024/10/25-09:28:47.724 1d54 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-09:28:47.726 1d54 Recovering log #3.2024/10/25-09:28:47.727 1d54 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.261638815524676
Encrypted:	false
SSDEEP:	6:RTSleyq2Pwkn2nKuAl9OmbnIFUt8ETS2/1Zmw+ETSvRjRkwOwkn2nKuAl9OmbjLJ:1SleyvYfHAahFUt8mS29/+mSvpR5JfHi
MD5:	2E30563F6C0F1840B4E25B3CF08FA58E
SHA1:	8405CE42A13E3D88710DB60D621839703852B9D6
SHA-256:	32DA22CCFC5387AF3892FF1B9889E3FE07DC9C3395C5801A844EF87916A932A3
SHA-512:	020759426C752D6828E7D1137F5D3750E46E0408F125EF724C41995CD95871C1139D1D1FA6D024201E373355BA81592EA41CD8A9055CC8EC1BF0907D21D9EFDD
Malicious:	false
Preview:	2024/10/25-09:28:47.724 1d54 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-09:28:47.726 1d54 Recovering log #3.2024/10/25-09:28:47.727 1d54 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.184620200199973
Encrypted:	false
SSDEEP:	6:RTSlVgyq2Pwkn2nKuAl9Ombzo2jMGIFUt8ETSlnz1Zmw+ETSlXPU9RkwOwkn2nK3:1S9vYfHAa8uFUt8mSR1/+mSNPA5JfHAv
MD5:	9E3DB608A6115B3B6F39B3D79C876F99
SHA1:	090FFF96D815F77CEF90845C0F114173DDC63340
SHA-256:	4D7A5D7E208726C5346D3687E96404C63AA76150D28157F3DDF57E650AF4761A
SHA-512:	DB6FE0FB8A155330FC0A1669686B3DB2BB56092BE8E73021FA711F3C1F59BC184867DF04E704E684F5BF45AB08DE3C94FB4F1D5B9BCCA1D5969DA4E518416270
Malicious:	false
Preview:	2024/10/25-09:28:47.770 1e10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-09:28:47.771 1e10 Recovering log #3.2024/10/25-09:28:47.772 1e10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.184620200199973
Encrypted:	false
SSDEEP:	6:RTSlVgyq2Pwkn2nKuAl9Ombzo2jMGIFUt8ETSlnz1Zmw+ETSlXPU9RkwOwkn2nK3:1S9vYfHAa8uFUt8mSR1/+mSNPA5JfHAv
MD5:	9E3DB608A6115B3B6F39B3D79C876F99
SHA1:	090FFF96D815F77CEF90845C0F114173DDC63340
SHA-256:	4D7A5D7E208726C5346D3687E96404C63AA76150D28157F3DDF57E650AF4761A
SHA-512:	DB6FE0FB8A155330FC0A1669686B3DB2BB56092BE8E73021FA711F3C1F59BC184867DF04E704E684F5BF45AB08DE3C94FB4F1D5B9BCCA1D5969DA4E518416270
Malicious:	false
Preview:	2024/10/25-09:28:47.770 1e10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-09:28:47.771 1e10 Recovering log #3.2024/10/25-09:28:47.772 1e10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.968137574824206
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq7PSsBdOg2Hicaq3QYiubInP7E4T3y:Y2sRdsyvdMHt3QYhbG7nby
MD5:	98CE4E9500370604FCE7F6B73E76E7A7
SHA1:	6EEC34AC67D98CC960EA0F2D72E09542FA82B674
SHA-256:	C6B7CF23067E0689F64135423B53D5152809A54BE22FC1F5D383B40CC887CD24
SHA-512:	463D2D866B3C068F51ADCFEB381C5419A1B9C246B88473EA43456529D8912014D7731B63A8CEA294348734BD2B93D804BCF6A27CB4511B876251EBBC57E9CA6D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374422933608973","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":269290},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\acbda0eb-034a-46bb-a618-f8c2fcfca926.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.968137574824206
Encrypted:	false
SSDEEP:	12:YH/um3RA8sq7PSsBdOg2Hicaq3QYiubInP7E4T3y:Y2sRdsyvdMHt3QYhbG7nby
MD5:	98CE4E9500370604FCE7F6B73E76E7A7
SHA1:	6EEC34AC67D98CC960EA0F2D72E09542FA82B674
