Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf

Overview

General Information

Sample name:FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf
Analysis ID:1523258
MD5:5f26d37fc2324b1e087248e81b41514c
SHA1:c70bf79893f944f93d94abed0b83c0009219464e
SHA256:df1e0e548c7f156bf751d8d33c599de8aa0f43b7c81187bd31f08e018f7b7a5a
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)
Unable to load, office file is protected or invalid
Unable to load, pdf file is invalid

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6916 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6248 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2864 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1748 --field-trial-handle=1584,i,15743715018445792783,2050393351802589568,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: 1fcfe33a-203b-4e7f-b829-ccf262e979f6.tmp.3.dr, 3283fd62-021c-45e2-b3ee-653b975511a2.tmp.3.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeWindow title found: formsubmission-report-damaged-propertydp-46359-24-0141-03.pdf
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeWindow title found: formsubmission-report-damaged-propertydp-46359-24-0141-03.pdf
Source: classification engineClassification label: clean1.winPDF@15/30@3/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 05-15-26-330.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1748 --field-trial-handle=1584,i,15743715018445792783,2050393351802589568,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1748 --field-trial-handle=1584,i,15743715018445792783,2050393351802589568,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdfInitial sample: PDF keyword /JS count = 0
Source: FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdfInitial sample: PDF keyword stream count = 36
Source: FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1523258 Sample: FormSubmission-report-damag... Startdate: 01/10/2024 Architecture: WINDOWS Score: 1 13 x1.i.lencr.org 2->13 7 Acrobat.exe 18 60 2->7         started        process3 process4 9 AcroCEF.exe 108 7->9         started        process5 11 AcroCEF.exe 6 9->11         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
bg.microsoft.map.fastly.net0%VirustotalBrowse
x1.i.lencr.org0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe
http://x1.i.lencr.org/0%URL Reputationsafe
https://chrome.cloudflare-dns.com0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalseunknown
x1.i.lencr.org
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://chrome.cloudflare-dns.com1fcfe33a-203b-4e7f-b829-ccf262e979f6.tmp.3.dr, 3283fd62-021c-45e2-b3ee-653b975511a2.tmp.3.drfalseunknown
http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1523258
Start date and time:2024-10-01 11:14:55 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 44s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:15
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf
Detection:CLEAN
Classification:clean1.winPDF@15/30@3/0
Cookbook Comments:
  • Found application associated with file extension: .pdf

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 199.232.214.172, 184.28.88.176, 52.202.204.11, 23.22.254.206, 54.227.187.23, 52.5.13.197, 172.64.41.3, 162.159.61.3, 2.23.197.184, 95.101.148.135, 2.19.126.143, 2.19.126.149
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.

Simulations

Behavior and APIs

TimeTypeDescription
05:15:37API Interceptor2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

InputOutput
URL: PDF document Model: jbxai
{
"brand":["Metropolitan Police"],
"contains_trigger_text":true,
"trigger_text":"Enter a postcode to find your address",
"prominent_button_name":"unknown",
"text_input_field_labels":["First name",
"Middle name(s)",
"Surname",
"Date of birth",
"Gender",
"Equalities",
"What is your ethnic group?",
"Which one best describes your White background?",
"Telephone number"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

No context

Domains

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
bg.microsoft.map.fastly.net044f.pdf.scrGet hashmaliciousRMSRemoteAdminBrowse
  • 199.232.214.172
RFQ-00032035.pdf.scr.exeGet hashmaliciousSnake KeyloggerBrowse
  • 199.232.214.172
po110-11#U3000Sip_KAHRAMANKAZAN AS %100% S51105P-E01 #Uff08fiyati teklifi#Uff09IMG .exeGet hashmaliciousSnake KeyloggerBrowse
  • 199.232.210.172
https://app.getresponse.com/change_details.html?x=a62b&m=BrgFNl&s=BW9rcZD&u=C3YQM&z=EMkQID6&pt=change_detailsGet hashmaliciousUnknownBrowse
  • 199.232.210.172
Scanned Purchase List.vbsGet hashmaliciousUnknownBrowse
  • 199.232.214.172
RFQ-00032035.PDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
  • 199.232.214.172
RFQ -SCHOTTEL Type SRP200.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
  • 199.232.214.172
https://www.afghanhayatrestaurant.com.au/Get hashmaliciousUnknownBrowse
  • 199.232.214.172
https://bestratedrobotvacuum.com/?bypass-cdn=1Get hashmaliciousUnknownBrowse
  • 199.232.210.172
http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=rCxHFZLdZUGNvhn9cgWChLhuCDtpfZJDs2F6orjCzx1UQTZXSUlaNE5INzZVSkgxRlBKR1RMSTVRTi4uGet hashmaliciousHTMLPhisherBrowse
  • 199.232.214.172

