Edit tour

Windows Analysis Report
Certificate of Insurance (5).pdf

Overview

General Information

Sample name:	Certificate of Insurance (5).pdf
Analysis ID:	1537106
MD5:	8c076b5bf5f8f6183ee7896e8dcf30db
SHA1:	8f9bdbebcb24637c6d88e69576f0f343859d593f
SHA256:	919a3f484ac525845930707a0c0595986e1e66bd632e8de46fa016e3f46844b4
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 5832 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Certificate of Insurance (5).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6912 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6660 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1244,i,8890678840112915992,8546427508451947814,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: classification engine

Classification label: clean0.winPDF@14/28@2/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 09-13-42-804.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Certificate of Insurance (5).pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1244,i,8890678840112915992,8546427508451947814,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1244,i,8890678840112915992,8546427508451947814,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Certificate of Insurance (5).pdf	Initial sample: PDF keyword /JS count = 0
Source: Certificate of Insurance (5).pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Certificate of Insurance (5).pdf

Initial sample: PDF keyword stream count = 132

Source: Certificate of Insurance (5).pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Certificate of Insurance (5).pdf

Initial sample: PDF keyword endstream count = 132

Source: Certificate of Insurance (5).pdf

Initial sample: PDF keyword obj count = 143

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false		unknown
x1.i.lencr.org	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	URL Reputation: safe	unknown
https://www.adobe.co	ReaderMessages.0.dr	false		unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1537106
Start date and time:	2024-10-18 15:12:32 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Certificate of Insurance (5).pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/28@2/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 23.22.254.206, 54.227.187.23, 52.202.204.11, 52.5.13.197, 162.159.61.3, 172.64.41.3, 199.232.214.172, 2.19.126.143, 2.19.126.149, 2.23.197.184, 88.221.168.141, 2.16.100.168, 88.221.110.91
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Certificate of Insurance (5).pdf

Simulations

Behavior and APIs

Time	Type	Description
09:13:53	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	286311577774055690.js	Get hash	malicious	Strela Downloader	Browse	199.232.210.172
	bB0yJfzf0t.exe	Get hash	malicious	LummaC	Browse	199.232.210.172
	JdHvcxG4Up.exe	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://eos.atebasyno.com/Jed4ZO4/#Kinfo@pickprotection.com	Get hash	malicious	Unknown	Browse	199.232.210.172
	BiND1pQviD.lnk	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://bino8-7920.twil.io/index4.html	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://plankton-app-xfp49.ondigitalocean.app	Get hash	malicious	TechSupportScam	Browse	199.232.210.172
	n5h5BaL8q0.exe	Get hash	malicious	Sality, XWorm	Browse	199.232.210.172
	n7c4wEaovN.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	RFQ-KTE-07102024.pdf.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	199.232.210.172

