Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BankAcc Confirmation Letter 002.pdf

Overview

General Information

Sample name:BankAcc Confirmation Letter 002.pdf
Analysis ID:1560169
MD5:6dbda2c52ca6bd0759d7c156962f333b
SHA1:233767c1551f4eacb99119170a563f175f47a161
SHA256:3d94bdfe2fa47e61495f488c3fb43e46d2c1af99174cbe2013b7352628ca6999
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

  • System is w10x64
  • Acrobat.exe (PID: 5616 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BankAcc Confirmation Letter 002.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6612 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5268 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1664,i,17052531450104719093,7534709632114952489,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 192.168.2.5:49716 -> 52.202.204.11:443
Source: global trafficTCP traffic: 52.202.204.11:443 -> 192.168.2.5:49716
Source: Joe Sandbox ViewIP Address: 52.202.204.11 52.202.204.11
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownTCP traffic detected without corresponding DNS query: 52.202.204.11
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: classification engineClassification label: clean2.winPDF@14/30@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-21 07-47-35-310.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BankAcc Confirmation Letter 002.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1664,i,17052531450104719093,7534709632114952489,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1664,i,17052531450104719093,7534709632114952489,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: BankAcc Confirmation Letter 002.pdfInitial sample: PDF keyword /JS count = 0
Source: BankAcc Confirmation Letter 002.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: BankAcc Confirmation Letter 002.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560169 Sample: BankAcc Confirmation Letter... Startdate: 21/11/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 16 bg.microsoft.map.fastly.net 2->16 7 Acrobat.exe 20 56 2->7         started        process3 process4 9 AcroCEF.exe 106 7->9         started        process5 11 AcroCEF.exe 4 9->11         started        dnsIp6 18 52.202.204.11, 443, 49716 AMAZON-AESUS United States 11->18

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    high
    x1.i.lencr.org
    unknown
    unknownfalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        52.202.204.11
        unknownUnited States
        14618AMAZON-AESUSfalse
        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1560169
        Start date and time:2024-11-21 13:46:40 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 4s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:9
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:BankAcc Confirmation Letter 002.pdf
        Detection:CLEAN
        Classification:clean2.winPDF@14/30@1/1
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer
        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 107.22.247.231, 34.193.227.236, 18.207.85.246, 54.144.73.197, 2.23.197.184, 199.232.210.172, 95.101.148.135, 2.19.126.149, 2.19.126.143
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
        • VT rate limit hit for: BankAcc Confirmation Letter 002.pdf
        TimeTypeDescription
        07:47:43API Interceptor2x Sleep call for process: AcroCEF.exe modified
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        52.202.204.11phish_alert_sp2_2.0.0.0-1.emlGet hashmaliciousUnknownBrowse
          X93fnhk2PX.lnkGet hashmaliciousUnknownBrowse
            KERR SURVEYING LLC EE RFI#1.pdfGet hashmaliciousUnknownBrowse
              roquette October.pdfGet hashmaliciousHTMLPhisherBrowse
                Heritage Commercial Flooring.pdfGet hashmaliciousUnknownBrowse
                  MSSHIFT Invoice 2.pdfGet hashmaliciousUnknownBrowse
                    http://arcor.cfdGet hashmaliciousHTMLPhisherBrowse
                      cleu.cmDGet hashmaliciousUnknownBrowse
                        eEu5xPVQUo.exeGet hashmaliciousRhysidaBrowse
                          Tonincasa Updated Employee sheet .pdfGet hashmaliciousHTMLPhisherBrowse
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            bg.microsoft.map.fastly.netestimate Cost.pdfGet hashmaliciousUnknownBrowse
                            • 199.232.214.172
                            mLi58UzdI2.dllGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            1.e.msiGet hashmaliciousDanaBotBrowse
                            • 199.232.214.172
                            F2.exeGet hashmaliciousBlackMoonBrowse
                            • 199.232.214.172
                            test2.exeGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            file.exeGet hashmaliciousCredential FlusherBrowse
                            • 199.232.214.172
                            ibk0BQaWAo.exeGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            ibk0BQaWAo.exeGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            TS_F97A.dllGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            PWS5JoRGtk.exeGet hashmaliciousUnknownBrowse
