Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RJ-LLOH-DN1_1-20241219013626-16004075.PDF

Overview

General Information

Sample name:RJ-LLOH-DN1_1-20241219013626-16004075.PDF
Analysis ID:1579945
MD5:9b0e379fc6ecb42a16b3cff68024da3f
SHA1:f77a692c3a62052a94361ef6c543faae1acd5a00
SHA256:9841d4b8993533887a5f67bd4a191d441ff3cd030011295d1ee752d24c0ef57a
Infos:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:40%

Signatures

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
One or more processes crash

Classification

  • System is w10x64
  • Acrobat.exe (PID: 7256 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\RJ-LLOH-DN1_1-20241219013626-16004075.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7436 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7632 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1744,i,10303162133773050494,14992278128259906983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • Acrobat.exe (PID: 7348 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\RJ-LLOH-DN1_1-20241219013626-16004075.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • WerFault.exe (PID: 7720 cmdline: C:\Windows\system32\WerFault.exe -u -p 7348 -s 1696 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: Acrobat.exe, 00000006.00000000.1759785816.00000205769A3000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.quicktime.com.Acrobat
Source: Acrobat.exe, 00000006.00000002.1970369932.000002057BB04000.00000004.00000001.00020000.00000000.sdmp, Acrobat.exe, 00000006.00000000.1772539097.000002057A962000.00000004.00000001.00020000.00000000.sdmp, Acrobat.exe, 00000006.00000002.1969256152.000002057AB3B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.echosign.com
Source: Acrobat.exe, 00000006.00000000.1772539097.000002057A962000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.echosign.comY
Source: Acrobat.exe, 00000006.00000000.1772539097.000002057A962000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.echosign.commessagePropKey
Source: Acrobat.exe, 00000006.00000002.1950471409.0000020574FC4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api2.branch.io/v1/url
Source: Acrobat.exe, 00000006.00000000.1774107252.000002057BA49000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cc-api-data.adobe.io/ingest
Source: Acrobat.exe, 00000006.00000000.1774107252.000002057BA49000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://delegated.adobelogin.com
Source: Acrobat.exe, 00000006.00000000.1774107252.000002057BA49000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://delegated.adobelogin.comH
Source: Acrobat.exe, 00000006.00000002.1951524276.0000020576B90000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ims-na1.adobelogin.com
Source: Acrobat.exe, 00000006.00000000.1774107252.000002057BA49000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ims-prod06.adobelogin.com
Source: Acrobat.exe, 00000006.00000000.1774107252.000002057BA49000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ims-prod06.adobelogin.comU
Source: Acrobat.exe, 00000006.00000002.1970369932.000002057BB04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://lcs-cops.adobe.io
Source: Acrobat.exe, 00000006.00000002.1970369932.000002057BB04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://lcs-robs.adobe.io
Source: Acrobat.exe, 00000006.00000002.1970369932.000002057BB04000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://lcs-robs.adobe.io15)
Source: Acrobat.exe, 00000006.00000000.1754552731.000002057237E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?view=cm&fs=1&tf=1&su=
Source: Acrobat.exe, 00000006.00000000.1754552731.000002057237E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/mail/deeplink/compose?mailtouri=
Source: Acrobat.exe, 00000006.00000002.1941121542.00000205723CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/send?text=
Source: Acrobat.exe, 00000006.00000000.1774014911.000002057B9A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.ebixcerts.com
Source: Acrobat.exe, 00000006.00000000.1774383403.000002057BBA4000.00000004.00000001.00020000.00000000.sdmp, Acrobat.exe, 00000006.00000002.1970639963.000002057BBA4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.ebixcerts.comE
Source: WERBDA2.tmp.xml.9.drOLE indicator, VBA macros: true
Source: WERBDA2.tmp.xml.9.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7348 -s 1696
Source: classification engineClassification label: sus21.evad.winPDF@15/27@0/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7348
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-23 10-38-42-724.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet SettingsJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\RJ-LLOH-DN1_1-20241219013626-16004075.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1744,i,10303162133773050494,14992278128259906983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7348 -s 1696
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\RJ-LLOH-DN1_1-20241219013626-16004075.PDF"Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1744,i,10303162133773050494,14992278128259906983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: RJ-LLOH-DN1_1-20241219013626-16004075.PDFInitial sample: PDF keyword /JS count = 0