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):290
Entropy (8bit):5.1782420510774365
Encrypted:false
SSDEEP:6:+QL+q2PRN2nKuAl9OmbnIFUt8DdcQG1Zmw+rdSQLVkwORN2nKuAl9OmbjLJ:vyvaHAahFUt8B4/+JjR5JHAaSJ
MD5:1DBEBFC85BE36DF8E26B31ABB6DC016F
SHA1:2F30FAAF5EDC9E61EC4B6E1E4404872C1A71C98E
SHA-256:0D0C31AF142F5064B62D7765644102960E905D6265B314709EFEEB6BF0F62C5D
SHA-512:F492D864158571E3EFE82557C20FE4144D5722F289175B37A1256FC143E1F1CFAC007CA3744494A3C3EF2104F4AC95B5EAC233E8E5B4DA5E35605B4C2A65C831
Malicious:false
Reputation:low
Preview:2024/10/01-05:15:24.822 1898 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/01-05:15:24.824 1898 Recovering log #3.2024/10/01-05:15:24.825 1898 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):290
Entropy (8bit):5.1782420510774365
Encrypted:false
SSDEEP:6:+QL+q2PRN2nKuAl9OmbnIFUt8DdcQG1Zmw+rdSQLVkwORN2nKuAl9OmbjLJ:vyvaHAahFUt8B4/+JjR5JHAaSJ
MD5:1DBEBFC85BE36DF8E26B31ABB6DC016F
SHA1:2F30FAAF5EDC9E61EC4B6E1E4404872C1A71C98E
SHA-256:0D0C31AF142F5064B62D7765644102960E905D6265B314709EFEEB6BF0F62C5D
SHA-512:F492D864158571E3EFE82557C20FE4144D5722F289175B37A1256FC143E1F1CFAC007CA3744494A3C3EF2104F4AC95B5EAC233E8E5B4DA5E35605B4C2A65C831
Malicious:false
Reputation:low
Preview:2024/10/01-05:15:24.822 1898 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/01-05:15:24.824 1898 Recovering log #3.2024/10/01-05:15:24.825 1898 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):334
Entropy (8bit):5.187286919560248
Encrypted:false
SSDEEP:6:qIq2PRN2nKuAl9Ombzo2jMGIFUt8uZmw+CkwORN2nKuAl9Ombzo2jMmLJ:7vaHAa8uFUt8u/+C5JHAa8RJ
MD5:AB8645CB5B0AB8239711986323CDD97D
SHA1:1087489DF011E7D724C2B8828A09AC4DA4111130
SHA-256:8D915345374D8EF7E9C8EC0113ABEF0DD87A833D1ED65B1DC57A055453B08411
SHA-512:90ACC84CB69A8E7E47B04B57BE9114A3CA05CE6B8D03BEB90A2CEB2A55DE514E013B8280B3797AFB8B0AE0303BE7AD1DD588471BE43415150C32708D1859117C
Malicious:false
Reputation:low
Preview:2024/10/01-05:15:24.723 1934 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/01-05:15:24.726 1934 Recovering log #3.2024/10/01-05:15:24.726 1934 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):334
Entropy (8bit):5.187286919560248
Encrypted:false
SSDEEP:6:qIq2PRN2nKuAl9Ombzo2jMGIFUt8uZmw+CkwORN2nKuAl9Ombzo2jMmLJ:7vaHAa8uFUt8u/+C5JHAa8RJ
MD5:AB8645CB5B0AB8239711986323CDD97D
SHA1:1087489DF011E7D724C2B8828A09AC4DA4111130
SHA-256:8D915345374D8EF7E9C8EC0113ABEF0DD87A833D1ED65B1DC57A055453B08411
SHA-512:90ACC84CB69A8E7E47B04B57BE9114A3CA05CE6B8D03BEB90A2CEB2A55DE514E013B8280B3797AFB8B0AE0303BE7AD1DD588471BE43415150C32708D1859117C
Malicious:false
Reputation:low
Preview:2024/10/01-05:15:24.723 1934 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/01-05:15:24.726 1934 Recovering log #3.2024/10/01-05:15:24.726 1934 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1fcfe33a-203b-4e7f-b829-ccf262e979f6.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):403
Entropy (8bit):4.953858338552356
Encrypted:false
SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:moderate, very likely benign file
