Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
14 PISCINA.PDF

Overview

General Information

Sample name:14 PISCINA.PDF
Analysis ID:1541116
MD5:e41f391ea667ad49e742295b5202008d
SHA1:2c38e71d25c0913093cb1b8ef88fe3357d6071e3
SHA256:d6b5ac538bed9d2385f18d6ff62696692e783915d77504012c8f6d49834a9348
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6416 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\14 PISCINA.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3052 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6528 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1728,i,17153010932264468926,8010953835632044136,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean0.winPDF@14/26@2/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 06-58-24-369.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\14 PISCINA.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1728,i,17153010932264468926,8010953835632044136,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1728,i,17153010932264468926,8010953835632044136,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 14 PISCINA.PDFInitial sample: PDF keyword /JS count = 0
Source: 14 PISCINA.PDFInitial sample: PDF keyword /JavaScript count = 0
Source: 14 PISCINA.PDFInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541116 Sample: 14 PISCINA.PDF Startdate: 24/10/2024 Architecture: WINDOWS Score: 0 13 x1.i.lencr.org 2->13 7 Acrobat.exe 18 64 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
s-part-0044.t-0009.fb-t-msedge.net
13.107.253.72
truefalse
    		unknown
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      No contacted IP infos

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1541116
      Start date and time:2024-10-24 12:57:22 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 13s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowspdfcookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:11
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:14 PISCINA.PDF
      Detection:CLEAN
      Classification:clean0.winPDF@14/26@2/0
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 0
      • Number of non-executed functions: 0
      Cookbook Comments:
      • Found application associated with file extension: .PDF
      • Found PDF document
      • Close Viewer

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.202.204.11, 23.22.254.206, 54.227.187.23, 52.5.13.197, 162.159.61.3, 172.64.41.3, 2.19.126.143, 2.19.126.149, 2.23.197.184, 88.221.168.141
      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, client.wns.windows.com, azurefd-t-fb-prod.trafficmanager.net, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, azureedge-t-prod.trafficmanager.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
      • VT rate limit hit for: 14 PISCINA.PDF

      Simulations

      Behavior and APIs

      TimeTypeDescription
      06:58:35API Interceptor1x Sleep call for process: AcroCEF.exe modified

      LLM Input / Output

      InputOutput
      URL: PDF document Model: claude-3-haiku-20240307
      ```json
{
  "contains_trigger_text": false,
  "trigger_text": "unknown",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
      URL: PDF document Model: claude-3-haiku-20240307
      ```json
{
  "brands": [
    "GABRIELA HOTEL"
  ]
}

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      s-part-0044.t-0009.fb-t-msedge.nethttps://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
      • 13.107.253.72
      SecuriteInfo.com.W32.MSIL_Kryptik.KMZ.gen.Eldorado.27390.3879.exeGet hashmaliciousRemcosBrowse
      • 13.107.253.72
      https://t.co/JJxL0428u4Get hashmaliciousUnknownBrowse
      • 13.107.253.72
      https://app.pandadoc.com/document/v2?token=69b8ae0059c2551a9a27ed1b65653c1a0b5ee1ffGet hashmaliciousUnknownBrowse
      • 13.107.253.72
      https://1drv.ms/o/c/fca0349b9dac3054/Egg4xW-gVZtFnFIBDYLqn3IBzvGvLdCTacUKBwENWO33dQ?e=nEqWJiGet hashmaliciousUnknownBrowse
      • 13.107.253.72
      https://msftexperience.qualtrics.com/jfe/form/SV_b1PzoUF1L5qlw1g?Q_DL=Lzn5LkBOak79ueP_b1PzoUF1L5qlw1g_CGC_Xg3gxZQzDMyhGCO&Q_CHL=email&Q_PopulateResponse=%7B%22QID1%22:%221%22%7D&Q_PopulateValidate=1Get hashmaliciousUnknownBrowse
      • 13.107.253.72
      Distribuciones Enelca Ja#U00e9n, S.L. PEDIDO 456799.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
      • 13.107.253.72
      https://email.email.pandadoc.net/c/eJxUkE9r4zwQxj-NdUuQR5ItHXQobfwG3rLQsmHbXspIGjeqE8m1FYfm0y-B7f65DcP8ht_zBOsa4XrNQvanI6XyGoPN-f7_7ilGN8iYdk8Pn-dxt_vOyNYtmMZwDpztLRpXK45GaGy9C943vK2NJgTDG-WQRQscZM1B1AJaztfS904pGYLuOTQtVZLTEeNhPWIKGLJfJyoszq9lQk_oDmTLdCJ2sPtSxrkSNxV0FXQ4jn8Qn48VdF_6FXQLVKIreaBUiTvSzgiJNQeJqLDhSoJpBAanJYFWrZO1kb6uRMdSLrGPHkvM6VqDaxuBBtpVCyBWEkW9wkbTCsko1-galQ4sT2-Y4uU39N85y5jEfDMn83C50P6beDlv2WTDe040V5K702Ggj9NhvKqziZY4_2J_iM3H6W67XV7Uop9j2dyq0D-yYr_S_TWuCk5v9M9mvl4sFtg5T8M8oqfrU_W4od1nvwdHIdy798HfDs_6ZwAAAP__1K2kLgGet hashmaliciousUnknownBrowse
      • 13.107.253.72
      69-33-600 Kreiselkammer ER3.vbsGet hashmaliciousGuLoader, Snake KeyloggerBrowse
      • 13.107.253.72
      7y29L6liwm.dllGet hashmaliciousStrela StealerBrowse
      • 13.107.253.72