Source: RJ-LLOH-DN1_1-20241219013626-16004075.PDFInitial sample: PDF keyword /JavaScript count = 0
Source: RJ-LLOH-DN1_1-20241219013626-16004075.PDFInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: Acrobat.exe, 00000006.00000002.1941121542.0000020572356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK.DLL
Source: Acrobat.exe, 00000006.00000002.1951549763.0000020576BA6000.00000004.00000001.00020000.00000000.sdmp, Acrobat.exe, 00000006.00000000.1760099221.0000020576BA6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Acrobat.exe, 00000006.00000002.1942265983.0000020572CD0000.00000002.00000001.00040000.00000000.sdmp, Acrobat.exe, 00000006.00000000.1756050677.0000020572CD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: Acrobat.exe, 00000006.00000002.1942265983.0000020572CD0000.00000002.00000001.00040000.00000000.sdmp, Acrobat.exe, 00000006.00000000.1756050677.0000020572CD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: Acrobat.exe, 00000006.00000002.1942265983.0000020572CD0000.00000002.00000001.00040000.00000000.sdmp, Acrobat.exe, 00000006.00000000.1756050677.0000020572CD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: Acrobat.exe, 00000006.00000002.1942265983.0000020572CD0000.00000002.00000001.00040000.00000000.sdmp, Acrobat.exe, 00000006.00000000.1756050677.0000020572CD1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
Valid AccountsWindows Management Instrumentation1
Scripting
2
Process Injection
1
Masquerading
OS Credential Dumping11
Security Software Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion
LSASS Memory1
Virtualization/Sandbox Evasion
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Process Injection
Security Account Manager1
Process Discovery
SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDS1
System Information Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1579945 Sample: RJ-LLOH-DN1_1-2024121901362... Startdate: 23/12/2024 Architecture: WINDOWS Score: 21 6 Acrobat.exe 1 2->6 injected 9 Acrobat.exe 47 2->9         started        signatures3 17 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 6->17 11 WerFault.exe 21 6->11         started        13 AcroCEF.exe 105 9->13         started        process4 process5 15 AcroCEF.exe 4 13->15         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://www.ebixcerts.comE0%Avira URL Cloudsafe
https://api.echosign.commessagePropKey0%Avira URL Cloudsafe
https://ims-prod06.adobelogin.comU0%Avira URL Cloudsafe
https://www.ebixcerts.com0%Avira URL Cloudsafe
http://www.quicktime.com.Acrobat0%Avira URL Cloudsafe
https://api.echosign.comY0%Avira URL Cloudsafe
https://delegated.adobelogin.comH0%Avira URL Cloudsafe
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://ims-prod06.adobelogin.comAcrobat.exe, 00000006.00000000.1774107252.000002057BA49000.00000004.00000001.00020000.00000000.sdmpfalse
    high
    https://api.echosign.commessagePropKeyAcrobat.exe, 00000006.00000000.1772539097.000002057A962000.00000004.00000001.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    unknown
    https://delegated.adobelogin.comAcrobat.exe, 00000006.00000000.1774107252.000002057BA49000.00000004.00000001.00020000.00000000.sdmpfalse
      high
      https://api.echosign.comAcrobat.exe, 00000006.00000002.1970369932.000002057BB04000.00000004.00000001.00020000.00000000.sdmp, Acrobat.exe, 00000006.00000000.1772539097.000002057A962000.00000004.00000001.00020000.00000000.sdmp, Acrobat.exe, 00000006.00000002.1969256152.000002057AB3B000.00000004.00000001.00020000.00000000.sdmpfalse
        high
        https://delegated.adobelogin.comHAcrobat.exe, 00000006.00000000.1774107252.000002057BA49000.00000004.00000001.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        https://www.ebixcerts.comAcrobat.exe, 00000006.00000000.1774014911.000002057B9A7000.00000004.00000001.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        https://www.ebixcerts.comEAcrobat.exe, 00000006.00000000.1774383403.000002057BBA4000.00000004.00000001.00020000.00000000.sdmp, Acrobat.exe, 00000006.00000002.1970639963.000002057BBA4000.00000004.00000001.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        https://ims-prod06.adobelogin.comUAcrobat.exe, 00000006.00000000.1774107252.000002057BA49000.00000004.00000001.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        https://api.echosign.comYAcrobat.exe, 00000006.00000000.1772539097.000002057A962000.00000004.00000001.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        unknown
        https://mail.google.com/mail/?view=cm&fs=1&tf=1&su=Acrobat.exe, 00000006.00000000.1754552731.000002057237E000.00000004.00000020.00020000.00000000.sdmpfalse
          high
          http://www.quicktime.com.AcrobatAcrobat.exe, 00000006.00000000.1759785816.00000205769A3000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          unknown
          https://api2.branch.io/v1/urlAcrobat.exe, 00000006.00000002.1950471409.0000020574FC4000.00000004.00000001.00020000.00000000.sdmpfalse
            high
