Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
INV_52974613.pdf

Overview

General Information

Sample name:INV_52974613.pdf
Analysis ID:1540338
MD5:bff7c19ba5e43f90784799397914dda6
SHA1:9dfbda38773ad5d9198798dba03d405e8151c9ac
SHA256:60d722bdd0b4adc1d475def33c5656f619523091887ef7e687f9780e4c1e7446
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

  • System is w10x64
  • Acrobat.exe (PID: 2300 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\INV_52974613.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3032 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6880 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1500,i,9647658906102425964,9160439233810104032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean0.winPDF@14/27@1/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-23 10-59-28-259.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\INV_52974613.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1500,i,9647658906102425964,9160439233810104032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1500,i,9647658906102425964,9160439233810104032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: INV_52974613.pdfInitial sample: PDF keyword /JS count = 0
Source: INV_52974613.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A9lypsi_zevyj4_1xs.tmp.1.drInitial sample: PDF keyword /JS count = 0
Source: A9lypsi_zevyj4_1xs.tmp.1.drInitial sample: PDF keyword /JavaScript count = 0
Source: INV_52974613.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System1
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1540338 Sample: INV_52974613.pdf Startdate: 23/10/2024 Architecture: WINDOWS Score: 0 13 x1.i.lencr.org 2->13 7 Acrobat.exe 20 57 2->7         started        process3 process4 9 AcroCEF.exe 109 7->9         started        process5 11 AcroCEF.exe 4 9->11         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe
NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    unknown
    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
    • URL Reputation: safe
    unknown
    No contacted IP infos
    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1540338
    Start date and time:2024-10-23 16:58:26 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 2s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:13
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:INV_52974613.pdf
    Detection:CLEAN
    Classification:clean0.winPDF@14/27@1/0
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer
    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 107.22.247.231, 34.193.227.236, 54.144.73.197, 162.159.61.3, 172.64.41.3, 95.101.148.135, 2.23.197.184, 2.19.126.143, 2.19.126.149, 93.184.221.240
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com, wu.azureedge.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: INV_52974613.pdf
    TimeTypeDescription
    10:59:39API Interceptor2x Sleep call for process: AcroCEF.exe modified
    InputOutput
    URL: PDF document Model: claude-3-haiku-20240307
    ```json
    {
      "contains_trigger_text": false,
      "trigger_text": "unknown",
      "prominent_button_name": "unknown",
      "text_input_field_labels": [
        "BILL TO",
        "DATE",
        "INVOICE #",
        "PAYMENT TERM"
      ],
      "pdf_icon_visible": false,
      "has_visible_captcha": false,
      "has_urgent_text": false,
      "has_visible_qrcode": false
    }
    URL: PDF document Model: claude-3-haiku-20240307
    ```json
    {
      "brands": [
        "obe Fitness"
      ]
    }
    No context
    No context
    No context
    No context
    No context
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.236062186426163
    Encrypted:false
    SSDEEP:6:hxGBv4q2PCHhJ2nKuAl9OmbnIFUt8yxeJZmw+yxeDkwOCHhJ2nKuAl9OmbjLJ:6KvBHAahFUt8//+t56HAaSJ
    MD5:38CBDB2330B3599C190C12288932AECE
    SHA1:39EF9C913A272183F5CA6AEE426A2C8A3F930E0A
    SHA-256:755B9CAA82A571FAA274B18CA032864B6E99004CF670D7908335C384CF40B9B0
    SHA-512:0979859231ED2B6E48D343DFBCF7DB457CC9FCE1861714BC1D5DAB992E2F67E4F02AE2EEEF703984B59E841D4766BBCEC595F56F0F026BB92B9AC87979A95B66