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.214796883936732
Encrypted:	false
SSDEEP:	6:hn4gU9+q2PqLTwi2nKuAl9OmbnIFUt8Wn4G6XJZmw+Wn4G6X9VkwOqLTwi2nKuAR:h4n4v8wZHAahFUt8W4G6XJ/+W4G6XD5t
MD5:	B0B558D823536B233E03493E167D6A0D
SHA1:	E6B894D8ABB19FDF6AAD601979D8290702F69547
SHA-256:	348CE0A4C422A7F287F9D228789FED856C016312A05670FE330195F76FE290D3
SHA-512:	3AA6A33F4E5963E89AAD3A277E3EF73368B59C8BD0F2086D5BA96815AB36038540D1C83E1B438CC47A117FFBD400F9EE20F9333729063EA7C9F2D60EC8A151CF
Malicious:	false
Reputation:	low
Preview:	2024/10/18-09:13:41.050 1868 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/18-09:13:41.052 1868 Recovering log #3.2024/10/18-09:13:41.052 1868 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.214796883936732
Encrypted:	false
SSDEEP:	6:hn4gU9+q2PqLTwi2nKuAl9OmbnIFUt8Wn4G6XJZmw+Wn4G6X9VkwOqLTwi2nKuAR:h4n4v8wZHAahFUt8W4G6XJ/+W4G6XD5t
MD5:	B0B558D823536B233E03493E167D6A0D
SHA1:	E6B894D8ABB19FDF6AAD601979D8290702F69547
SHA-256:	348CE0A4C422A7F287F9D228789FED856C016312A05670FE330195F76FE290D3
SHA-512:	3AA6A33F4E5963E89AAD3A277E3EF73368B59C8BD0F2086D5BA96815AB36038540D1C83E1B438CC47A117FFBD400F9EE20F9333729063EA7C9F2D60EC8A151CF
Malicious:	false
Reputation:	low
Preview:	2024/10/18-09:13:41.050 1868 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/18-09:13:41.052 1868 Recovering log #3.2024/10/18-09:13:41.052 1868 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.176010594106898
Encrypted:	false
SSDEEP:	6:hny6SVq2PqLTwi2nKuAl9Ombzo2jMGIFUt8WnyQOagZmw+WnyvIkwOqLTwi2nKuA:hDSVv8wZHAa8uFUt8W/g/+WsI5TwZHAv
MD5:	F721E133CB92213BED8BC35B8E54F13B
SHA1:	A3F583E96B77248EE09303F47FF47572A3711FA2
SHA-256:	46DF9F479A416FAEB05FC9D3F968859DFF8BBB468332367066CA5A7612AEA918
SHA-512:	EBB78D2D27B23D19201D515A16518912543582E329DD4EAF5C8D6CC3AB114CF401BE890E6AE9658E4DB6EDE648113565C2A7096D133D5672B8698F457C0F78D5
Malicious:	false
Reputation:	low
Preview:	2024/10/18-09:13:41.554 1200 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/18-09:13:41.555 1200 Recovering log #3.2024/10/18-09:13:41.556 1200 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.176010594106898
Encrypted:	false
SSDEEP:	6:hny6SVq2PqLTwi2nKuAl9Ombzo2jMGIFUt8WnyQOagZmw+WnyvIkwOqLTwi2nKuA:hDSVv8wZHAa8uFUt8W/g/+WsI5TwZHAv
MD5:	F721E133CB92213BED8BC35B8E54F13B
SHA1:	A3F583E96B77248EE09303F47FF47572A3711FA2
SHA-256:	46DF9F479A416FAEB05FC9D3F968859DFF8BBB468332367066CA5A7612AEA918
SHA-512:	EBB78D2D27B23D19201D515A16518912543582E329DD4EAF5C8D6CC3AB114CF401BE890E6AE9658E4DB6EDE648113565C2A7096D133D5672B8698F457C0F78D5
Malicious:	false
Reputation:	low
Preview:	2024/10/18-09:13:41.554 1200 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/18-09:13:41.555 1200 Recovering log #3.2024/10/18-09:13:41.556 1200 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.9707925746743955
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqy99TksBdOg2Hphcaq3QYiub5P7E4T3y:Y2sRdspTJdMHpY3QYhbt7nby
MD5:	7673374D3AFB990FDE42EA8B5723D6D6
SHA1:	0C08EC604846D4C1CD02FBE7114BF37C2A60101C
SHA-256:	A043947CFC5FAC1A5052788176F37D835680AC53E7CDA0A7093FC5BC12242588
SHA-512:	30609CF6292966FC40768C15C18F2C666E5A9811597DD5CE6097F363907DA11A3899E4ACB21B71C570B88DB6C167B1293F4B2A922F06CD8E5D3FF7D4DBD4F39A
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373817227502798","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":236848},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.9","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bebefcf5-13dd-43f0-a3ce-19f66c2e1369.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.9707925746743955