            https://ims-na1.adobelogin.comAcrobat.exe, 00000006.00000002.1951524276.0000020576B90000.00000004.00000001.00020000.00000000.sdmpfalse
              high
              https://outlook.office.com/mail/deeplink/compose?mailtouri=Acrobat.exe, 00000006.00000000.1754552731.000002057237E000.00000004.00000020.00020000.00000000.sdmpfalse
                high
                https://web.whatsapp.com/send?text=Acrobat.exe, 00000006.00000002.1941121542.00000205723CB000.00000004.00000020.00020000.00000000.sdmpfalse
                  high
                  No contacted IP infos
                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1579945
                  Start date and time:2024-12-23 16:37:45 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 4m 27s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowspdfcookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:13
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:1
                  Technologies:
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:RJ-LLOH-DN1_1-20241219013626-16004075.PDF
                  Detection:SUS
                  Classification:sus21.evad.winPDF@15/27@0/0
                  Cookbook Comments:
                  • Found application associated with file extension: .PDF
                  • Found PDF document
                  • Close Viewer
                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 23.218.208.137, 34.237.241.83, 18.213.11.84, 54.224.241.105, 50.16.47.176, 172.64.41.3, 162.159.61.3, 20.189.173.21, 23.218.208.109, 20.190.147.2, 4.175.87.197, 13.107.246.63
                  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, umwatson.events.data.microsoft.com, geo2.adobe.com
                  • Not all processes where analyzed, report is missing behavior information
                  • VT rate limit hit for: RJ-LLOH-DN1_1-20241219013626-16004075.PDF
                  TimeTypeDescription
                  10:39:11API Interceptor1x Sleep call for process: WerFault.exe modified
                  No context
                  No context
                  No context
                  No context
                  No context
                  Process:C:\Windows\System32\WerFault.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):65536
                  Entropy (8bit):1.154294247064937
                  Encrypted:false
                  SSDEEP:192:EJblNqgC0lcHMsj/lwKgrlUdzuiFZZ24lO8+Iz:+blogJlcHMsjEazuiFZY4lO8+I
                  MD5:3AB6DCD9EBED7E01FBCC0EBD1F224357
                  SHA1:1FE63BAE589499F07B025FAE094D664B07EEE763
                  SHA-256:583040A3B56FBDAB4D4DCA7759AD4CCD8E22FF565195B34FADDD32575F893977
                  SHA-512:F55D7A2816F10F932A1EA1D9147BCECD526CBF87A3CECD8A0D0BFE71B72BB8C108B3872CA89430A497641756ED6D0DE61DFF5849092265E569C0FEB84FE08E45
                  Malicious:false
                  Reputation:low
                  Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.4.4.1.9.2.8.1.4.7.9.9.7.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.4.4.1.9.2.8.9.1.5.9.2.1.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.2.d.2.c.8.e.6.-.5.f.3.9.-.4.a.c.8.-.9.5.f.5.-.1.3.9.f.2.1.6.6.5.2.e.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.f.0.3.b.4.d.1.-.5.1.1.4.-.4.d.3.2.-.9.e.d.f.-.b.c.a.4.4.7.c.d.2.a.b.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.A.c.r.o.b.a.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.A.c.r.o.b.a.t...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.b.4.-.0.0.0.1.-.0.0.1.4.-.9.f.7.8.-.f.e.b.c.5.0.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.e.4.2.d.8.b.7.c.d.d.3.7.d.5.3.1.b.1.7.9.8.e.3.f.e.a.c.0.7.f.f.0.0.0.0.0.9.0.4.!.0.0.0.0.5.a.f.1.d.e.2.e.2.2.6.b.7.0.b.a.5.1.a.8.4.8.f.0.3.1.5.5.f.f.9.1.0.a.c.c.3.6.7.0.!.A.c.r.o.b.a.t...e.x.e.....T.
                  Process:C:\Windows\System32\WerFault.exe
                  File Type:Mini DuMP crash report, 15 streams, Mon Dec 23 15:38:48 2024, 0x1205a4 type
                  Category:dropped
                  Size (bytes):310236
                  Entropy (8bit):1.629045001469473
                  Encrypted:false
                  SSDEEP:768:SYc/cHV2joasyGLNZqBKnl4/4BKl6RlLnXmQgudRZe:yo4AqBKnl4AB7lLnXmQgwRQ
                  MD5:AC67F0A112ECDBBA94E934D4162BD879
                  SHA1:2EF8649C35BF65FDC10F650343B4CBBEF23AA3A4
                  SHA-256:F1C29D02D651DBC94CA8D916040773B7113978A0157CD76F651CBF603A082631
                  SHA-512:86177777FCD36FD891F1F44665E261801297BFA691CBE48ACF4366504C767831EDC702D27CF91A21F1E0670FA69C39FDC37C11619BC52F0875C296D20D366208
                  Malicious:false
                  Reputation:low
                  Preview:MDMP..a..... .........ig....................................l....(..........~...........`.......8...........T............B..<y..........<)..........(+..............................................................................eJ.......+......Lw......................T.............ig............................................,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Windows\System32\WerFault.exe