    Malicious:false
    Reputation:low
    Preview:2024/10/23-10:59:25.670 16d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/23-10:59:25.672 16d0 Recovering log #3.2024/10/23-10:59:25.672 16d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.236062186426163
    Encrypted:false
    SSDEEP:6:hxGBv4q2PCHhJ2nKuAl9OmbnIFUt8yxeJZmw+yxeDkwOCHhJ2nKuAl9OmbjLJ:6KvBHAahFUt8//+t56HAaSJ
    MD5:38CBDB2330B3599C190C12288932AECE
    SHA1:39EF9C913A272183F5CA6AEE426A2C8A3F930E0A
    SHA-256:755B9CAA82A571FAA274B18CA032864B6E99004CF670D7908335C384CF40B9B0
    SHA-512:0979859231ED2B6E48D343DFBCF7DB457CC9FCE1861714BC1D5DAB992E2F67E4F02AE2EEEF703984B59E841D4766BBCEC595F56F0F026BB92B9AC87979A95B66
    Malicious:false
    Reputation:low
    Preview:2024/10/23-10:59:25.670 16d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/23-10:59:25.672 16d0 Recovering log #3.2024/10/23-10:59:25.672 16d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):335
    Entropy (8bit):5.187654188373404
    Encrypted:false
    SSDEEP:6:hxSQWM+q2PCHhJ2nKuAl9Ombzo2jMGIFUt8yxjSG1Zmw+yxjSQWMVkwOCHhJ2nK3:j+vBHAa8uFUt8u11/+u3V56HAa8RJ
    MD5:405FCD3B06D1BF8201C562E818813140
    SHA1:36E1D82F642E816A94C3AAC2EE415B8645425D3B
    SHA-256:E265C149081C95B7192B892FAC206E075E2B58F43B0BE5B379ECB53DEE10B4BF
    SHA-512:92716234168E16D09586E20920752990A86087B39C466FFF8F8FBEFD03CFCC71A536EE9FE37EA2286F909B913C02152D42C6D1F975D925D40AE52691FA4FE6C4
    Malicious:false
    Reputation:low
    Preview:2024/10/23-10:59:25.691 9ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/23-10:59:25.695 9ac Recovering log #3.2024/10/23-10:59:25.695 9ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):335
    Entropy (8bit):5.187654188373404
    Encrypted:false
    SSDEEP:6:hxSQWM+q2PCHhJ2nKuAl9Ombzo2jMGIFUt8yxjSG1Zmw+yxjSQWMVkwOCHhJ2nK3:j+vBHAa8uFUt8u11/+u3V56HAa8RJ
    MD5:405FCD3B06D1BF8201C562E818813140
    SHA1:36E1D82F642E816A94C3AAC2EE415B8645425D3B
    SHA-256:E265C149081C95B7192B892FAC206E075E2B58F43B0BE5B379ECB53DEE10B4BF
    SHA-512:92716234168E16D09586E20920752990A86087B39C466FFF8F8FBEFD03CFCC71A536EE9FE37EA2286F909B913C02152D42C6D1F975D925D40AE52691FA4FE6C4
    Malicious:false
    Reputation:low
    Preview:2024/10/23-10:59:25.691 9ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/23-10:59:25.695 9ac Recovering log #3.2024/10/23-10:59:25.695 9ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):475
    Entropy (8bit):4.970426470692803
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqjQnIMpEsBdOg2H+Y2caq3QYiub6P7E4T3y:Y2sRds0CdMH+YJ3QYhbS7nby
    MD5:3611187F2FEE61373130B271E4438C34
    SHA1:58BE918E03126BA434F7D1A8906D15C33786BAD3
    SHA-256:EDA21F4544FABDC47A907E8D9E681F0D9189EE6F4924C62C49079352B49A6587
    SHA-512:44CF2BE275392DB6891DBBC39923EF58FCAA84581BABC71E28A655365D2278B679FC1177A543555D8DF97C0DB1AE67E6CE0FE91A1FCBF53C31C3B866F1D1F626
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374255571715829","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":218409},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):475
    Entropy (8bit):4.970426470692803
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqjQnIMpEsBdOg2H+Y2caq3QYiub6P7E4T3y:Y2sRds0CdMH+YJ3QYhbS7nby
    MD5:3611187F2FEE61373130B271E4438C34
    SHA1:58BE918E03126BA434F7D1A8906D15C33786BAD3
    SHA-256:EDA21F4544FABDC47A907E8D9E681F0D9189EE6F4924C62C49079352B49A6587
    SHA-512:44CF2BE275392DB6891DBBC39923EF58FCAA84581BABC71E28A655365D2278B679FC1177A543555D8DF97C0DB1AE67E6CE0FE91A1FCBF53C31C3B866F1D1F626
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374255571715829","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":218409},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4288
    Entropy (8bit):5.2351679128812485
    Encrypted:false
    SSDEEP:96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+b/scNqARQeNJJRZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+b0c3
    MD5:7CB4284703C620C8CF9100A6CB9DFF79
    SHA1:8B5EB1A343A09E4305EBA7D6EE620CFFD0A24DBF
    SHA-256:26554E29EF4F9FDFCC22E75DE66F4E4DA64D9E017FF3A65310101BC120A5FE35