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqy99TksBdOg2Hphcaq3QYiub5P7E4T3y:Y2sRdspTJdMHpY3QYhbt7nby
MD5:	7673374D3AFB990FDE42EA8B5723D6D6
SHA1:	0C08EC604846D4C1CD02FBE7114BF37C2A60101C
SHA-256:	A043947CFC5FAC1A5052788176F37D835680AC53E7CDA0A7093FC5BC12242588
SHA-512:	30609CF6292966FC40768C15C18F2C666E5A9811597DD5CE6097F363907DA11A3899E4ACB21B71C570B88DB6C167B1293F4B2A922F06CD8E5D3FF7D4DBD4F39A
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373817227502798","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":236848},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.9","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4288
Entropy (8bit):	5.220810184404041
Encrypted:	false
SSDEEP:	96:GICD8SBCmPAi8j0/8qbGNSwPgGYPx8xRqhm068OzzhDze+qH4DwHGpZ:1CDLCmPj8j0/8qKgwPHYPx8xemT8Ozzj
MD5:	87DBA11A291304A66DE697F78E6889D0
SHA1:	39C24AC22CB55FC16035D7FFEDCD0C1CE63F7E7F
SHA-256:	2C2EB010326A3D72705D51F64D994B542BA35FC8BD7386FFF25E45FE41CE6624
SHA-512:	AE898C120580A78E35710B960874ECD6D07D74AF2A7DCADBE080F70CDA5EFE15ECB691A6671FAB7EB530930740A6AF209323B98639409F19F015AE77BD77C0AE
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-W...o................next-map-id.1.Pnamespace-ed11ed50_1515_4296_b27c_721e1e1acdec-https://rna-resource.acrobat.com/.0.w..r................next-map-id.2.Snamespace-f62cae74_b031_4dd2_8c7b_e9ef3858dbf9-https://rna-v2-resource.acrobat.com/.1:M4.r................next-map-id.3.Snamespace-2a2b5482_c0ce_4c74_9fbc_8a8daf6ed72d-https://rna-v2-resource.acrobat.com/.2IE..o................next-map-id.4.Pnamespace-b58dfce7_364b_43da_946b_3d7546a793e5-https://rna-resource.acrobat.com/.3KQ..^...............Pnamespace-ed11ed50_1515_4296_b27c_721e1e1acdec-https://rna-resource.acrobat.com/.xK.^...............Pnamespace-b58dfce7_364b_43da_946b_3d7546a793e5-https://rna-resource.acrobat.com/.i.+a...............Snamespace-f62cae74_b031_4dd2_8c7b_e9ef3858dbf9-https://rna-v2-resource.acrobat.com/Tz.qa...............Snamespace-2a2b5482_c0ce_4c74_9fbc_8a8daf6ed72d-https://rna-v2-resource.acrobat.com/"_.o................next-map-id.5.Pnamespace-7c898a99_566e_4628_b4ec_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.131451180026295
Encrypted:	false
SSDEEP:	6:hnN3YVq2PqLTwi2nKuAl9OmbzNMxIFUt8WnNVSgZmw+WnNX0SIkwOqLTwi2nKuAo:hJYVv8wZHAa8jFUt8WKg/+WF3I5TwZHP
MD5:	EBA4CE3DE4A46120205AE913A9E1A417
SHA1:	AAC924B934CAECA541C07AFA1461848ABEE71D01
SHA-256:	1C8DC150FC19BD2B8280ED8457D6FBFB67D3C332F36F261DD708AC584D94984A
SHA-512:	5CC7DD8D41AF5AF65AC76FFD277A85DFF8B6697C3FC8F30F49D74FD200C707F70ABC3B760ABF7DD7A3ABF4B65E384321EED42952C93D5781F40A617E6DA78942
Malicious:	false
Reputation:	low
Preview:	2024/10/18-09:13:42.139 1200 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/18-09:13:42.188 1200 Recovering log #3.2024/10/18-09:13:42.204 1200 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.131451180026295
Encrypted:	false
SSDEEP:	6:hnN3YVq2PqLTwi2nKuAl9OmbzNMxIFUt8WnNVSgZmw+WnNX0SIkwOqLTwi2nKuAo:hJYVv8wZHAa8jFUt8WKg/+WF3I5TwZHP
MD5:	EBA4CE3DE4A46120205AE913A9E1A417
SHA1:	AAC924B934CAECA541C07AFA1461848ABEE71D01
SHA-256:	1C8DC150FC19BD2B8280ED8457D6FBFB67D3C332F36F261DD708AC584D94984A
SHA-512:	5CC7DD8D41AF5AF65AC76FFD277A85DFF8B6697C3FC8F30F49D74FD200C707F70ABC3B760ABF7DD7A3ABF4B65E384321EED42952C93D5781F40A617E6DA78942
Malicious:	false