                            • 199.232.210.172
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            AMAZON-AESUSestimate Cost.pdfGet hashmaliciousUnknownBrowse
                            • 34.193.227.236
                            phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                            • 3.219.205.87
                            https://url.uk.m.mimecastprotect.com/s/1u4eCqxlyukZk7ltZfxHE-ELz?domain=andy-25.simvoly.comGet hashmaliciousHTMLPhisherBrowse
                            • 52.2.101.114
                            Encrypt DOC2024.11.20.1983928 shared with you!.msgGet hashmaliciousUnknownBrowse
                            • 23.20.138.1
                            https://docusign685420961463outlook99742742685.glitch.me/#cGFsdmEwMUBtc24uY29tGet hashmaliciousHTMLPhisherBrowse
                            • 54.161.143.97
                            x86.elfGet hashmaliciousUnknownBrowse
                            • 34.206.120.68
                            https://3r9e6kkr.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.google.ca%2Furl%3Fq=30NUMBER%26rct=77772474802481024856%26sa=t%26url=amp%2Fs%2Festudioit.cl%2Fstarl%2F%2523Y2FybGEuYWxkZW1pcjFAbWxjaW5zdXJhbmNlLmNvbS5hdQ==/1/0100019346ba248e-096005ca-8ea9-493d-b2f5-e0c34fd69fc0-000000/JH6rhkavYmTGSs9Zspd-vAN7bi8=401Get hashmaliciousUnknownBrowse
                            • 44.208.47.3
                            original.emlGet hashmaliciousUnknownBrowse
                            • 34.193.227.236
                            Demande de proposition du Fondation qu#U00e9b#U00e9coise du cancer.pdfGet hashmaliciousUnknownBrowse
                            • 34.193.227.236
                            https://cards.greetingsweb.com/4b62f1c1a5202af4?l=41Get hashmaliciousUnknownBrowse
                            • 44.217.151.146
                            No context
                            No context
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.224320099999662
                            Encrypted:false
                            SSDEEP:6:HEOFiSVq2P92nKuAl9OmbnIFUt8YEMFlgZmw+YEMFlIkwO92nKuAl9OmbjLJ:kOFiSVv4HAahFUt8/ag/+/aI5LHAaSJ
                            MD5:485C0480651751087D723FF0A00D0286
                            SHA1:750D12E64F1CC91B795B7794D90E4EFF2E3BBEF5
                            SHA-256:E8254310DF92779E91AA3C1FE51C6D4D063000AC09EDC4AE815444FD095D4CB0
                            SHA-512:BD7145F183E6F9B6DB6E1DAD2880FF55BFF96897F87859D885A16904E8AD989695DDACEBCC4230479BEAB0F856C62F285277F7ABF79CF52041941FD2FF7DEE5B
                            Malicious:false
                            Reputation:low
                            Preview:2024/11/21-07:47:33.004 854 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/21-07:47:33.006 854 Recovering log #3.2024/11/21-07:47:33.006 854 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.224320099999662
                            Encrypted:false
                            SSDEEP:6:HEOFiSVq2P92nKuAl9OmbnIFUt8YEMFlgZmw+YEMFlIkwO92nKuAl9OmbjLJ:kOFiSVv4HAahFUt8/ag/+/aI5LHAaSJ
                            MD5:485C0480651751087D723FF0A00D0286
                            SHA1:750D12E64F1CC91B795B7794D90E4EFF2E3BBEF5
                            SHA-256:E8254310DF92779E91AA3C1FE51C6D4D063000AC09EDC4AE815444FD095D4CB0
                            SHA-512:BD7145F183E6F9B6DB6E1DAD2880FF55BFF96897F87859D885A16904E8AD989695DDACEBCC4230479BEAB0F856C62F285277F7ABF79CF52041941FD2FF7DEE5B
                            Malicious:false
                            Reputation:low
                            Preview:2024/11/21-07:47:33.004 854 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/21-07:47:33.006 854 Recovering log #3.2024/11/21-07:47:33.006 854 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):338
                            Entropy (8bit):5.208038290412672
                            Encrypted:false
                            SSDEEP:6:HE1Oq2P92nKuAl9Ombzo2jMGIFUt8YEGTZmw+YEzFzkwO92nKuAl9Ombzo2jMmLJ:k1Ov4HAa8uFUt8/6/+/p5LHAa8RJ
                            MD5:0C785238EF01D29F13AE6B0AC4AE15BA
                            SHA1:B3B7C868F15FD25C7B043C397233B56FEE53DCA3
                            SHA-256:3231E8FF1E0F54E05B1E8992B0D5C76479A4E33CE004BFF836EDD17BC104774D
                            SHA-512:4EB75286E0ECB9F199767FFBF70537FE4D7508DE85A33405E674F56A956F724737A427F12CC8072269DD4474581DD1FDB2FF504661D75D57F8DF4D006A17F3F0
                            Malicious:false
                            Reputation:low
                            Preview:2024/11/21-07:47:33.252 1584 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/21-07:47:33.257 1584 Recovering log #3.2024/11/21-07:47:33.258 1584 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):338
                            Entropy (8bit):5.208038290412672
                            Encrypted:false
                            SSDEEP:6:HE1Oq2P92nKuAl9Ombzo2jMGIFUt8YEGTZmw+YEzFzkwO92nKuAl9Ombzo2jMmLJ:k1Ov4HAa8uFUt8/6/+/p5LHAa8RJ