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3283fd62-021c-45e2-b3ee-653b975511a2.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):403
Entropy (8bit):4.974671280395791
Encrypted:false
SSDEEP:12:YHO8sqHpSsBdOg2H6caq3QYiubrP7E4T3y:YXs6XdMH13QYhbz7nby
MD5:F75B0A627B66DDF5C281495FB68D7224
SHA1:F1709A0B78BAC7977B4EAFC604028C486EDD671B
SHA-256:614FE53213CDF87D8B7E0276C0399E1735E70109A85835A4311EC0E18488BB13
SHA-512:8BBBD67DFBE2EA908149C8FB1D8422F578C3853466622B9F50190504F2B6C22A64A1DF0F3302CD05EBF83C0ACF24366A6D6B8C4695E3B560113505521F51FB57
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372334130424491","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":170914},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):403
Entropy (8bit):4.953858338552356
Encrypted:false
SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:moderate, very likely benign file
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4769cc.TMP (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):403
Entropy (8bit):4.953858338552356
Encrypted:false
SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):4099
Entropy (8bit):5.23405513150064
Encrypted:false
SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xe1Rtw:OLT0bTIeYa51Ogu/0OZARBT8kN881Rtw
MD5:D5D009727A32007E039E059FAE235AE1
SHA1:1BBC67D4E068D5E5DB63BEF80D2A761F5B1D3E7E
SHA-256:8F6DE95B185BA559965CBC352451527F26B627E7CDFCB6A657D47E4CA0A51B00
SHA-512:9637836D0D7D1EDC5E8DBA25D1DF4A2CA10F886DAAD09FE28C887369BF3A8308B8B4DCE72EE8E926185B84A4CDFACADB13F336E0DC7026C32A179FCD9CDD20D6
Malicious:false
Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):322
Entropy (8bit):5.217841091865283
Encrypted:false
SSDEEP:6:AMq2PRN2nKuAl9OmbzNMxIFUt8PZZmw+BFWFkwORN2nKuAl9OmbzNMFLJ:dvaHAa8jFUt8PZ/+BwF5JHAa84J
MD5:50BB1BC7AD3143CD00B3D2229F39B0D6
SHA1:120A3ADF85BC894CED6772739B0ECDA5A84CA446
SHA-256:BC8C59C4DA7FD122E578A021086DCF663B1FC390B7EFF17E605E55D57161354B
SHA-512:06AC93FA723CA20BB1ACCF26BECD4AB15188DAAC225605AF2D2A8A623B18865E9E6B388C6C9FB88DCAC7DEE3F9A47DA30228A6B4BECE3BA78416E9AAEFF191B4
Malicious:false
Preview:2024/10/01-05:15:24.866 1934 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/01-05:15:24.868 1934 Recovering log #3.2024/10/01-05:15:24.869 1934 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):322
Entropy (8bit):5.217841091865283
Encrypted:false
SSDEEP:6:AMq2PRN2nKuAl9OmbzNMxIFUt8PZZmw+BFWFkwORN2nKuAl9OmbzNMFLJ:dvaHAa8jFUt8PZ/+BwF5JHAa84J
MD5:50BB1BC7AD3143CD00B3D2229F39B0D6
SHA1:120A3ADF85BC894CED6772739B0ECDA5A84CA446
SHA-256:BC8C59C4DA7FD122E578A021086DCF663B1FC390B7EFF17E605E55D57161354B
SHA-512:06AC93FA723CA20BB1ACCF26BECD4AB15188DAAC225605AF2D2A8A623B18865E9E6B388C6C9FB88DCAC7DEE3F9A47DA30228A6B4BECE3BA78416E9AAEFF191B4
Malicious:false
Preview:2024/10/01-05:15:24.866 1934 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/01-05:15:24.868 1934 Recovering log #3.2024/10/01-05:15:24.869 1934 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241001091528Z-167.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:dropped
Size (bytes):65110