      ASNs

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context

      Created / dropped Files

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):298
      Entropy (8bit):5.198289858323675
      Encrypted:false
      SSDEEP:6:+oobulq2PN72nKuAl9OmbnIFUt8toobMLT9Zmw+toobMLTPkwON72nKuAl9Ombjd:lo6lvVaHAahFUt8+oE5/++oET5OaHAae
      MD5:B8C7A86D0FE7B303412E72E9ECCB6344
      SHA1:02F7A01741A50801C41DFC8EE4F1A6DA4C5CF3E2
      SHA-256:0F687D4071B680E9D9DF7A8F327BB39CDF4A075BEA0031F6B17ABD35B4E45311
      SHA-512:A7721D2AB8CEDECD6403A383B6AB0F1FE94AF81BE595DE3271F2745ADD2AE21886275AE37763EC98E2F5D2BCF97B411DCA64F8E2EB4130866F16150BDF5DD8DC
      Malicious:false
      Reputation:low
      Preview:2024/10/24-06:58:22.244 1764 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/24-06:58:22.247 1764 Recovering log #3.2024/10/24-06:58:22.247 1764 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):298
      Entropy (8bit):5.198289858323675
      Encrypted:false
      SSDEEP:6:+oobulq2PN72nKuAl9OmbnIFUt8toobMLT9Zmw+toobMLTPkwON72nKuAl9Ombjd:lo6lvVaHAahFUt8+oE5/++oET5OaHAae
      MD5:B8C7A86D0FE7B303412E72E9ECCB6344
      SHA1:02F7A01741A50801C41DFC8EE4F1A6DA4C5CF3E2
      SHA-256:0F687D4071B680E9D9DF7A8F327BB39CDF4A075BEA0031F6B17ABD35B4E45311
      SHA-512:A7721D2AB8CEDECD6403A383B6AB0F1FE94AF81BE595DE3271F2745ADD2AE21886275AE37763EC98E2F5D2BCF97B411DCA64F8E2EB4130866F16150BDF5DD8DC
      Malicious:false
      Reputation:low
      Preview:2024/10/24-06:58:22.244 1764 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/24-06:58:22.247 1764 Recovering log #3.2024/10/24-06:58:22.247 1764 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):342
      Entropy (8bit):5.189391761844949
      Encrypted:false
      SSDEEP:6:+oobBTyq2PN72nKuAl9Ombzo2jMGIFUt8toobn/1Zmw+toobf6RjRkwON72nKuAv:losvVaHAa8uFUt8+or1/++o2F5OaHAaU
      MD5:48B0EF6B63D038EBC643F36093DD9DBC
      SHA1:4B1FD2641780F4836ED58F3CD994F2B5A6585028
      SHA-256:9B9A24F3E9A98E3487E945A5449A325486295CD37422D086EBF20FFFD6470334
      SHA-512:0C3C92138090123F9B26682A27C225D8E38CF1BE49AF3769008D9BE55298080E8D764311039A7F939DCB0ED899530763C66A4593C33B51EDB3DAEDF08F78B946
      Malicious:false
      Reputation:low
      Preview:2024/10/24-06:58:22.647 19e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/24-06:58:22.650 19e4 Recovering log #3.2024/10/24-06:58:22.651 19e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):342
      Entropy (8bit):5.189391761844949
      Encrypted:false
      SSDEEP:6:+oobBTyq2PN72nKuAl9Ombzo2jMGIFUt8toobn/1Zmw+toobf6RjRkwON72nKuAv:losvVaHAa8uFUt8+or1/++o2F5OaHAaU
      MD5:48B0EF6B63D038EBC643F36093DD9DBC
      SHA1:4B1FD2641780F4836ED58F3CD994F2B5A6585028
      SHA-256:9B9A24F3E9A98E3487E945A5449A325486295CD37422D086EBF20FFFD6470334
      SHA-512:0C3C92138090123F9B26682A27C225D8E38CF1BE49AF3769008D9BE55298080E8D764311039A7F939DCB0ED899530763C66A4593C33B51EDB3DAEDF08F78B946
      Malicious:false
      Reputation:low
      Preview:2024/10/24-06:58:22.647 19e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/24-06:58:22.650 19e4 Recovering log #3.2024/10/24-06:58:22.651 19e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\16f4845f-d67d-44c4-b5dd-b1a1052320f8.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:modified