SHA-256:	C6B7CF23067E0689F64135423B53D5152809A54BE22FC1F5D383B40CC887CD24
SHA-512:	463D2D866B3C068F51ADCFEB381C5419A1B9C246B88473EA43456529D8912014D7731B63A8CEA294348734BD2B93D804BCF6A27CB4511B876251EBBC57E9CA6D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374422933608973","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":269290},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.258777114066382
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7HpAXplZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goK
MD5:	9B889B75C0CB8186E4E0162F1A10B981
SHA1:	BF32F73836C0591B65FAA93D0CDDAE7EBAE14B1B
SHA-256:	F602DA4F4A9B0977B4EA8DC79DA955D2A6FE87E689DD3D3C4EB9231C3313B6FB
SHA-512:	239BBBA9B9371CB6803ED59AFCF229C39CDEE42641C7CB8E3D3D6C2A49BEAC3F7AE2FFFFB0F048FC3B98ADBBBB78A68948D1E114A9E38430C66EDAD2A0EAE19C
Malicious:	false
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.213950776230132
Encrypted:	false
SSDEEP:	6:RTS3Jlyq2Pwkn2nKuAl9OmbzNMxIFUt8ETSsZ1Zmw+ETSsPRkwOwkn2nKuAl9Omk:1SqvYfHAa8jFUt8mSsZ1/+mSsJ5JfHAo
MD5:	86FF8553F52B81A77E1AA8E8A88E0B55
SHA1:	6CFE7A9F40BA4F210874AC28EF536484E84B4C1C
SHA-256:	57687DB63BB69A0316C76E5FEE94E4AF81486CB01C1E7FE817AFA4D5E0EFDED5
SHA-512:	0A2AADEFD7F88C6E83DF5C25F9A72D87C7465740ECFC7EC8E3E31DDAE8BE25FD41048EFDABAE24E9CB0C541B118E43DA2F95FDD51CC79123CCD06D14698953BF
Malicious:	false
Preview:	2024/10/25-09:28:47.861 1e10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-09:28:47.862 1e10 Recovering log #3.2024/10/25-09:28:47.862 1e10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.213950776230132
Encrypted:	false
SSDEEP:	6:RTS3Jlyq2Pwkn2nKuAl9OmbzNMxIFUt8ETSsZ1Zmw+ETSsPRkwOwkn2nKuAl9Omk:1SqvYfHAa8jFUt8mSsZ1/+mSsJ5JfHAo
MD5:	86FF8553F52B81A77E1AA8E8A88E0B55
SHA1:	6CFE7A9F40BA4F210874AC28EF536484E84B4C1C
SHA-256:	57687DB63BB69A0316C76E5FEE94E4AF81486CB01C1E7FE817AFA4D5E0EFDED5
SHA-512:	0A2AADEFD7F88C6E83DF5C25F9A72D87C7465740ECFC7EC8E3E31DDAE8BE25FD41048EFDABAE24E9CB0C541B118E43DA2F95FDD51CC79123CCD06D14698953BF
Malicious:	false
Preview:	2024/10/25-09:28:47.861 1e10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-09:28:47.862 1e10 Recovering log #3.2024/10/25-09:28:47.862 1e10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025132851Z-237.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.1799443072536178
Encrypted:	false
SSDEEP:	96:+NaMDq5PB4ndM9bMA/J1AvMxMjvHMMNYxt4s4tMd3HMdOMIMMUc4A51MH4McaNVn:+NLDvWd43nDfFgzM44
MD5:	A88CB0171DBAF8CA842A58A52508206F
SHA1:	AF6CE77565194369CBB6F4E6717E93076E4674E6
SHA-256:	C377CF559C14AC5C49D8701D8EDB2B76720C3D5908FFA4A19D48FF88497A9387
SHA-512:	BC6C12529774470AB237D3ECD9708C42C14F94E46A3703C0925926F6562E89E1633BA991909A05B871A4B0B76E1834AD3A355FF096879F2EA9C6BAAA6592BD0F
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445189167284658
Encrypted:	false
SSDEEP:	384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL
MD5:	F28FCDCEEACE94CD80484977EC19E747
SHA1:	35FEBDF9F67E4C51D874E1C89CCAFC2914965515
SHA-256:	6EE1E94FCBBBFDA7838C34D4C8E1A206F6536E37C43A925C825647A8B7A0717A
SHA-512:	B35D7A2CD013E581167007B39772CE2291B5F0E64105E15D4DB0CF20CD10392184ACC6307F35DBA0126E891406EBAADD8013347D6EC3F6AE2F500A21F7B3BD23