                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):7840
                  Entropy (8bit):3.7272876869876255
                  Encrypted:false
                  SSDEEP:192:R6l7wVeJ5pxYoN+lLwprW89b3XJ85s85Cflx1fOdm:R6lXJ3xYWAq358S8sflx1fF
                  MD5:C09653B094E8E86B3688F9D58F572B22
                  SHA1:1FAF2D02C244B97F0F411F77D2E92F3075BA921B
                  SHA-256:B0908009B3C709B1521A6C0C229B83E7C8B1A3EEB08100BE66E682B772D957CF
                  SHA-512:F8BBAB6C995BFD1CF86B82D86B9B7A621846223A276C42574DC6E3EC16089A71CC9A4D5C3CC055CDFB9D0AFE202AE74F320612A77A859D7C8E6F7529C5747BBF
                  Malicious:false
                  Reputation:low
                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.4.8.<./.P.i.
                  Process:C:\Windows\System32\WerFault.exe
                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):4691
                  Entropy (8bit):4.45035624998495
                  Encrypted:false
                  SSDEEP:48:cvIwWl8zsHJg771I9vcWpW8VYfjsYm8M4J2CNmFJroyq85XHxU7DSxXyyDd:uIjfpI7wV7VEdJYro37OXyyDd
                  MD5:31115AF8AE8943AB0EAC928D1C85E8B4
                  SHA1:4795ACF71164E0C15ED6C2BAE297F58F7A67CAE4
                  SHA-256:EF8E57472F7C8441DC1E9BFA6D4CEAF742EE89A2B502F38EE7581632E19F3B20
                  SHA-512:77E6FC48A41576480FA116DA33212694F8E67AEAD8E72ED6F19AA5442A5A8450205708E59CF03C1A74B2999AF6188206DF1CA99B6B00B5A49F92E6F210B60676
                  Malicious:false
                  Reputation:low
                  Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="644081" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):292
                  Entropy (8bit):5.192021591451183
                  Encrypted:false
                  SSDEEP:6:3UQRgVq2Pwkn2nKuAl9OmbnIFUt8YUQRygZmw+YUQRyIkwOwkn2nKuAl9OmbjLJ:k3vYfHAahFUt8hQ/+hY5JfHAaSJ
                  MD5:63E3AF676A017CC7A85A26044366227B
                  SHA1:6BC356E3FF630EC9EAB816B876D12D772AE657A6
                  SHA-256:7DDE9FA9C895CB20F9E034ED6396FE4082E1261560E8F15034267D21C2458574
                  SHA-512:7295DC37B2E68FC2335ED3FE8C1225CE677CB43F94D20606D78528E5A3CE9C59684E7340F40DD95F30140F7B83A3793C611A39CD819DA27C7C7FB9E16A7177D3
                  Malicious:false
                  Reputation:low
                  Preview:2024/12/23-10:38:40.541 1db4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/23-10:38:40.543 1db4 Recovering log #3.2024/12/23-10:38:40.543 1db4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):292
                  Entropy (8bit):5.192021591451183
                  Encrypted:false
                  SSDEEP:6:3UQRgVq2Pwkn2nKuAl9OmbnIFUt8YUQRygZmw+YUQRyIkwOwkn2nKuAl9OmbjLJ:k3vYfHAahFUt8hQ/+hY5JfHAaSJ
                  MD5:63E3AF676A017CC7A85A26044366227B
                  SHA1:6BC356E3FF630EC9EAB816B876D12D772AE657A6
                  SHA-256:7DDE9FA9C895CB20F9E034ED6396FE4082E1261560E8F15034267D21C2458574
                  SHA-512:7295DC37B2E68FC2335ED3FE8C1225CE677CB43F94D20606D78528E5A3CE9C59684E7340F40DD95F30140F7B83A3793C611A39CD819DA27C7C7FB9E16A7177D3
                  Malicious:false
                  Preview:2024/12/23-10:38:40.541 1db4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/23-10:38:40.543 1db4 Recovering log #3.2024/12/23-10:38:40.543 1db4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):336
                  Entropy (8bit):5.156579962662395
                  Encrypted:false
                  SSDEEP:6:3UQ2yq2Pwkn2nKuAl9Ombzo2jMGIFUt8YUUEz1Zmw+YUUElRkwOwkn2nKuAl9OmT:kGvYfHAa8uFUt8hUu1/+hUA5JfHAa8RJ
                  MD5:12C9392A103E4A7F154C693D815B5819
                  SHA1:E26185C1A2B1FA39FBDEAC2F48FFE40CFB560302
                  SHA-256:12253E33A998F59DBE32B9068A09E247CE8897CFDB748CA7394BACBCC1ECCD5E
                  SHA-512:7FBF6DE339040FBC371A683EDEA7B7356C3E9E6C2ED38A4C58A20F3C38C23FD65C0EC1A4B9C34E385EBC695F875CA2A79CB583FF5A26AFD0227DE6BEFE3E7BBE
                  Malicious:false
                  Preview:2024/12/23-10:38:40.599 1e10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/23-10:38:40.601 1e10 Recovering log #3.2024/12/23-10:38:40.601 1e10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):336
                  Entropy (8bit):5.156579962662395
                  Encrypted:false
                  SSDEEP:6:3UQ2yq2Pwkn2nKuAl9Ombzo2jMGIFUt8YUUEz1Zmw+YUUElRkwOwkn2nKuAl9OmT:kGvYfHAa8uFUt8hUu1/+hUA5JfHAa8RJ
                  MD5:12C9392A103E4A7F154C693D815B5819
                  SHA1:E26185C1A2B1FA39FBDEAC2F48FFE40CFB560302
                  SHA-256:12253E33A998F59DBE32B9068A09E247CE8897CFDB748CA7394BACBCC1ECCD5E
                  SHA-512:7FBF6DE339040FBC371A683EDEA7B7356C3E9E6C2ED38A4C58A20F3C38C23FD65C0EC1A4B9C34E385EBC695F875CA2A79CB583FF5A26AFD0227DE6BEFE3E7BBE
                  Malicious:false
                  Preview:2024/12/23-10:38:40.599 1e10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/23-10:38:40.601 1e10 Recovering log #3.2024/12/23-10:38:40.601 1e10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:Unknown
                  Category:modified
                  Size (bytes):443