                            MD5:0C785238EF01D29F13AE6B0AC4AE15BA
                            SHA1:B3B7C868F15FD25C7B043C397233B56FEE53DCA3
                            SHA-256:3231E8FF1E0F54E05B1E8992B0D5C76479A4E33CE004BFF836EDD17BC104774D
                            SHA-512:4EB75286E0ECB9F199767FFBF70537FE4D7508DE85A33405E674F56A956F724737A427F12CC8072269DD4474581DD1FDB2FF504661D75D57F8DF4D006A17F3F0
                            Malicious:false
                            Reputation:low
                            Preview:2024/11/21-07:47:33.252 1584 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/21-07:47:33.257 1584 Recovering log #3.2024/11/21-07:47:33.258 1584 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:modified
                            Size (bytes):508
                            Entropy (8bit):5.048635641790579
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqCL2sBdOg2H5Jcaq3QYiubxnP7E4TfF+:Y2sRds3bdMH5w3QYhbxP7np+
                            MD5:05194B01E11EE11E0572D82F6118048D
                            SHA1:90B9B961274F48D4595A00C3F56572168019671D
                            SHA-256:8A38C91D0D9A92CFCB190AAB563C0A90AAFF4168C0179F7445DA35D745ACEF97
                            SHA-512:47FB13C7F7A32E645B062BF8E188E38ACB541F3D4E6695C163D909F2B9D9837F4FC87578DEA134B0886BE368143EB252B98BB7F17892C4F59A8C89DE8EBF3226
                            Malicious:false
                            Reputation:low
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376753261638341","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":673977},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):508
                            Entropy (8bit):5.047195090775108
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                            MD5:70321A46A77A3C2465E2F031754B3E06
                            SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                            SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                            SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                            Malicious:false
                            Reputation:moderate, very likely benign file
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):508
                            Entropy (8bit):5.047195090775108
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                            MD5:70321A46A77A3C2465E2F031754B3E06
                            SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                            SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                            SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                            Malicious:false
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):508
                            Entropy (8bit):5.047195090775108
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
                            MD5:70321A46A77A3C2465E2F031754B3E06
                            SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
                            SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
                            SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
                            Malicious:false
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4509
                            Entropy (8bit):5.226201006747521
                            Encrypted:false
                            SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUOZaiq8Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL7
                            MD5:051AA03F5039157B791A16733DBD929C
                            SHA1:7B26E7DD73B199C4F9959EB42402285E2722F121
                            SHA-256:5F036EAD0E89C5AC4E37830741B335EB54C445008C03F4E6CAB6DD2D857F15E1
                            SHA-512:2FAC22ED9EAE4300F7DAE6DEE2360EDEB67C339AC13E201F4B8045CF97BEE5976C257E0E9F69FEB25F72503EADA1D6A10BAA327957B42F2D57D2F121261A54A7
                            Malicious:false
                            Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):326
                            Entropy (8bit):5.228601525809504
                            Encrypted:false
                            SSDEEP:6:HEfSEq2P92nKuAl9OmbzNMxIFUt8YEfSbTZmw+YEfS8kwO92nKuAl9OmbzNMFLJ:kJv4HAa8jFUt8/y/+/v5LHAa84J
                            MD5:77D9EE4450605594F59D66E3854FF3CE
                            SHA1:6E1259DD756B8E67B0169A1940A6BEB1A85A9B4A
                            SHA-256:FD38BD881637D31CEB91DF7ECB24607944900949C64CB464CBE12E347A38CBCD
                            SHA-512:ABD0BFB4443CC0360F160B591D139EDDDEDA06B757F98440A3F6438234588B5F49BE8720C6440E8679A9C1B3D606DBDBD6B2D3F6FE871FD1B2702D43E3ED94F7
                            Malicious:false
                            Preview:2024/11/21-07:47:33.574 1584 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/21-07:47:33.576 1584 Recovering log #3.2024/11/21-07:47:33.577 1584 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):326
                            Entropy (8bit):5.228601525809504