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	modified
Size (bytes):	8720
Entropy (8bit):	3.7775432429949602
Encrypted:	false
SSDEEP:	48:7Mkp/E2ioyV7ioy9oWoy1Cwoy1vKOioy1noy1AYoy1Wioy1hioybioy7oy1noy1h:7Tpju7FCXKQqwb9IVXEBodRBk4
MD5:	F7A78110BEAFAC71843A3F848473A54A
SHA1:	8DCF98D96DB7AE4C5A52C9E1C8ABAE8489C67936
SHA-256:	2F62CD6F318BD7420398AE3699437EB649E70978B250F2428F20848D14699090
SHA-512:	941641E2981BFE2EDC0BD0B86E5D357F896D929676A3BAEF4060FD4E759E077F47C67B78644FF4005A3D399D6E2F0FDEC4D7809DCA6991AED31E8DABD1779C88
Malicious:	false
Preview:	.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.752969867432539
Encrypted:	false
SSDEEP:	3:kkFklcCDDtfllXlE/HT8k7OlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKFCveT8yKdNMa8RdWBwRd
MD5:	BE329E070B3C61ECA90A24130F0C8EC9
SHA1:	4E235DC785B1A311263EAE6636282A80CC53483C
SHA-256:	343A970167E5D3470DD24EFE589E32A2B10369F39E56E3A7519B5E5EB0350AE9
SHA-512:	BE1A4787263A7ADEBA01AA56E5BACA895C6564E8DFC08D75E5DD32C7AA64250BE28DBE4F277E0A449D9C86BD975EE716A7C8039E1D038451CCF96F6DF5CDABF5
Malicious:	false
Preview:	p...... ........o>H..&..(....................................................... ..........W....^I..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	247222
Entropy (8bit):	3.3426254379535267
Encrypted:	false
SSDEEP:	1536:vKPC/iyzDtrh1cK3XEivK7VK/3AYvYwgqZrRo+Run:yPC1J/3AYvYwgOFo+Run
MD5:	9E2DA398BEFA97EA9F624E655B3078E5
SHA1:	58D598F01EDFB3157EEA4F2547AB1C14005C0EAB
SHA-256:	F8FAC384F8EDFE303D640B08F64A9E99E570B2C9369DC206814120F7050A2394
SHA-512:	2541AF4870F41D21988BD04524EEA188E70903A73FD413E221C50CD0631A363913886C479289D0621EC39D3C9FEDCC8DE0C83FEA0A8AB5D47BAA21DF7454364F
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2145
Entropy (8bit):	5.0661105171255345
Encrypted:	false
SSDEEP:	48:YB2sL0/EY0bMSlMtCM5mMOpiMAW0MretMSMmkaMY:pv/SYtt55V6AWLre6JmkhY
MD5:	43FDD7AA5D387392B0B31BE4E1726754
SHA1:	4CED7323895A365E812406CBB54EBB3EE75F0C3D
SHA-256:	9A26925147617D50B554B212A08C232A76E7440B057E67B6B4825646949D89E6
SHA-512:	4383ACEE8A1F7E76C55D5EA1D6133E7FA24228E0D845636DD3970A7A727357AD99008DEE6FF369CC13DC27B0B4D49AB93C1BC0F43EA3CB348C3828308654D141
Malicious:	false
Preview:	{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1729862930000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"23c88c8acf166d9fda5ae4d83df3db72","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696420889000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d5fa85f4cf271b5fa75367efd1b392fa","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696420884000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"7c2ad79e375e3ea39f82a389e8a5841f","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696420882000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c3af48ba3dee086edbbf20dff46c7ee0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696333862000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"7101e009d8bf8920d0a3dd3f5dc75ebc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696333862000},{"id":"DC_Reader_Edit_LHP_Banner"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.187414904815992