      Size (bytes):475
      Entropy (8bit):4.975824910517686
      Encrypted:false
      SSDEEP:12:YH/um3RA8sqRsBdOg2HpWcaq3QYiubcP7E4T3y:Y2sRdsXdMHpp3QYhbA7nby
      MD5:FE5FF47976ACD94CF026962C1E9A23F4
      SHA1:939EEEBBCF95B71AB344F0060E921FE86997F5A8
      SHA-256:7C1D331D2DB05A1B5AFEF459999609F38E7F595F3E417F589973F6E2687DFAF8
      SHA-512:89C9C5FD45B6D0E946A172CAA2F586BCDB5FC655AAF280C21A9909AD745320E99D5427F581DE2A863E26E241BC4B272D279750337F2555E1079E8047CABD4FAE
      Malicious:false
      Reputation:low
      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374327508787020","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":236928},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):475
      Entropy (8bit):4.975824910517686
      Encrypted:false
      SSDEEP:12:YH/um3RA8sqRsBdOg2HpWcaq3QYiubcP7E4T3y:Y2sRdsXdMHpp3QYhbA7nby
      MD5:FE5FF47976ACD94CF026962C1E9A23F4
      SHA1:939EEEBBCF95B71AB344F0060E921FE86997F5A8
      SHA-256:7C1D331D2DB05A1B5AFEF459999609F38E7F595F3E417F589973F6E2687DFAF8
      SHA-512:89C9C5FD45B6D0E946A172CAA2F586BCDB5FC655AAF280C21A9909AD745320E99D5427F581DE2A863E26E241BC4B272D279750337F2555E1079E8047CABD4FAE
      Malicious:false
      Reputation:low
      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374327508787020","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":236928},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):5859
      Entropy (8bit):5.244664781069962
      Encrypted:false
      SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7ImzEZ:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhi
      MD5:C1905CCE726ED5970521AFA798A01761
      SHA1:713E2E33041B3D911E0380F1DC5035CE87FD08F9
      SHA-256:7E53EFDFA1810389851DE6DC0C845F54BEA243FCCA2C61096AD30974DE5FF798
      SHA-512:5F2E2B61ABE6BBF619F2E77C1B097F1A3E8D0546BB87D684D91BA43787AA0B65C345A31CCBF1CC1A3D77D89767078A65F5E8178351BF75BCB582C12D05DECDA2
      Malicious:false
      Reputation:low
      Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):330
      Entropy (8bit):5.197358377065766
      Encrypted:false
      SSDEEP:6:+oo7yq2PN72nKuAl9OmbzNMxIFUt8too7Fuz1Zmw+too3MjlRkwON72nKuAl9Omk:loGvVaHAa8jFUt8+okz1/++oAz5OaHAo
      MD5:076BEE367FC5A4C18DC143EDE755D3AB
      SHA1:027FE144A5A0434E7ED1A853D9ABC41B69B3F334
      SHA-256:B4140FAB9BFAD7EED287C429CA3E5F345C36625E0C9B5A5426407D8910303924
      SHA-512:9ADE5777E881E3229AD8C9245B97002927E26D5B3F87537AD77EEBFE55D653282D185D61676B2242A1F398B81682C945525958786C4F38855CC5EACA0E5CD339
      Malicious:false
      Reputation:low
      Preview:2024/10/24-06:58:23.208 19e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/24-06:58:23.274 19e4 Recovering log #3.2024/10/24-06:58:23.296 19e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):330
      Entropy (8bit):5.197358377065766
      Encrypted:false
      SSDEEP:6:+oo7yq2PN72nKuAl9OmbzNMxIFUt8too7Fuz1Zmw+too3MjlRkwON72nKuAl9Omk:loGvVaHAa8jFUt8+okz1/++oAz5OaHAo
      MD5:076BEE367FC5A4C18DC143EDE755D3AB
      SHA1:027FE144A5A0434E7ED1A853D9ABC41B69B3F334
      SHA-256:B4140FAB9BFAD7EED287C429CA3E5F345C36625E0C9B5A5426407D8910303924
      SHA-512:9ADE5777E881E3229AD8C9245B97002927E26D5B3F87537AD77EEBFE55D653282D185D61676B2242A1F398B81682C945525958786C4F38855CC5EACA0E5CD339