                            Encrypted:false
                            SSDEEP:6:HEfSEq2P92nKuAl9OmbzNMxIFUt8YEfSbTZmw+YEfS8kwO92nKuAl9OmbzNMFLJ:kJv4HAa8jFUt8/y/+/v5LHAa84J
                            MD5:77D9EE4450605594F59D66E3854FF3CE
                            SHA1:6E1259DD756B8E67B0169A1940A6BEB1A85A9B4A
                            SHA-256:FD38BD881637D31CEB91DF7ECB24607944900949C64CB464CBE12E347A38CBCD
                            SHA-512:ABD0BFB4443CC0360F160B591D139EDDDEDA06B757F98440A3F6438234588B5F49BE8720C6440E8679A9C1B3D606DBDBD6B2D3F6FE871FD1B2702D43E3ED94F7
                            Malicious:false
                            Preview:2024/11/21-07:47:33.574 1584 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/21-07:47:33.576 1584 Recovering log #3.2024/11/21-07:47:33.577 1584 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                            Category:dropped
                            Size (bytes):65110
                            Entropy (8bit):1.4252528391678023
                            Encrypted:false
                            SSDEEP:96:wJufHUa/UKiqgyZbMKJp0lNLxE+MEM8REMEMM35MSMI0pyNMEMEMEMEMEMEMM9VB:fUa/U9qjENHknVLglAwpzTE
                            MD5:16A23E3F3A73ABBB31B2BD032F776F3B
                            SHA1:88B26D25591FAD06512EF7EFB4C2C7B7801D25C9
                            SHA-256:04F4452859E29105D917CED122E93C7469D2C1EB8744F2DA703D943491463523
                            SHA-512:3AAF0C1517C001CE4B9BE8131174A29CAE65A17D3C5FC29EA12A8A067899B885360D296FEFBDE4F4D4661DA105792264625BD9EAE0120E50C2C1E104AEC213D7
                            Malicious:false
                            Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Certificate, Version=3
                            Category:dropped
                            Size (bytes):1391
                            Entropy (8bit):7.705940075877404
                            Encrypted:false
                            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                            Malicious:false
                            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                            Category:dropped
                            Size (bytes):71954
                            Entropy (8bit):7.996617769952133
                            Encrypted:true
                            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                            Malicious:false
                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):192
                            Entropy (8bit):2.7569015731729736
                            Encrypted:false
                            SSDEEP:3:kkFklWzil1fllXlE/HT8k/zvNNX8RolJuRdxLlGB9lQRYwpDdt:kKPeQT80pNMa8RdWBwRd
                            MD5:D448EAFCAE7CB9F32515241993B92C88
                            SHA1:87A1B4EE8B3BDAE2AD4FDD31C045CCD6F06126B5
                            SHA-256:ECC3B2EA889357BBB8E7471E8B80255EC3907FBA4EEBB6DFBA88D5AB88CC191D
                            SHA-512:CDCF6CCCF416B44B363ED2121B41AD4A390DE8166FE02F46F062FEC16FA277C46E0E6AB77B1B78B69F6CD9C69BEC9C6811706D94A82AC36DC5976A369A3A45A3
                            Malicious:false
                            Preview:p...... ............<..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:modified
                            Size (bytes):328
                            Entropy (8bit):3.2478978672539016
                            Encrypted:false
                            SSDEEP:6:kKqAkT9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:bDImsLNkPlE99SNxAhUe/3
                            MD5:4B082321CB86280FCE9D86FBC7D3030F
                            SHA1:993726D74D233E094CB4F88675A0EFED11BB3E88
                            SHA-256:039CD0B17C19D242ADC8013BDEDB8C530595D4DC0C54AC9AFCEDE389589E8B9A
                            SHA-512:41BB80FF02308E768B91E22235BC4D1DA6B03C4F2943E99E99652FF1A09583176A8353D3C7DCFEB8C6974F3F08DBAD6B5A70D70AE938078EB159467567457EA8
                            Malicious:false
                            Preview:p...... .............<..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):227002
                            Entropy (8bit):3.392780893644728
                            Encrypted:false
                            SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
                            MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
                            SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
                            SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
                            SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
                            Malicious:false
                            Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):0.8112781244591328
                            Encrypted:false
                            SSDEEP:3:e:e
                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                            Malicious:false
                            Preview:....