Entropy (8bit):1.0705737776829454
Encrypted:false
SSDEEP:192:7Ie6XpJg+NsvLBcwDDskqLAcDahaS3aezW:ce6ZJg+NsTB9IkqLA4axaezW
MD5:52F45CD0D251C7971941D89F33CB04ED
SHA1:1D6CAE0C204C89A7FE18F1B98D0CCDB588DDB8AB
SHA-256:E4A053F9EA5B8C79F0C559F912C7D43789CFA5A7F3A50FA9971AC10913146EEB
SHA-512:9FAE5F64227E0E299D1B7064E6988B5484129E79B2B872A6341B733A41BC18B45F14DACB5FE622EFCC77367D326EC3219EC911C59F3B11229B561C60051E0D8F
Malicious:false
Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:dropped
Size (bytes):57344
Entropy (8bit):3.291927920232006
Encrypted:false
SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:false
Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):16928
Entropy (8bit):1.214794785190883
Encrypted:false
SSDEEP:24:7+tke4qLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+U:7MMqLmFTIF3XmHjBoGGR+jMz+LhX
MD5:05BCCB1A676CE8D8080728A6CAED2A2D
SHA1:306171C066F880D9748A3A6F1720B3E2345422B6
SHA-256:31324EF8BDAA017CF81D76F5D7C036EAF8257EA581C1A7EB26153A7B31971A92
SHA-512:84BB3B9F19E7933CA5D549779ED0D18CCCF7B9E80CDFD302CFF596B74261498B3F2E669889EEDE5D04419594374ACD24B7360CB3196D583FA578EA8D1F80A552
Malicious:false
Preview:.... .c......:.,........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:Certificate, Version=3
Category:dropped
Size (bytes):1391
Entropy (8bit):7.705940075877404
Encrypted:false
SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:false
Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:dropped
Size (bytes):71954
Entropy (8bit):7.996617769952133
Encrypted:true
SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:false
Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):192
Entropy (8bit):2.742553200765872
Encrypted:false
SSDEEP:3:kkFklF0J6N/XfllXlE/HT8kywNNX8RolJuRdxLlGB9lQRYwpDdt:kKFhT8UNMa8RdWBwRd
MD5:E8FBC550A3FD1C16300739B3EF3D4610
SHA1:0D693F59A590BD35CD8FCD202397D577D06058AF
SHA-256:94BB0675A1A7471249493BD6C8909E2BFAEFFE8AA6EA5426592A6A7AA308A7A1
SHA-512:3746314F68779B94346FF6E507B7ADF4401E4C064D2C5FA00F7092B8E8348D7C7A415F61C434715C28E72E81A7E5305AA7FB7E3373A0B12EEE22472CD7220643
Malicious:false
Preview:p...... ..........z....(....................................................... ..........W.....o..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:modified
Size (bytes):328
Entropy (8bit):3.245596380966818
Encrypted:false
SSDEEP:6:kK/b3D9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:7aDImsLNkPlE99SNxAhUe/3
MD5:13F8CD86637C738660523E29DA60E20C
SHA1:70A92A3FECF2BA00C684D616AEBFE5CB532523E5
SHA-256:3928079CDDCACA501A1EE3BFCE24978459B796113C6E34EB8D111189368180CA
SHA-512:9087B7BD583FB500E2F5055542BA7BCA717E9BAAC84C07B2EA6A099B6B84F0795062DB7AF902A402F231C753584CAB2987EE71AB3021808C3D77DEA3882D12E9
Malicious:false
Preview:p...... ........E ......(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:3:e:e
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2145
Entropy (8bit):5.083094399376899
Encrypted:false
SSDEEP:48:YuAiESAuYCjWbj2CjxjZ4oijxi+0jPjrVbjBgajF:PDWP2ERaTx3y7BPBgMF
MD5:D3DC22233FD166E8D130B36BFC1FE0A9
SHA1:23EFED8128A91A0ABA5EB3910D1EE5838F562C36