                  Entropy (8bit):4.96924364562369
                  Encrypted:false
                  SSDEEP:12:YH/um3RA8sqYksBd2caq3QYiubInP7E4TX:Y2sRdsrJdJ3QYhbG7n7
                  MD5:E6BB34E20212D50DD76ED498BD139C21
                  SHA1:A1A56D59DB41BD95205928331BD405EF69237F43
                  SHA-256:1632A10DD18745D2173F6A8483AA8A7F402C2BA8AEDD5D88809E8EC65560917D
                  SHA-512:987C868C697C900AC6D69AF25F6F614C25CE241DAD545539F193CE988ED2392862FAD2C9C6B765CCCD92BD893C51467839759E9BC890DF4E5C740BF279B7042E
                  Malicious:false
                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379528327608115","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):475
                  Entropy (8bit):4.967403857886107
                  Encrypted:false
                  SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                  MD5:B7761633048D74E3C02F61AD04E00147
                  SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                  SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                  SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                  Malicious:false
                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):475
                  Entropy (8bit):4.967403857886107
                  Encrypted:false
                  SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                  MD5:B7761633048D74E3C02F61AD04E00147
                  SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                  SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                  SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                  Malicious:false
                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:Unknown
                  Category:dropped
                  Size (bytes):475
                  Entropy (8bit):4.967403857886107
                  Encrypted:false
                  SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                  MD5:B7761633048D74E3C02F61AD04E00147
                  SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                  SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                  SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                  Malicious:false
                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):4730
                  Entropy (8bit):5.255767915680094
                  Encrypted:false
                  SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7snNFWKN8EZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goA
                  MD5:E3B98CFFC977BE2E09D51B25F2C27F79
                  SHA1:5250862F5433FF46BF14D62AA9D84F42E3355B51
                  SHA-256:218CEB0ECAB555041675952BBE6B7C662A6C476665C5FA5446CC4494C189991C
                  SHA-512:FCE9EDD16715F048655EDFC68B31759B4F8A64410842CAEE014847E7099378477D73F7F73B5C3AF9E10C603FF470950F219BFC849C0943BCE21649DC19CE44E1
                  Malicious:false
                  Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):324
                  Entropy (8bit):5.151097409062914
                  Encrypted:false
                  SSDEEP:6:3Uks9yq2Pwkn2nKuAl9OmbzNMxIFUt8YUfqVFz1Zmw+YU5GRkwOwkn2nKuAl9Omk:kkFvYfHAa8jFUt8hfQ1/+hM5JfHAa84J
                  MD5:AF2C04FFB08E98241A233E2150055783
                  SHA1:282C0769DF1400752C2293C4EA70DE30CFCC3C93
                  SHA-256:DD5568F0C13B098F7AF2DC19832DB8651C442FACD8B61EEDD16027FB2D939057
                  SHA-512:B67E34E1EB3050384EA5AEC10893AAB279431D37522E30483CB0E0213ED3CA4184591A105F5243B208B1E7EB34A54E6BC1A7E62F66A86D280BC7EDE4ADB58F95
                  Malicious:false
                  Preview:2024/12/23-10:38:40.852 1e10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/23-10:38:40.853 1e10 Recovering log #3.2024/12/23-10:38:40.855 1e10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):324
                  Entropy (8bit):5.151097409062914
                  Encrypted:false
                  SSDEEP:6:3Uks9yq2Pwkn2nKuAl9OmbzNMxIFUt8YUfqVFz1Zmw+YU5GRkwOwkn2nKuAl9Omk:kkFvYfHAa8jFUt8hfQ1/+hM5JfHAa84J
                  MD5:AF2C04FFB08E98241A233E2150055783
                  SHA1:282C0769DF1400752C2293C4EA70DE30CFCC3C93
                  SHA-256:DD5568F0C13B098F7AF2DC19832DB8651C442FACD8B61EEDD16027FB2D939057
                  SHA-512:B67E34E1EB3050384EA5AEC10893AAB279431D37522E30483CB0E0213ED3CA4184591A105F5243B208B1E7EB34A54E6BC1A7E62F66A86D280BC7EDE4ADB58F95
                  Malicious:false
                  Preview:2024/12/23-10:38:40.852 1e10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/23-10:38:40.853 1e10 Recovering log #3.2024/12/23-10:38:40.855 1e10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):4
                  Entropy (8bit):0.8112781244591328
                  Encrypted:false
                  SSDEEP:3:e:e
                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                  Malicious:false
                  Preview:....
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):2306
                  Entropy (8bit):5.065673237852454