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUxJSvR9H9vxFGiDIAEkGVvplS:lNVmswUUUUUUUUxJ+FGSItxS
MD5:	DAC447B6AE6FB08D6496B7A235F1CC74
SHA1:	0C1CB97BEFEBC800E01DEF92DBBCB06F9436AFC3
SHA-256:	70D59D73A9FFF2CEF05CCC16F4C839C6F7D1E1CCE35EC7EC81327561F95ADD07
SHA-512:	CE5C6143ED2890BD8E53D2D92B879D6383B302C5B3931EF367F3EA75528BEEA6DF25040D34835C4BFE877BDB45B39FAA907E842DFD33DBA2647EFD83554404B1
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.608128852412632
Encrypted:	false
SSDEEP:	48:7MPtKUUUUUUUUUUxhvR9H9vxFGiDIAEkGVv1fqFl2GL7msz:7EQUUUUUUUUUUxFFGSItDfKVmsz
MD5:	FA6561587723133371AC645AC574E8DB
SHA1:	034766F980AE09760E1A7C7B098D3D3382F38FAE
SHA-256:	D55E1CE94DAF5239388D8A11F992BA6FC81DC309E405E2D7253BFA15C53B2CE0
SHA-512:	E55E37224B1A9A8900D382CE92E6DD8CB21D4D349E3BC64312A9A217578D02CD5C138DDD41968B63A561932E1724CDAD11DE4869FA1A8BD9715B9B57C586D12D
Malicious:	false
Preview:	.... .c......^.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI6c213.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5263912796263748
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8jawlQKw:Qw946cPbiOxDlbYnuRKlKw
MD5:	CC53983790D98A7C4CEE3BCE5E789D9A
SHA1:	40A6F31F9C9DECEDB392A7CB9DBC650BF1D7385F
SHA-256:	5C1B39CD219612DB739EA79C2A2C94E568DB6745B55D7FF4237A5229A8DCCDD3
SHA-512:	48F1F9B82DEAD064CDB7A55CC6E65BBBCABAA14FDADD7A42A2022EA97A4B3DAB9B5D397521A884FBFBEDBFB519B04E4BD6102B25D9B1AFED37B2E03C4B5D3591
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.1.0./.2.0.2.4. . .0.9.:.2.8.:.5.5. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A94azkde_1msciff_5oo.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.091764173860572
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROObKmtSJTLwKmtSJTL4aCSyAAO:IngVMre9T0HQIDmy9g06JXuaSJTEKaSx
MD5:	7AAF250AB08C0E21465E1F7616A7084B
SHA1:	1DAD0600874A3C0F797EA96FF035E65FD6CE8D3B
SHA-256:	5DB63CCCA3BCBFDFFC6561414D03126F69618C8684DF42AF3C3BAF3EB80C2CFB
SHA-512:	9205078258C2C7B6BA121EBA63BF0AAADAD525C31861CCF57847CA7CD943ED33EE7AC42AD46BA6B0E9A0E992A56AD158361E9B0D6349302345DF23B90D0BFAD4
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<C852C64AD3A227468DB84C43729BF562><C852C64AD3A227468DB84C43729BF562>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A94znwnv_1mscifg_5oo.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.061629147674041
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOQkc0+PRjc0+P7MTCSyAAO:IngVMre9T0HQIDmy9g06JXgVXKX6lX
MD5:	49F32DD8DDC3F9A83998177D00C4A7BE
SHA1:	99E26B74CB637F9D18C92586FFCD0DF6EBBB84D0
SHA-256:	65B62FE223AD45291E0C6E3E933BEAE4B75E600DAD399ADA793CC6008E3E17AB
SHA-512:	8CA3CFFB38C23EC388B144999B5349A81F1CA4F796090DD5E5096A550B301CA04F9BA579851A3732F0793029512DE819FF7B4D4A3322D10D75650B261C2EF74D
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<1B1AD87190EFD246B015578A7194E39A><1B1AD87190EFD246B015578A7194E39A>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9yuz94x_1mscifi_5oo.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.094310585298911