SHA-256:8C100DC0ED4FDD2D0E847BACAA4D23FB08662B904484EDF0B7F7492E1FBDF840
SHA-512:F8EAD5C202A88420E98A580B37E5E5D16ED51704F5BCD79E286FE3E2FFE20C26D5EE9E8CEBFF73F7A9983E0C9C17A33770478C8721062177BAA15974034C05AC
Malicious:false
Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1727774127000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f44756c6e08822e64c0e471a2499e34d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696585148000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e8f53b6740aba22a83a1a569cebedbcc","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696585148000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"cc1faa6a0c714f2f0c497731f1772fa2","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696585143000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ab062dea95f25ef019cc2f5f5f0121d4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696583346000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"65580efad4bc88b91040ff50d71bfae9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696583346000},{"id":"DC_Reader_Edit_LHP_Banner"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:dropped
Size (bytes):12288
Entropy (8bit):0.9882492613444732
Encrypted:false
SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6Qe9/W0IcLESiAieF/W0F:TVl2GL7ms67YXtrZUcI8Nh
MD5:65E8265409EA16824232FB9DC7B475F9
SHA1:A1DC74B194B705E1506EF9B1D43692FAC3A1E16F
SHA-256:6A9CC591E2696BB23BD901D0A0708AC31C28D61C4D9C0A7E114EC852D6AFF153
SHA-512:785CB2D3A601DA0428598BB2EBF6BE32A0B11DE1BD36B2C79C85E513DA2E020BA7DDF81FCEC6C859D957B873D18F98C204DB2E9864448DC288EFAC8871DA89AD
Malicious:false
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.3423330134547817
Encrypted:false
SSDEEP:24:7+tZASY9QmQ6Qe9/W07cLESiAi0mY9Qn2vqLBx/XYKQvGJF7ursW:7MZlYXtrZ3cI8KYrvqll2GL7msW
MD5:F433B583F628922A02DD35C865BD5B0E
SHA1:84556AA92E991519F5AFA5A45332554BE78BCC33
SHA-256:73DFE8EDF9061F993E1BCFA1010EE6F05863F7DB680053F99E958459B4A5FDCF
SHA-512:1D92D3E1C67351419FD8DF0E553A6B5520ED8F0EFF9D4EB365B4BC8B9DD4CE17500E4812205FFD69CEE48544BF26506E3BF02DF873DD78BE4093D630DF22F56F
Malicious:false
Preview:.... .c.....^nRP......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI65c35.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.5085442896850614
Encrypted:false
SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K80QRWfUK+WH:Qw946cPbiOxDlbYnuRKtJ
MD5:CB1BD4D1AF8E825907CF937867130068
SHA1:AC7CECF058598D235BFD4E4DB66BFF4342C9D660
SHA-256:80164B47CA20731EC40AE4A96EC5F98F75073D9A3657AE15CD6D9A63DAF4B348
SHA-512:91792C9852F134D992FBFC8AF5F9C93FAE3F8305B7A378327A7CB7344CAE9C2AD8AC0E256249E592CA54DA8EE0B100CE32A2AC1247D4520B6A2242CF2B0A94E2
Malicious:false
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.1./.1.0./.2.0.2.4. . .0.5.:.1.5.:.3.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-01 05-15-26-330.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.353642815103214
Encrypted:false
SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
MD5:91F06491552FC977E9E8AF47786EE7C1
SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:false
Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393), with CRLF line terminators
Category:dropped
Size (bytes):15100
Entropy (8bit):5.329392001796822
Encrypted:false
SSDEEP:384:RQSdH1+NHmntLIcten5A5/s5Fy3RyznJ9CpN/jvTyDDZXpOcUXFxO9OXKVngPOOX:2Ev
MD5:4522DC7B6DB3BA3C8D27F7D406639E80
SHA1:F8B2C39F1AC17CA30BAA9BECC4E1BC5AAD32069F
SHA-256:782C8F651E7AE16887588AECF2391760648E08553B36F4F6592CEE45FD301FDD
SHA-512:7AE303B6E119A0BE9B09D6789B3F6EC410C1AB82FEB9C8305F5E4BAEBCB1BD109E6778901B4A23474617345B46F0147E44BB93945F71E0EEDE3A13E5DE4B871E
Malicious:false
Preview:SessionID=481e5efc-f820-404c-993e-b507a12c12b5.1727774126340 Timestamp=2024-10-01T05:15:26:340-0400 ThreadID=7160 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=481e5efc-f820-404c-993e-b507a12c12b5.1727774126340 Timestamp=2024-10-01T05:15:26:342-0400 ThreadID=7160 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=481e5efc-f820-404c-993e-b507a12c12b5.1727774126340 Timestamp=2024-10-01T05:15:26:342-0400 ThreadID=7160 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=481e5efc-f820-404c-993e-b507a12c12b5.1727774126340 Timestamp=2024-10-01T05:15:26:342-0400 ThreadID=7160 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=481e5efc-f820-404c-993e-b507a12c12b5.1727774126340 Timestamp=2024-10-01T05:15:26:343-0400 ThreadID=7160 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29752
Entropy (8bit):5.417332173639684
Encrypted:false
SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbWcbgIXZcbR:fhWlA/TVcXm
MD5:F4DA85E7FBCC8497FF960A4686175A00
SHA1:BFA07821DA997819E98C44F065B7560D85128A61
SHA-256:50E658E07E0C2DEDAF06DF8AD717D0D7E7D45EF3FB7265A2604E95F47AC6246C
SHA-512:DD0E8B48EA0858A1CF4FB0E96B2F91777C405E4891618337163227A06D1C1DF0F839F0309FB1E3D152C38D7E4F867BE276A223762E547695C372C6A0F5728CE2
Malicious:false
Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\36045617-78f0-4f82-b3a9-029309ca0a6e.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\5bd37ef2-2cc6-48b4-9138-98e1c82199c6.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:5C48B0AD2FEF800949466AE872E1F1E2
SHA1:337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:false
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\705efce7-2ed6-4770-b099-b019dc7a693a.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:dropped
Size (bytes):1419751
Entropy (8bit):7.976496077007677
Encrypted:false
SSDEEP:24576:/xA7ouWLWGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLWGZtwZGk3mlind9i4ufFXpAXkru
MD5:10A49704C14307DA643931E434B5697B
SHA1:E996E599F73A447A0DDD62C5AE25D98E455CD406
SHA-256:7DFF110E0508DCB08CDD725C082D138112BC38D486E2F1C4756ABB54A00221A0
SHA-512:11F98663DF844ACE77C4E712DAE2EF3A999F09B31DB69E36EE4A4EF57B840FD948434EC628E02CE990B6620B57C494105C54FD3177B92B505E3D2568E105E4FC
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\906e7574-cfbc-463b-af23-ba505f13c279.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
MD5:716C2C392DCD15C95BBD760EEBABFCD0
SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