                  Encrypted:false
                  SSDEEP:48:YTe4w2sL0/EY0bMSlMtCM5mMOpiMAW0MretMSMmkaMY:Arv/SYtt55V6AWLre6JmkhY
                  MD5:27BF1ED3A451D66E0A45F3C32C769644
                  SHA1:90A6F7458493E6EF93C082EC22910F6DBEE88879
                  SHA-256:72E038E6C61F67D73077034E5F7E44D534651F7ACCA8576694EDE32833C7FAF3
                  SHA-512:DB276226DD2C2A29D2A59AC4BF637229124EE0E84CCC96F247A76098AD318EE2C47B6066EFEEDC87AC9F99EF479C488FCF9DA9F2C75663B501E5B3184B11B12A
                  Malicious:false
                  Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1734968323000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"23c88c8acf166d9fda5ae4d83df3db72","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696420889000},{"id":"DC_Reader_Upsell_Cards","info":{"dg":"67dbabf1df281d161273bcbecd9602d2","sid":"DC_Reader_Upsell_Cards"},"mimeType":"file","size":5220,"ts":1696420889000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d5fa85f4cf271b5fa75367efd1b392fa","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696420884000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"7c2ad79e375e3ea39f82a389e8a5841f","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696420882000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c3af48ba3dee086edbbf20dff46c7ee0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696333862000},{"id":"DC_Reader_Sign_LHP_Banner","info
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                  Category:dropped
                  Size (bytes):12288
                  Entropy (8bit):1.1869276125517305
                  Encrypted:false
                  SSDEEP:48:TGufl2GL7msEHUUUUUUUUuSvR9H9vxFGiDIAEkGVvpE:lNVmswUUUUUUUUu+FGSIto
                  MD5:7DE2D7CBA53C9E0E9BEB6616B337E78D
                  SHA1:EF2E13B7443EFFB563805F9279BBA5FD8A25BEA5
                  SHA-256:E8D6D954B5DE1748FAC6585FF51D685F6A2079BEBFE223BA05913EFB045E6DCE
                  SHA-512:9BAD19864569E5E61FE18B17B93484EB0BFB1C0DC38EEE15EEA7AB9095B843297317D30570DD84AB8A1D65C29514C00A1630BC0929533498D558FA2475D5AD15
                  Malicious:false
                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):8720
                  Entropy (8bit):1.6054823530789581
                  Encrypted:false
                  SSDEEP:48:7M8KUUUUUUUUUU8vR9H9vxFGiDIAEkGVvUqFl2GL7msa:7UUUUUUUUUUUMFGSItyKVmsa
                  MD5:E5828A8CEA826DF60F6379E8865E3BC2
                  SHA1:55F71DAAAEBAD93842BD64AB203A3865ECD2FDD7
                  SHA-256:D82A1C7EA9F725A3F405DC6A0ABA1D04D4D4F9D3B9A8621B481C4EC903B95EF6
                  SHA-512:47B331C9C0DFB67396C85B6627A745D3FDC6E5815D926AEA8020FDBF2C4BD6C1ADFA7111902262DEC1A9E28C49BB792E1C88720A15599876C531371935F8B7DC
                  Malicious:false
                  Preview:.... .c.....O..~......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):246
                  Entropy (8bit):3.5274671434738973
                  Encrypted:false
                  SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlAadNaNGe:Qw946cPbiOxDlbYnuRKDliv
                  MD5:855EACC394EF60D04924BCDC90755488
                  SHA1:5EF0BBB234AF9343AA3876A32F8D1CC26183C118
                  SHA-256:80A90FB5C3319E923C96F4060BF7CF02C96F1BB015256E434081DFD41029ED89
                  SHA-512:9B57E758B5065DA2470D0F09FA928AECBB6660CB02FC89FCEFA2C08C453E2C57F47567DC430406BADE82BCEFE06E25B8069BF570A46DD4067A138446565BDD27
                  Malicious:false
                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.1.2./.2.0.2.4. . .1.0.:.3.8.:.4.6. .=.=.=.....
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ASCII text, with very long lines (393)
                  Category:dropped
                  Size (bytes):16525
                  Entropy (8bit):5.345946398610936
                  Encrypted:false
                  SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                  MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                  SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                  SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                  SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                  Malicious:false
                  Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ASCII text, with very long lines (393), with CRLF line terminators
                  Category:dropped
                  Size (bytes):15114
                  Entropy (8bit):5.344779722009806
                  Encrypted:false
                  SSDEEP:384:BeDvvvavvvvvmvUInKnN7ntn1nFn7nYnK23NwNacgc6c/cncccnPEudxd5d7y9yQ:1/A
                  MD5:8B7013CF51160BBF473E0CD41F70BE90
                  SHA1:E2E6A420B6DE58C767E04300BC5BC1DC9EA0ECD7
                  SHA-256:EA56034D0B7A7501B784B55086FEB7B070EDD164F223BCA2BE8F7B1FB95C9D79
                  SHA-512:F6EFAEE022E2BAA1C2F2C476DC625095A5A7D7FF583EF92D3B9D2699DFAC735FA52FDAB417781EFD92F356F9D7C2606C3DA4345E2FD02A0694D065CA4610263B
                  Malicious:false