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):2145
                            Entropy (8bit):5.069737471939977
                            Encrypted:false
                            SSDEEP:24:YFuVT3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCDxN:YWTAwmWXZYEtoitbRCwu20wD+JliWxao
                            MD5:119B033227F7131E6BA6960E008A6E69
                            SHA1:A85222B534054B0DC600DEAD9A9365770849D8FD
                            SHA-256:824DDC7DCB9823CC6A93A0309BC17D8AF1F6A0222A136416DCBCB52EA11845CE
                            SHA-512:A4B47E3225C4C499F409FC08F263D07175CCEEA4D83951F51505576E6A98BA86FD9DA3BADC1499164AE0E5ECDCD67289D647B37F269405E3286DBA12D68B22D1
                            Malicious:false
                            Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1732193256000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d550de899f04b5f1cb01c3a7438d5d96","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696428962000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cfa45c7829b86b94abc8cd788add6752","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696428962000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"2dd86d6e5f99203c47dd099f6b5e82b8","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696428955000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"3ef850c86adcfefa30feaf6c5c1404b1","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1696426848000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"955b63af1bb125ce44faeb9a35adb91d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696426848000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg"
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                            Category:dropped
                            Size (bytes):12288
                            Entropy (8bit):0.9854027110798539
                            Encrypted:false
                            SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sphf+H4zJwtNBwtNbRZ6bRZ4kf+HF:TVl2GL7ms6ggOVpvzutYtp6PC
                            MD5:076F578D8155B86BBFB4698D5AE8F449
                            SHA1:E219B3F21D33E787C58231C0BA7A3B6D21A914FD
                            SHA-256:9073173900AEBB1CABE094CBC85FDD610DC9711A0E9A54AAA48CF8E82563F5FF
                            SHA-512:B472639C16AAFCE239E3C30909041117A9DE32121BEAC15EE982CF1AB9B07B8C9A13DF9B5CEF458F6BD1B40BCADD91E360E30AFBD832CB0D1E8F78FF8E29FCC3
                            Malicious:false
                            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):8720
                            Entropy (8bit):1.3396644666959285
                            Encrypted:false
                            SSDEEP:24:7+tZAD1RZKHs/Ds/Sphf+HPzJwtNBwtNbRZ6bRZWf1RZK5qLBx/XYKQvGJF7urss:7MZGgOVpYzutYtp6PMgqll2GL7mss
                            MD5:0EA7B5136DF99B202CB0549BE9D835CF
                            SHA1:37DA31F711AE04C0CE7CC8862B95BF6299619D9C
                            SHA-256:A3DFB8DBF2713B6CB82ED3FEBD4DE7067DF3DE66388070D3D7B0E4F3B27AA083
                            SHA-512:E9B23BF3EBD17AFC0B14E589E74A256003F989429EFD969D3500CC826DF453A70E8202BF4503D47DB764336DDF3CD4EC1E1C4C31A2DA51E0A44494A22769C86B
                            Malicious:false
                            Preview:.... .c..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):66726
                            Entropy (8bit):5.392739213842091
                            Encrypted:false
                            SSDEEP:768:RNOpblrU6TBH44ADKZEgXLv3B/4dJUN6OiPbXg9gcc+zFYyu:6a6TZ44ADEXLfB/+UUFbszFK
                            MD5:91C8C8EC41D460D97AE0AB7DD0090C50
                            SHA1:52675DF6005B9B8217A327F0551DA574948B8CA8
                            SHA-256:5A3E1DB21396A81FD23BE4E9C5FCE5182E1A1486E74789F6ECFC18F9A91ADF79
                            SHA-512:1D8517DEA3DD9627879B018324446D94646B37F70F98D007DEF6F8A58D189EA38CB17A4DEABC2847838794C34D299FA76FA91B63565962900C08BC68771EFB39
                            Malicious:false
                            Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):246
                            Entropy (8bit):3.493870954423123
                            Encrypted:false
                            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8hlpW0YH:Qw946cPbiOxDlbYnuRK0fYH
                            MD5:7B27AD598F672A7CDAD08FAC201FC9B4
                            SHA1:C6B471DB6D6A5ACD39C7093E8C0F07A626615066
                            SHA-256:250D7A0D4EE21ACF31A8B2D1F94DCC466C4F9B74BF7A0DE023FD8CA988B83B88
                            SHA-512:4587D06128A79078175E3F0E0F3ACDF15A6419A7297D1489EEC3BDD409EB11C2E5E6B4BFC1CF43818BA6A899A8C64B2204E4C59A33A02BECB3E71708B32C1859
                            Malicious:false
                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.1./.1.1./.2.0.2.4. . .0.7.:.4.7.:.4.0. .=.=.=.....
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393)
                            Category:dropped