Preview:	2024/10/18-09:13:42.139 1200 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/18-09:13:42.188 1200 Recovering log #3.2024/10/18-09:13:42.204 1200 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241018131346Z-207.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.9702631883255544
Encrypted:	false
SSDEEP:	96:U7y9rKHa0qlY7Az455bVMMJ9Hz51D4bogy7MQi7MEevY:U7jqYAk5p9zcfmg
MD5:	A8DD62860C383F6F48483C25D8633DB6
SHA1:	B0CBCBA8E4476F042F37A41967D71CA4E68A5AE3
SHA-256:	FE993C514A9690036E25A44FE6BE927E69B3C9ECC66693D2F2CF746ACFECDB5B
SHA-512:	477C7347EB55EF6997AC5E7D963C897CB7084EF54A73CC429FA6F8C921A97701784361762F6C6E08BDC2195451AFF43089DAD479BE694B4B06363A5D97049095
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.438537548586652
Encrypted:	false
SSDEEP:	384:ye+ci5GViBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:pZurVgazUpUTTGt
MD5:	EF34FE299EF6B74145978698991CE769
SHA1:	1C5BC5342139A780B772EB9CF21BDF66328DD772
SHA-256:	34937D560C2B7082DC0AEC85661F918E6FC4C8A268E76C901DBBA275ED0E3416
SHA-512:	A79FCB72EE21A3ABD3DAE362218E24B1021848E6614DD51430074F0B4E42BC859F32C4E397498AD748D8DE7965B5335B37ED191B1EF4EDFA608FC9FA2090847A
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7689065370129997
Encrypted:	false
SSDEEP:	48:7M9JioyV8ioyCoy1C7oy16oy1eKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1OH:7SJu8StXjBiKb9IVXEBodRBkP
MD5:	200640CCCA601D2DFAE56C2870E7F00C
SHA1:	1CBD10011EB3AC1A2B54B742C227EC5F7ABAD054
SHA-256:	40E8D5B28AD32FA18D14600A42E110DBC137E9F6E6C576FD45C772098CFDDECF
SHA-512:	55C97D120C2D4C115FD846E6EA101A9F8810B633F6FBB76AC043068C8A68AA31A072837ED550181FD4FC6B9FF3453275742716B1F00C2474925B17EE7B2BE521
Malicious:	false
Preview:	.... .c.....Z..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.766862344522533
Encrypted:	false
SSDEEP:	3:kkFkl8J8UfllXlE/HT8kbtNNX8RolJuRdxLlGB9lQRYwpDdt:kKlqT88TNMa8RdWBwRd
MD5:	8E12ACCB0F8028980007BC2018D6C30E
SHA1:	9023BBCAAFB91D8501D9A8E74DDFB84FC6B993B0
SHA-256:	4A0BDD7EB9E606CBFCF243AE3577D6F4B50FD51342B9F45317AF60C01126459E
SHA-512:	523CB90B28C5E2D06FCB722A0CDC170200950600C92BB9920571A2ABD5EE261EF81D52A397FD5BAD757954558D7A8A1BFBDC047DD44441B87FA9F7D0DCBAAA66
Malicious:	false
Preview:	p...... ........O._!..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.253995428229511
Encrypted:	false
SSDEEP:	6:kKhF9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:ZsDImsLNkPlE99SNxAhUe/3
MD5:	37C31A91F36B38EBBA438C57B048E01C
SHA1:	517BC8D605B16BA585F3B2408AE2F05E8C3D3C9C
SHA-256:	BA8C85D941B301083D119A29093AC1ABE4A26BF7BB496B0EA0AFCE5969CBCFDC
SHA-512:	1B848CCBCB412C28002D87A7801D900F5A809F84C5B3D7D654C5DF94C6D6D31FCB173826C2F9C6707F4A8B3AEBF64C25E5C1629E5DC26454C81FCD506E3209E3
Malicious:	false
Preview:	p...... ............_!..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2145
Entropy (8bit):	5.07680959612068
Encrypted:	false
SSDEEP:	48:YBN8+pREYgPrbyyCHzqi/Sai05iCdskaG:s21izifCekh
MD5:	B4FAAEB19BB4BCB4005023D4AF204474
SHA1:	C3EFF5B0F9B3D9CBEE46B0527DB1F68087BB1AF7
SHA-256:	0FA835026CAE5D66321E0511EF37E5B33B9AE4EEA7C97E1110AF9BC12F8025CA
SHA-512:	6285B59E58BAB6A2F0871AED09ACD783036CB6BE603B3C43E2BB6FB3B39BAFDC0C271306F90C48C2246DB6F905B5B65ECDC0F6390DD8341515AE524D148CB45F
Malicious:	false