    SHA-512:EAFA29ED54B850752B5B92C0694D57C454B13BC3C2728691984407E9C33D0ED2B7D0DFFE52943AF02845CC7F249199980982313947A27B5B8035BE28611322FB
    Malicious:false
    Reputation:low
    Preview:*...#................version.1..namespace-8..|o................next-map-id.1.Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/.0...dr................next-map-id.2.Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.2.$..o................next-map-id.4.Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/.3+...^...............Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/....^...............Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/T.3.a...............Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.U..a...............Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.$..o................next-map-id.5.Pnamespace-c66013b9_73b6_4b3f_b279_
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):323
    Entropy (8bit):5.183373499384324
    Encrypted:false
    SSDEEP:6:hxH0FEwQWM+q2PCHhJ2nKuAl9OmbzNMxIFUt8yxHtSG1Zmw+yxH+NAQWMVkwOCHS:YFEN+vBHAa8jFUt8G1/+V9V56HAa84J
    MD5:733ED71EEAE468D8BBEA82157E20C9E6
    SHA1:63BC57C8F173258F1B8926BBB21CA8D9FCE02552
    SHA-256:455CEE1197EAF6DE358EECEF055279690956588B99A1BA85D8A93AA33E1EA352
    SHA-512:24F4521ABF8AF266290161EE3A3241729AAFEE4CB8671B6FFFD9043FD6342C86D718B89AB36024B53DD0B35C4FBD1B09642EDAB62770AC57B669DDB87C64060B
    Malicious:false
    Reputation:low
    Preview:2024/10/23-10:59:26.221 9ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/23-10:59:26.232 9ac Recovering log #3.2024/10/23-10:59:26.239 9ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):323
    Entropy (8bit):5.183373499384324
    Encrypted:false
    SSDEEP:6:hxH0FEwQWM+q2PCHhJ2nKuAl9OmbzNMxIFUt8yxHtSG1Zmw+yxH+NAQWMVkwOCHS:YFEN+vBHAa8jFUt8G1/+V9V56HAa84J
    MD5:733ED71EEAE468D8BBEA82157E20C9E6
    SHA1:63BC57C8F173258F1B8926BBB21CA8D9FCE02552
    SHA-256:455CEE1197EAF6DE358EECEF055279690956588B99A1BA85D8A93AA33E1EA352
    SHA-512:24F4521ABF8AF266290161EE3A3241729AAFEE4CB8671B6FFFD9043FD6342C86D718B89AB36024B53DD0B35C4FBD1B09642EDAB62770AC57B669DDB87C64060B
    Malicious:false
    Reputation:low
    Preview:2024/10/23-10:59:26.221 9ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/23-10:59:26.232 9ac Recovering log #3.2024/10/23-10:59:26.239 9ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
    Category:dropped
    Size (bytes):65110
    Entropy (8bit):2.7684059563908505
    Encrypted:false
    SSDEEP:384:Nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn3:gk8e
    MD5:6830DA816ADBCDDA72A1704E74577E22
    SHA1:D247C7780725B054D4E548D8FF8237F81048F236
    SHA-256:DC2C0543F37EAAEE07345608D17CF359F7660A7E2BEFD40E1D5B1ABAEE1744CF
    SHA-512:632347F8808BACE98881F2E711ED98994EAC3FCB3D97B039BD92BAC386A01DE68C477AD860322E56D694107B1AE639D51748152967AE4B31B92F7074240D8C1E
    Malicious:false
    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1391
    Entropy (8bit):7.705940075877404
    Encrypted:false
    SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
    Malicious:false
    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
    Category:dropped
    Size (bytes):71954
    Entropy (8bit):7.996617769952133
    Encrypted:true
    SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
    Malicious:false
    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):192
    Entropy (8bit):2.721199734775717
    Encrypted:false
    SSDEEP:3:kkFkldlkfllXlE/HT8kG7l1NNX8RolJuRdxLlGB9lQRYwpDdt:kK+T8Rl7NMa8RdWBwRd
    MD5:14F31DD822FFE02438E06767E1E37E70
    SHA1:AA148E33A34D8FDFA8FCC56E3D71B504E1C0E637
    SHA-256:355708E83CA92B3B1231735B7AC7850D43164C7B35ABD55DF843F11D185380E9
    SHA-512:AB070C6246F02109899A8AE23D8FFB69744CEF29C7833D6FF60D6F4F6B4257A6F180DCE0C8A1394395E312D4137E4306999CC760FAC518CE677C1AB1FACE6C06
    Malicious:false
    Preview:p...... .........I./\%..(....................................................... ..........W....q...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:modified
    Size (bytes):328
    Entropy (8bit):3.150184159866505
    Encrypted:false