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOAB6GB6uvLCSyAAO:IngVMre9T0HQIDmy9g06JX86e6gLlX
MD5:	E519252F806051FECBF6872235A30767
SHA1:	8F734015D0905B5B1D7750A1DF2937807ACB2441
SHA-256:	BCB83C280878F7E100735FAFC805C9BC81738367A548B4EAD8D5853C906D8BAF
SHA-512:	D6976A280EF98878EB80906228E6DAEB63688603A35993FE68F1C46B595C46F24B09CD65ABEB744734527631429494D23124291E335CC0BB1DB25D811436261C
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<C5AAAC868B53DF49BD7198B8921C0D43><C5AAAC868B53DF49BD7198B8921C0D43>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 09-28-49-938.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.35367500498074
Encrypted:	false
SSDEEP:	384:DG2zwzRzozGz3zJkzPzgz+MfM9Mm5p5l535bSMS4SJSSSlafUtfu7k1V1Z1TCdC3:QEZ
MD5:	0990C347698022B606896DDEB124AF3F
SHA1:	F53F9494DC00358BD3964F43E10EB7D9B035932A
SHA-256:	8B98407BC9F4BC72C60EC0209FA1D6D527A5F65127FDB3F6041E919C38BC32E9
SHA-512:	9A464A8C697F63EE6A68A3DDB2F0E146D4DBA47B44FDAEB2F00411852BCDB642BE098E2D680C6C2E957631F754A6C652ED8A536A6DA979E575003991CCBD554C
Malicious:	false
Preview:	SessionID=4846b932-4f05-4e5c-84df-bbf013b2f952.1729862929954 Timestamp=2024-10-25T09:28:49:954-0400 ThreadID=5812 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=4846b932-4f05-4e5c-84df-bbf013b2f952.1729862929954 Timestamp=2024-10-25T09:28:49:955-0400 ThreadID=5812 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=4846b932-4f05-4e5c-84df-bbf013b2f952.1729862929954 Timestamp=2024-10-25T09:28:49:955-0400 ThreadID=5812 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=4846b932-4f05-4e5c-84df-bbf013b2f952.1729862929954 Timestamp=2024-10-25T09:28:49:955-0400 ThreadID=5812 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=4846b932-4f05-4e5c-84df-bbf013b2f952.1729862929954 Timestamp=2024-10-25T09:28:49:955-0400 ThreadID=5812 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.39124451217731
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rT:P
MD5:	FF1DC031294A2F0D8896630148922BF8
SHA1:	8650709DFD0A6A778C48444C4A57FA9E171A7904
SHA-256:	DEC3E66CDAB17F9B84E7ACD1D146FD44B39214F713459F23D5626CB644CDBC64
SHA-512:	0406C1BAF9A5F799ECE60AE0781FEE9C8A12ABD8523F1E2BAE2356D0A9B96D0F91A86F951EFA707E22706BCD2EA3E9771D27EA7A55D00A3BBB7E8FA12A36F3D1
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\0caf8e4f-e05e-47b5-91c4-ff758d96002e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/6ZwYIGNPgeWL07oXGZSdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:CZwZG/WLxXGZS3mlind9i4ufFXpAXkrj
MD5:	02DBFDF24AE567A62D6DA6D004CD5B4D
SHA1:	ACF7A08EB89233C8628C94C7AE5554499C51875C
SHA-256:	46800AC00989EA7873C91716CE5CDFE7CEC821C74DA0BDF233A3CB16B0E789CE
SHA-512:	0A56CCD6C8B1DDE3E4A0857852BA9E73CEFA807A45743BDF4CC3B9DF1AF6BAFD42EFBD737B083B6611E82BDCC51427498C2E587A5BD4BB02B64D298E2F15C903
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\10be57fd-368c-45c4-b703-267dd06e2e01.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\7bab0a0c-0a7d-4b5b-83d5-1a794fce1a28.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\fc287385-a5d0-4d3a-b446-ef882fb3543c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