Preview:	{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1729257223000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"9f71146ae436bcff85ea1a8c05943f80","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696497325000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"fef0bbb2ea07a6034dbbef29c1688727","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696497325000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"77f32a358e45138f9f35db38e0d8c4fc","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696497318000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"41daed47c2f4c5452f0670ebc08bb211","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696496482000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"ba41a8c5792eb1fb4db4b0a98b55a527","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696496482000},{"id":"DC_Reader_Edit_LHP_Banner"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 26, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 26
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.3663511812813047
Encrypted:	false
SSDEEP:	24:TLBx/XYKQvGJF7urs9S6bqyKn6ylSTofcNqDuyKXKdqEKfS8EKfM1baqKF:Tll2GL7msMcKTlS8fcsuyRfIqa
MD5:	5762D2976CF14E85DAD54C848D88E646
SHA1:	5DBF4C813ADBEC1AC34EACBBF68EAEEC0191EC5E
SHA-256:	F6480A2E1C9812C9FEC7AB52C2B37EB3132C14EFFA1206B2B1788F9F5CF43050
SHA-512:	10A73E3A097A5E448C8568434512AC59682CAFAF86C5BBC0C73B2B146E0E4AA031F2C369BD0FCF7013395A0F00872ADB8CCF801E2C612ACB5FDAD18BDD41A620
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.8433423944800031
Encrypted:	false
SSDEEP:	48:7MUZGcKTlS8fcsuyAfIWRqGufl2GL7msH:7MDfcshuJKNVmsH
MD5:	52050F6C0363C414BAB840D25090FD4C
SHA1:	3CD106F32A1BAF9F84C5F36461D0F5A6152D599C
SHA-256:	11D5CA602BD6AB2A21F99F5B2CAEE888457D07FF90A6DB47FCE06AC4C50A75A1
SHA-512:	F52AF4044CEA81CF018ACD8B376EA73690A7850845C0839313DA48749713A9BFBCBC35F426BAC19182A4E61118475F45CE37DC0E1D6ABF55573B74F43A557D23
Malicious:	false
Preview:	.... .c.....?.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI84627.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.529459928009153
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKRasw:Qw946cPbiOxDlbYnuRKSQ
MD5:	43EFB73DE58414B1F217B09D1F71A11F
SHA1:	26B3F3D86E8D82BD834763C94B74E76BBE86A863
SHA-256:	99DBF566FBC55614102D99736349664388FA959A2E8C75E705BDAACF415414E4
SHA-512:	017EFE3DBA2C0B6158A0F620964EEC82EDDCA82A853F569B321CA4E9BEF960A76491A9E42D3E2D533B32D42FEE4FF307D688138DD8BFB5E492B45941F74EAAFE
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.8./.1.0./.2.0.2.4. . .0.9.:.1.3.:.4.8. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 09-13-42-804.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.330589339471305
Encrypted:	false
SSDEEP:	384:usQfQQjZyDzISMjg0svDBjA49Y0/sQHpMVhrSWD0Wny6WxIWd44mJmtaEKHvMMwh:Ink
MD5:	5BC0A308794F062FEC40F3016568DF9F
SHA1:	14149448191AB45E99011CBBEF39F2A9A03A0D15
SHA-256:	00D910C49F2885F6810F4019A916EFA52F12881CBF1525853D0C184E1B796473
SHA-512:	CF12E0787C1C2A129BE61C4572CF8A28FC48039B2ADFD1816E58078D8DD900771442F210C545AD9B3F4EAEC23F6F1480F7BBF262B6A631160B20D0785BC17242
Malicious:	false
Preview:	SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:171+0100 ThreadID=7060 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=eddad23d-dbc6-40b3-ba9e-21a55d862f0a.1696497318171 Timestamp=2023-10-05T10:15:18:172+0100 ThreadID=7060 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15113
Entropy (8bit):	5.370327488686664
Encrypted:	false
SSDEEP:	384:S2ybCCEMWQHHQF8+gBkfIFCTbE7cp6CPMP4MW+OC7E606sTRZiN8bwbSnbFDa/PH:GSc
MD5:	9F8337DFD945E7CEBA135B815FC9032F
SHA1:	3940D63AB606792289C7957C02BE21D10394AC25
SHA-256:	022F9CDA3053864483CED986A2F07DD694E73106B9224296FB13EFE06A9199C5
SHA-512:	521973334EA573024A246D9490848F2875E8F9B4C43CCECEA0F37F388CF1A288D46954987BDA2A035A4587A76917D48F944895F9000DACE75B5A674C8C90B5BD