                  Preview:SessionID=ea439cea-cbd5-40e5-8e71-6040f5508e6f.1734968322738 Timestamp=2024-12-23T10:38:42:738-0500 ThreadID=7428 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=ea439cea-cbd5-40e5-8e71-6040f5508e6f.1734968322738 Timestamp=2024-12-23T10:38:42:739-0500 ThreadID=7428 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=ea439cea-cbd5-40e5-8e71-6040f5508e6f.1734968322738 Timestamp=2024-12-23T10:38:42:739-0500 ThreadID=7428 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=ea439cea-cbd5-40e5-8e71-6040f5508e6f.1734968322738 Timestamp=2024-12-23T10:38:42:739-0500 ThreadID=7428 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=ea439cea-cbd5-40e5-8e71-6040f5508e6f.1734968322738 Timestamp=2024-12-23T10:38:42:739-0500 ThreadID=7428 Component=ngl-lib_NglAppLib Description="SetConf
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):29752
                  Entropy (8bit):5.387370294127624
                  Encrypted:false
                  SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rT:X
                  MD5:BBC23C5DBECE57AEE65A4B6D170B7B6A
                  SHA1:6BD6701058181F148B98566799D5F5A66D3BAC4F
                  SHA-256:AA437112CC397B3B6940B30DC9A7C28EBFB2F9A3013B4BEA1B5EAD11CBF1820F
                  SHA-512:5FCE26FA35662196AD3D78713F695F36A16340AB6A42BE7AE5E877EBFDF3077C6B9516CBC72EFF80E8A1E3A991D354741F3780B87F1B9D941B93C8E4BB7C81F7
                  Malicious:false
                  Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                  Category:dropped
                  Size (bytes):1419751
                  Entropy (8bit):7.976496077007677
                  Encrypted:false
                  SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                  MD5:18E3D04537AF72FDBEB3760B2D10C80E
                  SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                  SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                  SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                  Malicious:false
                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                  Category:dropped
                  Size (bytes):386528
                  Entropy (8bit):7.9736851559892425
                  Encrypted:false
                  SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                  MD5:5C48B0AD2FEF800949466AE872E1F1E2
                  SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                  SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                  SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                  Malicious:false
                  Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                  Category:dropped
                  Size (bytes):1407294
                  Entropy (8bit):7.97605879016224
                  Encrypted:false
                  SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                  MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                  SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                  SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                  SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                  Malicious:false
                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                  Category:dropped
                  Size (bytes):758601
                  Entropy (8bit):7.98639316555857
                  Encrypted:false
                  SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                  MD5:3A49135134665364308390AC398006F1
                  SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                  SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                  SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                  Malicious:false
                  Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                  File type:PDF document, version 1.3, 3 pages
                  Entropy (8bit):7.696131811982768
                  TrID:
                  • Adobe Portable Document Format (5005/1) 100.00%
                  File name:RJ-LLOH-DN1_1-20241219013626-16004075.PDF
                  File size:39'349 bytes
                  MD5:9b0e379fc6ecb42a16b3cff68024da3f
                  SHA1:f77a692c3a62052a94361ef6c543faae1acd5a00
                  SHA256:9841d4b8993533887a5f67bd4a191d441ff3cd030011295d1ee752d24c0ef57a
                  SHA512:afe5aaad1147a8528962016c0d55a49d995d5f3050edd6e9af137d7d48607e77bc22141d19d8319d8c1e46916a0f541b0af92ef0cdeeb26e612e2bfea95cb374
                  SSDEEP:768:qsRtnSQeLG1pTAvqFzd9u7DZScfAd0g+fKfjAHSUuKrVxbtkR8SsbRMoYQKT4pD/:5jSQeG36qFhQHZq+g+fE+NK3kVKdOqvg
                  TLSH:A003BF94B80AECDDF55287F7EB26A2C3681CF30610D464D118FC4E4F1EA0F5A7ABA149
                  File Content Preview:%PDF-1.3..%......1 0 obj..<</Title (DN1_1)/Producer (ComponentOne C1Report)/CreationDate (D:20241219133626-08'00')/ModDate (D:20241219133626-08'00')>>..endobj..2 0 obj..<</Length 5044/Filter /FlateDecode>>stream..x..RMK.@......,8.......E..Z. ...$UZ..}gSKS
                  Icon Hash:62cc8caeb29e8ae0