Static File Info

General

File type:	PDF document, version 1.7 (zip deflate encoded)
Entropy (8bit):	7.910290119342838
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	privacy_cieb_hipaa_authorization.pdf
File size:	238'332 bytes
MD5:	71fdbd1f71a05334d91d5faeef704c37
SHA1:	c57b4ca78af0c4c546c653d480d38a889c467e85
SHA256:	bc422583a4ee5158e05add18f2673b09aa451023fdc5c78562565ffd2e50fea3
SHA512:	6612da4abfdc2e4fdb834e7891781b890ba2b6a58dee2d388e9dc6a18881b252050b55d90b50616b495d1364859161e3350200a886f4f99d94e082537613a7e5
SSDEEP:	3072:lzjP/yae9pFQa6b5gH/4nFmjfzQDk+VFxU35ZyM5E5mwULhlH1UQNxr0R0xjYP+5:l/yt9pM9O4nFmPQjmZyM1jNF0R0xd6k
TLSH:	F63402D41567D490E0466630EB3E7AE5858770E338CC2E0A7F0D41EA5BD2BA3B99077B
File Content Preview:	%PDF-1.7.%......227 0 obj.<</Linearized 1/L 238332/O 232/E 59162/N 2/T 237911/H [ 603 384]>>.endobj. ..266 0 obj.<</DecodeParms<</Columns 4/Predictor 12>>/Filter/FlateDecode/ID[<7ABAC7C21DE35C41B0047E4550F615B2><62CF78E65D1C174299B246A600289D

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.910290
Total Bytes:	238332
Stream Entropy:	7.979525
Stream Bytes:	214681
Entropy outside Streams:	4.974731
Bytes outside Streams:	23651
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	72
endobj	72
stream	68
endstream	68
xref	0
trailer	0
startxref	2
/Page	2
/Encrypt	0
/ObjStm	8
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	9

Image Streams

ID	DHASH	MD5	Preview
264	68616c7365657669	fa84e5106e0f1c049eb127cd8a994294

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 15:29:01.109062910 CEST	62574	53	192.168.2.4	1.1.1.1
Oct 25, 2024 15:29:13.485125065 CEST	60347	53	192.168.2.4	1.1.1.1
Oct 25, 2024 15:29:24.067542076 CEST	53	56109	162.159.36.2	192.168.2.4
Oct 25, 2024 15:29:24.910612106 CEST	53	52580	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 15:29:01.109062910 CEST	192.168.2.4	1.1.1.1	0x96c	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 25, 2024 15:29:13.485125065 CEST	192.168.2.4	1.1.1.1	0x7f23	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 15:29:01.117357016 CEST	1.1.1.1	192.168.2.4	0x96c	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 25, 2024 15:29:13.493396997 CEST	1.1.1.1	192.168.2.4	0x7f23	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7280, Parent PID: 2580

General

Target ID:	0
Start time:	09:28:44
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\privacy_cieb_hipaa_authorization.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7480, Parent PID: 7280

General

Target ID:	1
Start time:	09:28:47
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7672, Parent PID: 7480

General

Target ID:	3
Start time:	09:28:47
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=1536,i,9421411581824083625,169098937294326978,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report privacy_cieb_hipaa_authorization.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\acbda0eb-034a-46bb-a618-f8c2fcfca926.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025132851Z-237.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI6c213.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A94azkde_1msciff_5oo.tmp

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A94znwnv_1mscifg_5oo.tmp

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9yuz94x_1mscifi_5oo.tmp

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 09-28-49-938.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\0caf8e4f-e05e-47b5-91c4-ff758d96002e.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\10be57fd-368c-45c4-b703-267dd06e2e01.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\7bab0a0c-0a7d-4b5b-83d5-1a794fce1a28.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\fc287385-a5d0-4d3a-b446-ef882fb3543c.tmp

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Windows Analysis Report
privacy_cieb_hipaa_authorization.pdf