                            Size (bytes):16525
                            Entropy (8bit):5.376360055978702
                            Encrypted:false
                            SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                            MD5:1336667A75083BF81E2632FABAA88B67
                            SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                            SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                            SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                            Malicious:false
                            Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393), with CRLF line terminators
                            Category:dropped
                            Size (bytes):15114
                            Entropy (8bit):5.352430809988473
                            Encrypted:false
                            SSDEEP:384:SF5I+uzIZHU8dbOKnD83E+s1FtigsVcVgV3aVr9X7tuREhjtfGA2RiAQ1QlYaw/8:M3+meN
                            MD5:78F57D45885E4E2EC2F4B4D47AEB7A52
                            SHA1:2987E37C758D4B634A26E7D10F6CDF1C74A7DFAC
                            SHA-256:F25559638D966463E70E718B03F36779B5EB2F189A1FD238B27537B58EA96418
                            SHA-512:05EEC3FCC91AF4014BF66F2198F0D14A5A54F6B091265A6319D238A18071BCC3CBC1943EF1A0CB43154A38CA04A53040BB892D6E53B698DCEF46437958F06403
                            Malicious:false
                            Preview:SessionID=7aba4db6-2226-4e0c-94dc-16348722480c.1732193255350 Timestamp=2024-11-21T07:47:35:350-0500 ThreadID=1480 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=7aba4db6-2226-4e0c-94dc-16348722480c.1732193255350 Timestamp=2024-11-21T07:47:35:351-0500 ThreadID=1480 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=7aba4db6-2226-4e0c-94dc-16348722480c.1732193255350 Timestamp=2024-11-21T07:47:35:351-0500 ThreadID=1480 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=7aba4db6-2226-4e0c-94dc-16348722480c.1732193255350 Timestamp=2024-11-21T07:47:35:351-0500 ThreadID=1480 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=7aba4db6-2226-4e0c-94dc-16348722480c.1732193255350 Timestamp=2024-11-21T07:47:35:352-0500 ThreadID=1480 Component=ngl-lib_NglAppLib Description="SetConf
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):29752
                            Entropy (8bit):5.401194365866112
                            Encrypted:false
                            SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbi:W
                            MD5:0CDEE2C56C1D2796E0E6D8AA319B7367
                            SHA1:17AFE3BEC7FA3FFEFDCF8BD159E488FF8BD70670
                            SHA-256:F236F09064EC35E741E32D227DA03F067F2D07EEDB10263587767C50D62834D3
                            SHA-512:D1F51B9AB5FB4E4D72432E901E8815BEE6839908882A5FEE03E8076A75DDE1B82BE5746152BF68440A7D5AF902179B7B0603872C941E580B48360EBC58F8A208
                            Malicious:false
                            Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                            Category:dropped
                            Size (bytes):386528
                            Entropy (8bit):7.9736851559892425
                            Encrypted:false
                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                            Malicious:false
                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                            Category:dropped
                            Size (bytes):1419751
                            Entropy (8bit):7.976496077007677
                            Encrypted:false
                            SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                            MD5:18E3D04537AF72FDBEB3760B2D10C80E
                            SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                            SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                            SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                            Malicious:false
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                            Category:dropped
                            Size (bytes):1407294
                            Entropy (8bit):7.97605879016224
                            Encrypted:false
                            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                            MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                            SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                            SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                            SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                            Malicious:false
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                            Category:dropped
                            Size (bytes):758601
                            Entropy (8bit):7.98639316555857