      Malicious:false
      Reputation:low
      Preview:2024/10/24-06:58:23.208 19e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/24-06:58:23.274 19e4 Recovering log #3.2024/10/24-06:58:23.296 19e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024105826Z-177.bmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PC bitmap, Windows 3.x format, 164 x -115 x 32, cbSize 75494, bits offset 54
      Category:dropped
      Size (bytes):75494
      Entropy (8bit):2.536696600099626
      Encrypted:false
      SSDEEP:96:2MQPmAc23j1RXmNNyLNrftt29C0qAG+mkhHAtAhl:4TLsNINy96AG+my
      MD5:942F418EC48AA3B4CCED0F23D8408CAF
      SHA1:7A76C971B93C8CD02EE97B2B7B34EAB9C8ADD8D8
      SHA-256:91626F3EA3440237035C4ED09F25238949C992364B8B96193B371CBF2B7CCD4D
      SHA-512:A18331BF01708B629D474BD948E617D3F0DF8330AC16A67A90F01C5F9CB610D705E763734F74EDD356DB761E257035B707A829CDF6C9F3F0EE21478AFF614DFE
      Malicious:false
      Preview:BM.&......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
      Category:dropped
      Size (bytes):86016
      Entropy (8bit):4.445171950421685
      Encrypted:false
      SSDEEP:384:ye6ci5tRiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mis3OazzU89UTTgUL
      MD5:3F3F314A49DE147F289A7BA4296842FA
      SHA1:0C4E4F1A070F5205C6D6AD52C450C2119EF54D69
      SHA-256:F33A8A306F46338707B4FB9034659113510BDDA817DB917A1AECE95661800B0B
      SHA-512:E4E61CFF71E64D127B23D212D1CE330BE6EAE63AEE9B6CA5C8F2CCA84F2AC42A56697BA82CF1CBCED4CFDE421F34BFCCD8B337E84C02C256510970FA148BC2F6
      Malicious:false
      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):8720
      Entropy (8bit):3.768824859452007
      Encrypted:false
      SSDEEP:48:7MrJioyVxfioy08oy1C7oy16oy1iaKOioy1noy1AYoy1Wioy1oioykioyBoy1noL:70JupvGXjBi+b9IVXEBodRBk3
      MD5:CB2164CD4DEF4B437AE22C4F0A2CB0F1
      SHA1:4DC817ED6352B13E5C9E4007D919281721F8A620
      SHA-256:2D7E4F402350B51A69EF62D56ADBD3EB70DDEE65D7A1D9A66440E00B592830F5
      SHA-512:3AA37FF2265DFC36EFD7842D53C8AFD4778402AD998CA2691BD5D49A1454A3786DD0FB090E0098138E08AA39B07B71C72D8D81079735D9E80F588677861601B0
      Malicious:false
      Preview:.... .c......G.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Certificate, Version=3
      Category:dropped
      Size (bytes):1391
      Entropy (8bit):7.705940075877404
      Encrypted:false
      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
      Malicious:false
      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):192
      Entropy (8bit):2.7209817973800585
      Encrypted:false
      SSDEEP:3:kkFkls5KtfllXlE/HT8kkF/zltNNX8RolJuRdxLlGB9lQRYwpDdt:kK1ceT8ZNMa8RdWBwRd
      MD5:D176500D99E40F80A0686D5063BE661D
      SHA1:BB1AAEBE01BA4305F1CCFF377A0E9509DE116513
      SHA-256:69DDD4DA0FD3A7C6AA260C4558D3B58F1DE6A3F3D01755DF5E95B7BE3AD83F39
      SHA-512:EB12CD91F82DCE0BB0013666A86688D8D5C3775B0836E9C037EBF6F0FC6EFB2A47369AB31C93C5A6A62BF5D8FC73C418541C0B3BF7CB762641F307F421F03D9F
      Malicious:false
      Preview:p...... .........4:..&..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):4
      Entropy (8bit):0.8112781244591328
      Encrypted:false
      SSDEEP:3:e:e
      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
      Malicious:false
      Preview:....