    SSDEEP:6:kKibElD9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:KElaDnLNkPlE99SNxAhUe/3
    MD5:B0252E6376EFFDB5DF9FFD47B3A94026
    SHA1:D028C6396EFE52DBCC9A5E11C8121ADB93A1A07E
    SHA-256:73B32CC8741F5D567E1865610F8B8303B8E70EE44261F426C60812F1CED7375F
    SHA-512:F43F2608131C91544AE8383F216AE7EFA3849346EFCCE38D881925C6C76A5AA6B36E3600B282372F385CEC6C5C69F7351EE3C4D133FDFA5A5705103F01CCB990
    Malicious:false
    Preview:p...... ...........A\%..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2145
    Entropy (8bit):5.070681568267094
    Encrypted:false
    SSDEEP:48:Y+o+eHIYH8TFSGTFXwiTFgCTF3bTFDL0ToT3UTpNMaTN:MhoJLWNMu
    MD5:C82160A988F9866A36977AF9EF537118
    SHA1:A3DA50F286C692C7BDAFA99832634662E9ABB0C7
    SHA-256:7061AB003CAC4FB977648AA2D5BB5D465596946753D20B9755A165E7657F7E5C
    SHA-512:4891A1360A2EF666D0C67D2BF3C757D0C642713C5712BB83E64711E4314594FF87BB4A11767E5245BEABD392E2F5288D04052DF00F8EDA96B3393C6D22932C6A
    Malicious:false
    Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1729695569000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1f627a0ebb1619d115b1670685dc36d6","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696494934000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"1a6c845034c91b8f895804fd80befd78","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696494933000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"27da5dddbe5bafa6951ba0799b63a0fa","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696494928000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"52e4d71a3bec9e300fc55dce48c3c732","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1696493920000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c5e64480adba3de9b9cf370b71aefd47","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696493920000},{"id":"Edit_InApp_Aug2020","info":{"dg":"8b26a75f
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):1.3174154836285463
    Encrypted:false
    SSDEEP:48:TGufl2GL7ms9WR1CPmPbPahhRgypilI/RG:lNVms9WfMwbPahhe04
    MD5:3E83A26DBE335AB4748BC392BF10E548
    SHA1:1FE4257A55AE5991937A28558C6AC92C2958DD40
    SHA-256:B349153A7FCC7E469785DFDDF8CB9F9EBF5811DBFA58C9BCEC9F62C9688003CC
    SHA-512:49DF737CF149734C874EB760DB1B1F3EE348DEB4349FDDD0FFD0D3CAB403ED295AC6E3986FEEC4EE6458B45E15F364A63F046C12A293E226B363D8DB39CFA4F0
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.7802393409644173
    Encrypted:false
    SSDEEP:48:7MjWR1CPmPbPahhRlypilIGnqFl2GL7mse:7WWfMwbPahhHDKVmse
    MD5:97160677ABA6F7BAE036FA918208AEE8
    SHA1:0D31E32253DE34EB811344A908EBC971836F1D07
    SHA-256:A2AB1B9139889251C98E03BD22DB5A658078270B72D62C506E4BAE9C133859EA
    SHA-512:D34CEF730DA2FB06922D0F8807812B019C4F0A9E6850257599C1C6B2321EB88754C7332D1D9E09827E5E3FA2470374BC3ED83C9B9FDDC4CD1C512B44C9E22CD9
    Malicious:false
    Preview:.... .c.......-+..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.p.p.p.p.p.p.p.p.p.p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.524398495091119
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlQqdNGflH:Qw946cPbiOxDlbYnuRKDlWflH
    MD5:AFBE13FAAA72D4C3EB18B1DC4A2BDE3A
    SHA1:6E6D84305EAE199B999222E8E82DEE0F202155CD
    SHA-256:A3CCBCCB6280F0CB95257A2B33F6ABE80274F4010F7DE4D4366462B884B17A08
    SHA-512:1F3813DABD3223E0B2BDDB9416CAF74C0CD23EBCF3C9D573119651C6C2C6E0EEEB6EB4D250EBBA2D4EB61425B50E35B4FA7C4E661A2591F4B34C1CC37F61140B
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.1.0./.2.0.2.4. . .1.0.:.5.9.:.3.2. .=.=.=.....
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PDF document, version 1.6, 0 pages
    Category:dropped
    Size (bytes):358
    Entropy (8bit):5.046396782078796
    Encrypted:false
    SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOM7RI6lp7RI6PLCSyAAO:IngVMre9T0HQIDmy9g06JX266l166zlX
    MD5:CB5E385A02659521B99B903CAC97758C
    SHA1:1E27D5562FAD16974F93D72B5866E17870EC6014
    SHA-256:11B146C855E4A27A7B8A55881E0B9BA22A98515758C88512BF39B2F117138073
    SHA-512:C0045ED87960DBFBBDE6A1D2AC5902FA3EE075DEB5E125338885ED633FB55E7B7476320F92351441CD8547BEF17EF63684CC6BCC7B248F8AAC592EE9325BB360