                  General

                  Header:%PDF-1.3
                  Total Entropy:7.696132
                  Total Bytes:39349
                  Stream Entropy:7.785998
                  Stream Bytes:32316
                  Entropy outside Streams:5.241619
                  Bytes outside Streams:7033
                  Number of EOF found:1
                  Bytes after EOF:
                  NameCount
                  obj40
                  endobj40
                  stream11
                  endstream11
                  xref1
                  trailer1
                  startxref1
                  /Page3
                  /Encrypt0
                  /ObjStm0
                  /URI0
                  /JS0
                  /JavaScript0
                  /AA0
                  /OpenAction0
                  /AcroForm0
                  /JBIG2Decode0
                  /RichMedia0
                  /Launch0
                  /EmbeddedFile0

                  Image Streams

                  IDDHASHMD5Preview
                  31ed9d969a9a9455644046225dc5b11e4c6025bd9f5f422bd6
                  32000202060c18604071216537fce8a21652fd55f711019fb7
                  No network behavior found

                  Click to jump to process

                  Click to jump to process

                  Click to dive into process behavior distribution

                  Click to jump to process

                  Target ID:0
                  Start time:10:38:39
                  Start date:23/12/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\RJ-LLOH-DN1_1-20241219013626-16004075.PDF"
                  Imagebase:0x7ff6bc1b0000
                  File size:5'641'176 bytes
                  MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  Target ID:1
                  Start time:10:38:40
                  Start date:23/12/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                  Imagebase:0x7ff74bb60000
                  File size:3'581'912 bytes
                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  Target ID:3
                  Start time:10:38:40
                  Start date:23/12/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1744,i,10303162133773050494,14992278128259906983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                  Imagebase:0x7ff74bb60000
                  File size:3'581'912 bytes
                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  Target ID:6
                  Start time:10:38:44
                  Start date:23/12/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  Wow64 process (32bit):
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\RJ-LLOH-DN1_1-20241219013626-16004075.PDF"
                  Imagebase:
                  File size:5'641'176 bytes
                  MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  Target ID:9
                  Start time:10:38:47
                  Start date:23/12/2024
                  Path:C:\Windows\System32\WerFault.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\WerFault.exe -u -p 7348 -s 1696
                  Imagebase:0x7ff7f44b0000
                  File size:570'736 bytes
                  MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  No disassembly