                            Encrypted:false
                            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                            MD5:3A49135134665364308390AC398006F1
                            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                            Malicious:false
                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                            File type:PDF document, version 1.3, 1 pages
                            Entropy (8bit):7.992077384177795
                            TrID:
                            • Adobe Portable Document Format (5005/1) 100.00%
                            File name:BankAcc Confirmation Letter 002.pdf
                            File size:247'677 bytes
                            MD5:6dbda2c52ca6bd0759d7c156962f333b
                            SHA1:233767c1551f4eacb99119170a563f175f47a161
                            SHA256:3d94bdfe2fa47e61495f488c3fb43e46d2c1af99174cbe2013b7352628ca6999
                            SHA512:9e64aab6120e759f505b278a5223dde75e9b4de25f919b4c8eaab23f7c6ae8bb54627738e0521e15982a6aaf11236f09b55fda82da348c4ec8b8befc2a4af333
                            SSDEEP:6144:haLYAW3KN9FYkvK0o1a50a3wYg9jcCwylB0T9aJuXCDQm:haLYAW3KN/Yuo1a5hgYgEafDt
                            TLSH:C63412139D4DEE0B46858712BF126E3A3659324E518633FE05314FD662BBA84AF2710F
                            File Content Preview:%PDF-1.3..1 0 obj..[/PDF /Text /ImageB /ImageC /ImageI]..endobj..10 0 obj..<< /Length 2694 /Filter /FlateDecode >> stream..x..[.s....~3...c.q.....t:u^w.....Mz.t:...l(.!).._...R.D.h'Nh1...........o.......<$2.....(.R.g..a?......'...|A.....uz1.gop,...&.@....
                            Icon Hash:62cc8caeb29e8ae0

                            General

                            Header:%PDF-1.3
                            Total Entropy:7.992077
                            Total Bytes:247677
                            Stream Entropy:7.992896
                            Stream Bytes:243021
                            Entropy outside Streams:5.213127
                            Bytes outside Streams:4656
                            Number of EOF found:1
                            Bytes after EOF:
                            NameCount
                            obj25
                            endobj25
                            stream8
                            endstream8
                            xref1
                            trailer1
                            startxref1
                            /Page1
                            /Encrypt0
                            /ObjStm0
                            /URI0
                            /JS0
                            /JavaScript0
                            /AA0
                            /OpenAction0
                            /AcroForm0
                            /JBIG2Decode0
                            /RichMedia0
                            /Launch0
                            /EmbeddedFile0

                            Image Streams

                            IDDHASHMD5Preview
                            9033033435331300272cc3ba647f8f9d2e7201a9581bd7921
                            TimestampSource PortDest PortSource IPDest IP
                            Nov 21, 2024 13:47:42.947348118 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:42.947387934 CET4434971652.202.204.11192.168.2.5
                            Nov 21, 2024 13:47:42.947767973 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:42.947767973 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:42.947793007 CET4434971652.202.204.11192.168.2.5
                            Nov 21, 2024 13:47:44.516875029 CET4434971652.202.204.11192.168.2.5
                            Nov 21, 2024 13:47:44.517268896 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:44.517286062 CET4434971652.202.204.11192.168.2.5
                            Nov 21, 2024 13:47:44.518735886 CET4434971652.202.204.11192.168.2.5
                            Nov 21, 2024 13:47:44.518800974 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:44.518814087 CET4434971652.202.204.11192.168.2.5
                            Nov 21, 2024 13:47:44.518858910 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:44.519223928 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:44.519287109 CET4434971652.202.204.11192.168.2.5
                            Nov 21, 2024 13:47:44.519448996 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:44.519459009 CET4434971652.202.204.11192.168.2.5
                            Nov 21, 2024 13:47:44.562941074 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:44.985054016 CET4434971652.202.204.11192.168.2.5
                            Nov 21, 2024 13:47:44.985160112 CET4434971652.202.204.11192.168.2.5
                            Nov 21, 2024 13:47:44.986157894 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:44.986741066 CET49716443192.168.2.552.202.204.11