    Malicious:false
    Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<D03849BC0785BA458447E3008F5EA92F><D03849BC0785BA458447E3008F5EA92F>]>>..startxref..127..%%EOF..
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.33860678500249
    Encrypted:false
    SSDEEP:384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B
    MD5:C3FEDB046D1699616E22C50131AAF109
    SHA1:C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D
    SHA-256:EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD
    SHA-512:845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185
    Malicious:false
    Preview:SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:080+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig:
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):15114
    Entropy (8bit):5.365423860050838
    Encrypted:false
    SSDEEP:384:RlJwJJkk+gfPeAE6gYcK53GOtuU9q6Qb48w8Ozji64xIOHnCiphjYrYBEHtoF3P8:ANV
    MD5:695A2DAB1474D321C7D9843C4B6AC1CF
    SHA1:6E626E1571BBE00BCFA7AA71CD5153D100F06C43
    SHA-256:61F0004362AB380C2F1B6C65E31D4450D668AB191C9F5DDED22E6A394D11AA45
    SHA-512:B3BB82C665C9AAB30C0A3F229E869C1B1BECADEBA54282FD3C18BBD7FDA4943FBE19265284716F7B6DB541DF4FC862C2C46E38EDE4872D5FEB83EC982D3D9371
    Malicious:false
    Preview:SessionID=9e16d298-e14b-478f-913b-a842e736c57d.1729695568269 Timestamp=2024-10-23T10:59:28:269-0400 ThreadID=2852 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9e16d298-e14b-478f-913b-a842e736c57d.1729695568269 Timestamp=2024-10-23T10:59:28:270-0400 ThreadID=2852 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9e16d298-e14b-478f-913b-a842e736c57d.1729695568269 Timestamp=2024-10-23T10:59:28:270-0400 ThreadID=2852 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9e16d298-e14b-478f-913b-a842e736c57d.1729695568269 Timestamp=2024-10-23T10:59:28:270-0400 ThreadID=2852 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9e16d298-e14b-478f-913b-a842e736c57d.1729695568269 Timestamp=2024-10-23T10:59:28:270-0400 ThreadID=2852 Component=ngl-lib_NglAppLib Description="SetConf
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.409689429115358
    Encrypted:false
    SSDEEP:192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cbWcboII6cbx:ceo4+rsCDIR
    MD5:248D2C9ACE71120C029BC60A0299F04D
    SHA1:C72D87787B273E0781A503D4181699319305BDCD
    SHA-256:107B81C6B939AB5D21B5F5D874D1700902DFC33F67359986219C867E07DCE94A
    SHA-512:D1E5C1860FE7E7D146DB9A81D89EB7B2AAFD31CA9515F2FA12A69EE4B37EBE6D34E9D77AD1951993B0B0BE4D47361200BF545654AD457A30A874A08576400E91
    Malicious:false
    Preview:05-10-2023 10:18:29:.---2---..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 10:18:29:.Closing File..05-10-
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
    MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
    SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
    SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
    SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru
    MD5:95F182500FC92778102336D2D5AADCC8
    SHA1:BEC510B6B3D595833AF46B04C5843B95D2A0A6C9
    SHA-256:9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
    SHA-512:D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
    File type:PDF document, version 1.4, 0 pages
    Entropy (8bit):7.801374329343838
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:INV_52974613.pdf
    File size:30'896 bytes
    MD5:bff7c19ba5e43f90784799397914dda6
    SHA1:9dfbda38773ad5d9198798dba03d405e8151c9ac
    SHA256:60d722bdd0b4adc1d475def33c5656f619523091887ef7e687f9780e4c1e7446
    SHA512:9f494ca7a198d331d30c4949be6d3b29a3815133ce335db9d534c403138eb9573251229e01066413a6149436dbac84cfdf74510a31e9753bd8324e45867ec754
    SSDEEP:768:7IxzyJiJqcFl6cxSbt9PbTaJM2+0C6F+I/6zLqQzN9:EscFrUvPOSIFs/qkN9
    TLSH:ADD2CF2A66C40C2EEDE7C73655AC78CF492D722BC9EC55C3B0364AA51D821D8F83356E
    File Content Preview:%PDF-1.4.1 0 obj.<<./Title (...I.n.v.o.i.c.e)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241022173932+02'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMas
    Icon Hash:62cc8caeb29e8ae0