Malicious:	false
Preview:	SessionID=c72f0c86-df3f-47c9-8c71-825269293b27.1729257222835 Timestamp=2024-10-18T09:13:42:835-0400 ThreadID=3972 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=c72f0c86-df3f-47c9-8c71-825269293b27.1729257222835 Timestamp=2024-10-18T09:13:42:837-0400 ThreadID=3972 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=c72f0c86-df3f-47c9-8c71-825269293b27.1729257222835 Timestamp=2024-10-18T09:13:42:837-0400 ThreadID=3972 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=c72f0c86-df3f-47c9-8c71-825269293b27.1729257222835 Timestamp=2024-10-18T09:13:42:837-0400 ThreadID=3972 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=c72f0c86-df3f-47c9-8c71-825269293b27.1729257222835 Timestamp=2024-10-18T09:13:42:837-0400 ThreadID=3972 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.391215080159019
Encrypted:	false
SSDEEP:	192:icbENIn5cbqlcbgIpLcbJcb4I5jcbKcbQIrxcbmlcbmIW8cbh:8qnXopZ50r6Wz
MD5:	DE2C39CB8DE94C10239B68F0EBE38BD8
SHA1:	E3C491176656374F120A34B0ABB614DBF97B267E
SHA-256:	29246C8F646FF4B88835C088E443A28E3FFD2F84AD0767607078E2812806EDC6
SHA-512:	803436B3B5E8EF460DE380FAD4742CAFF0533908B531E11C54126C8C12776F4109EA1B0FF99367E8541772EE893726E27B72CE1ACC49B31AF89B4FEB9ED04329
Malicious:	false
Preview:	05-10-2023 10:01:02:.---2---..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 10:01:02:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 10:01:02:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\05d96309-2072-40db-85e4-6aae16b9744d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\1631d5a9-ac4b-4cbf-b0b7-08e51ad734cd.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/nZwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:fZwZG/WLxYGZN3mlind9i4ufFXpAXkru
MD5:	1F3D69524A9D7E17BD2363C81D130F1A
SHA1:	C2A4A08839CBA47BEE2B601975F7C4F0CC191091
SHA-256:	D0FFBEC8502A0BE88A99F6708987658FEBE4CF3B6B79AF219C53EFF6458F9D9D
SHA-512:	A4CBE7073A7CB4C5E33E1CD903CCD7F24B78A04C037BFA1D90D9A5BBD12AF60E3DFFD6546277D1B765CA1DAC1CDA28D24D3454C81952B72D97CAF84DF395E99A
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\3ecbda71-d514-490d-b003-f98b5a143f7e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/I+wYIGNP4bdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07mWL07oXGZd:LwZG6b3mlind9i4ufFXpAXkrfUs0CWLk
MD5:	F5279DA3659F1FDF155BE793A409106A
SHA1:	B389FCDB8832ABD4BC4A06CB7E97107FC5E139EA
SHA-256:	4926C6879266E3E2301A1823FE1FF8772B1FA7A33163224B1B5C2695A0E372CA
SHA-512:	07CA1BF523F22967695DF263E7477135C69F5B9F6B612B8037F9434C099F5BE132957DAC9619F13F97FDDD6A543E78D395755F7BB644B34D864C46239F7DDAD6
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\5b4f8375-124e-454f-9c88-180674b950a0.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.15093788992401
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Certificate of Insurance (5).pdf
File size:	94'593 bytes
MD5:	8c076b5bf5f8f6183ee7896e8dcf30db
SHA1:	8f9bdbebcb24637c6d88e69576f0f343859d593f
SHA256:	919a3f484ac525845930707a0c0595986e1e66bd632e8de46fa016e3f46844b4
SHA512:	5761ff3d0518b4b49650a280f88a2d3fae6146cbd8643cfcf1d5213426ea2fa2808a662ffc61be69355c4c8853fd789b26496541bd9d097a6f6337eb2214d547
SSDEEP:	1536:iCrWVeL3+SMOg5OVByYT537QUtiGba2tMXW:SZSUCV5s2a6MXW
TLSH:	21934C5E8AAF34DCD48B88D4EC663145130DB2F6FBBB355A363C45607389A868E473D2
File Content Preview:	%PDF-1.4.%.....1 0 obj.<<./Length 3160./Subtype/XML./Type/Metadata.>>.stream.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c017 91.164464, 2020/06/15-10:20:05 ">. <rdf:RDF xm