Static File Info

General

File type:PDF document, version 1.5
Entropy (8bit):7.881287028587071
TrID:
  • Adobe Portable Document Format (5005/1) 100.00%
File name:FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf
File size:47'517 bytes
MD5:5f26d37fc2324b1e087248e81b41514c
SHA1:c70bf79893f944f93d94abed0b83c0009219464e
SHA256:df1e0e548c7f156bf751d8d33c599de8aa0f43b7c81187bd31f08e018f7b7a5a
SHA512:1a85c962580b075b019b1c42b5ba6469e5a6ab2f1e89ae4c8d3256b18539e23185cec9161dfe84de8c6a12bb574f37fbd644dca1a0631e0e3b53070348909ed0
SSDEEP:768:0fjJeTbdCpxL4yrDe5PwVPqzzHYcAKrjSGKjG9j0a8lWp91MIQdOreoN:a0TcpxLZrq5PwhqHYHGKjN/Ip967k
TLSH:7E23B057A16B1CF488C6D3D1BB15CE57FAFB9052271AC3E0383498573C0DEDAE12562A
File Content Preview:%PDF-1.5..%......20 0 obj..<<../Type /Catalog../Pages 21 0 R../AcroForm 22 0 R..>>..endobj..3 0 obj..<<../Length1 15500../Length 8725../Filter /FlateDecode..>>..stream..x..y.t[U...OO.......=.E.r.k.;.%...d.-NsdK....QIp..Cz .0......0...dX 3.2K`h..0.!..,....

File Icon

Icon Hash:62cc8caeb29e8ae0

Static PDF Info

General

Header:%PDF-1.5
Total Entropy:7.881287
Total Bytes:47517
Stream Entropy:7.969169
Stream Bytes:42147
Entropy outside Streams:5.095852
Bytes outside Streams:5370
Number of EOF found:1
Bytes after EOF:

Keywords Statistics

NameCount
obj37
endobj37
stream36
endstream36
xref0
trailer0
startxref1
/Page0
/Encrypt0
/ObjStm1
/URI0
/JS0
/JavaScript0
/AA0
/OpenAction0
/AcroForm1
/JBIG2Decode0
/RichMedia0
/Launch0
/EmbeddedFile0

Image Streams

IDDHASHMD5Preview
138080808080808080b7391b04b280252ae80da07afdec59a3
144db2aa8594905c459cdb8d992e880b768215460bbde7be04

Network Behavior

Network Port Distribution

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Oct 1, 2024 11:15:37.164036989 CEST6319853192.168.2.161.1.1.1
Oct 1, 2024 11:15:49.721736908 CEST6056553192.168.2.161.1.1.1
Oct 1, 2024 11:16:03.086545944 CEST5870453192.168.2.161.1.1.1

DNS Queries

TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
Oct 1, 2024 11:15:37.164036989 CEST192.168.2.161.1.1.10x39f5Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
Oct 1, 2024 11:15:49.721736908 CEST192.168.2.161.1.1.10x9aebStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
Oct 1, 2024 11:16:03.086545944 CEST192.168.2.161.1.1.10x6226Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

DNS Answers

TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
Oct 1, 2024 11:15:26.059946060 CEST1.1.1.1192.168.2.160x5a54No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
Oct 1, 2024 11:15:26.059946060 CEST1.1.1.1192.168.2.160x5a54No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
Oct 1, 2024 11:15:37.172260046 CEST1.1.1.1192.168.2.160x39f5No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
Oct 1, 2024 11:15:49.729231119 CEST1.1.1.1192.168.2.160x9aebNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
Oct 1, 2024 11:16:03.094157934 CEST1.1.1.1192.168.2.160x6226No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:05:15:22
Start date:01/10/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\FormSubmission-report-damaged-propertydp-46359-24-0141-03.pdf"
Imagebase:0x7ff7776b0000
File size:5'641'176 bytes
MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

General

Target ID:2
Start time:05:15:23
Start date:01/10/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:0x7ff7066c0000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

General

Target ID:3
Start time:05:15:24
Start date:01/10/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1748 --field-trial-handle=1584,i,15743715018445792783,2050393351802589568,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:0x7ff7066c0000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

Disassembly

No disassembly