    General

    Header:%PDF-1.4
    Total Entropy:7.801374
    Total Bytes:30896
    Stream Entropy:7.921323
    Stream Bytes:26696
    Entropy outside Streams:5.133080
    Bytes outside Streams:4200
    Number of EOF found:1
    Bytes after EOF:
    NameCount
    obj30
    endobj30
    stream7
    endstream7
    xref1
    trailer1
    startxref1
    /Page1
    /Encrypt0
    /ObjStm0
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Image Streams

    IDDHASHMD5Preview
    86aa2b2694d4d69b2faacd229a3077f54cd4ec67305fcae7d
    100000000000000000a21773f3f9116319e566ce2a01e2c929
    TimestampSource PortDest PortSource IPDest IP
    Oct 23, 2024 16:59:39.787404060 CEST5734753192.168.2.81.1.1.1
    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Oct 23, 2024 16:59:39.787404060 CEST192.168.2.81.1.1.10xd53aStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Oct 23, 2024 16:59:39.795830011 CEST1.1.1.1192.168.2.80xd53aNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

    Click to jump to process

    Click to jump to process

    Click to dive into process behavior distribution

    Click to jump to process

    Target ID:1
    Start time:10:59:23
    Start date:23/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\INV_52974613.pdf"
    Imagebase:0x7ff6e8200000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:2
    Start time:10:59:25
    Start date:23/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff79c940000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Target ID:4
    Start time:10:59:25
    Start date:23/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1500,i,9647658906102425964,9160439233810104032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff79c940000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    No disassembly