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.150938
Total Bytes:	94593
Stream Entropy:	7.680910
Stream Bytes:	61017
Entropy outside Streams:	5.078270
Bytes outside Streams:	33576
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	143
endobj	143
stream	132
endstream	132
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
14	2349184757294c3b	a0e42dfc9b14c4be1dc59c9b48c0d20f
141	061511b7346870c0	b64290325c48c80e985369e9b78dbf61

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 18, 2024 15:13:53.711018085 CEST	53461	53	192.168.2.9	1.1.1.1
Oct 18, 2024 15:14:07.770247936 CEST	59672	53	192.168.2.9	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 18, 2024 15:13:53.711018085 CEST	192.168.2.9	1.1.1.1	0xcf94	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 18, 2024 15:14:07.770247936 CEST	192.168.2.9	1.1.1.1	0xff0a	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 18, 2024 15:13:51.058012009 CEST	1.1.1.1	192.168.2.9	0x8fb2	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 18, 2024 15:13:51.058012009 CEST	1.1.1.1	192.168.2.9	0x8fb2	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 18, 2024 15:13:53.718918085 CEST	1.1.1.1	192.168.2.9	0xcf94	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 18, 2024 15:14:07.778544903 CEST	1.1.1.1	192.168.2.9	0xff0a	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 5832, Parent PID: 3504

General

Target ID:	0
Start time:	09:13:39
Start date:	18/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Certificate of Insurance (5).pdf"
Imagebase:	0x7ff6153b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6912, Parent PID: 5832

General

Target ID:	2
Start time:	09:13:40
Start date:	18/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff61f300000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6660, Parent PID: 6912

General

Target ID:	4
Start time:	09:13:41
Start date:	18/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1244,i,8890678840112915992,8546427508451947814,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff61f300000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Certificate of Insurance (5).pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bebefcf5-13dd-43f0-a3ce-19f66c2e1369.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241018131346Z-207.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI84627.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-18 09-13-42-804.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\05d96309-2072-40db-85e4-6aae16b9744d.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\1631d5a9-ac4b-4cbf-b0b7-08e51ad734cd.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\3ecbda71-d514-490d-b003-f98b5a143f7e.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\5b4f8375-124e-454f-9c88-180674b950a0.tmp

Static File Info

General

File Icon

Static PDF Info

Windows Analysis Report
Certificate of Insurance (5).pdf