                            Nov 21, 2024 13:47:44.986764908 CET4434971652.202.204.11192.168.2.5
                            TimestampSource PortDest PortSource IPDest IP
                            Nov 21, 2024 13:47:43.378704071 CET4972453192.168.2.51.1.1.1
                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Nov 21, 2024 13:47:43.378704071 CET192.168.2.51.1.1.10x1fbcStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Nov 21, 2024 13:47:43.606246948 CET1.1.1.1192.168.2.50x1fbcNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                            Nov 21, 2024 13:47:45.436234951 CET1.1.1.1192.168.2.50x796eNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                            Nov 21, 2024 13:47:45.436234951 CET1.1.1.1192.168.2.50x796eNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                            • https:
                              • p13n.adobe.io
                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.54971652.202.204.114435268C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            TimestampBytes transferredDirectionData
                            2024-11-21 12:47:44 UTC1473OUTGET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1
                            Host: p13n.adobe.io
                            Connection: keep-alive
                            sec-ch-ua: "Chromium";v="105"
                            sec-ch-ua-mobile: ?0
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                            Accept: application/json, text/javascript, */*; q=0.01
                            x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811f
                            x-adobe-uuid-type: visitorId
                            x-api-key: AdobeReader9
                            sec-ch-ua-platform: "Windows"
                            Origin: https://rna-resource.acrobat.com
                            Accept-Language: en-US,en;q=0.9
                            Sec-Fetch-Site: cross-site
                            Sec-Fetch-Mode: cors
                            Sec-Fetch-Dest: empty
                            Referer: https://rna-resource.acrobat.com/
                            Accept-Encoding: gzip, deflate, br
                            2024-11-21 12:47:44 UTC617INHTTP/1.1 429 Too Many Requests
                            Server: openresty
                            Date: Thu, 21 Nov 2024 12:47:44 GMT
                            Content-Type: application/json
                            Transfer-Encoding: chunked
                            Connection: close
                            Access-Control-Allow-Methods: GET, OPTIONS
                            Access-Control-Allow-Headers: Authorization, Content-Type, X-Api-Key, cache-control, User-Agent, If-None-Match, x-adobe-uuid, x-adobe-uuid-type, X-Request-Id
                            Access-Control-Expose-Headers: x-request-id
                            Access-Control-Allow-Origin: *
                            Access-Control-Allow-Credentials: true
                            Retry-After: 1
                            X-Request-Id: aFWiKmvtMPnNi9T2Pg5C50bQIGNRpewx
                            Strict-Transport-Security: max-age=15552000; includeSubDomains
                            2024-11-21 12:47:44 UTC65INData Raw: 33 36 0d 0a 7b 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 22 34 32 39 30 35 30 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 54 6f 6f 20 6d 61 6e 79 20 72 65 71 75 65 73 74 73 22 7d 0a 0d 0a 30 0d 0a 0d 0a
                            Data Ascii: 36{"error_code":"429050","message":"Too many requests"}0


                            Click to jump to process

                            Click to jump to process

                            Click to dive into process behavior distribution

                            Click to jump to process

                            Target ID:0
                            Start time:07:47:31
                            Start date:21/11/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BankAcc Confirmation Letter 002.pdf"
                            Imagebase:0x7ff686a00000
                            File size:5'641'176 bytes
                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            Target ID:2
                            Start time:07:47:32
                            Start date:21/11/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                            Imagebase:0x7ff6413e0000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            Target ID:4
                            Start time:07:47:33
                            Start date:21/11/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1664,i,17052531450104719093,7534709632114952489,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                            Imagebase:0x7ff6413e0000
                            File size:3'581'912 bytes
                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            No disassembly