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):2145
      Entropy (8bit):5.072803565191731
      Encrypted:false
      SSDEEP:48:Y4/pOrY21a4hbtC3dci5WXjJ0vS/PbMa7:eB0tWTJDnbMo
      MD5:CC73BFAF945D3F53FE662D02236F7D5E
      SHA1:6220727D9BE05A22FA7E80441363E2FBB7C5C396
      SHA-256:E6EBFABA7C48D1A316D7986F729A4B6EC44D0CC4A899C5449A1B1AC721E545A5
      SHA-512:192C80BC8E6A9A468C0BDEE48F757CEFBC8A45D31688B72E5692EC16E9702670369B69F75A5CDF3EB658330F1A92FC2C2453E94F39188991CC0D7B5CF7943438
      Malicious:false
      Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1729767505000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"380dd703fc581680761b4186c45e2d38","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696488387000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"35166e54b6efd9393ba2006ee9cc09b6","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696488385000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"f776fac6300c02bf0731dc513183b5e8","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696488373000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"78cf3d8961acebfb4fcfb54de4ad804c","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696486847000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"4bd607a1e654cbca833e725de7ae4339","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696486847000},{"id":"DC_Reader_Edit_LHP_Banner"

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
      Category:dropped
      Size (bytes):12288
      Entropy (8bit):1.1455261735191005
      Encrypted:false
      SSDEEP:24:TLhx/XYKQvGJF7ursBRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHY:TFl2GL7mstXc+XcGNFlRYIX2v3kY
      MD5:68F36D37BC27186A7C125F13DBA43BFC
      SHA1:92F97832E8BF4FACB2EC01EB6DD5574B156458A0
      SHA-256:31B18B3C099208F63B56E8ED9EA2080913E99C1CE434C762FA35354E5EA6C82A
      SHA-512:FFBB2F93927972B33197772C58519A6965B9CA0508A268997881D77AA00DD758C505FF0D7867E2E5301E418854B39D6DE45AFAF3963CBC9347B0BB9B5EB377C9
      Malicious:false
      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):8720
      Entropy (8bit):1.5517381550798377
      Encrypted:false
      SSDEEP:24:7+tSUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLux7qLxx/XYKQq:7M7Xc+XcGNFlRYIX2vyqVl2GL7msV
      MD5:FE4071EC9FB00E74B7133AFCE29D7C21
      SHA1:77B57CA1BE1A7C4675FF8D7F8636F850013F196F
      SHA-256:318E13608954A16F9C551AE63D33CDBE46359A3742C6766047300E2DBC6EA060
      SHA-512:65C78EBCF4F48B6DAA0EB192FBD12E66A8184B01CAB8AC341F62A68773DFB0297AE8B43FFADA89407BCBDD3E2502D5EAB0B91688BD21A4DFE2354D06412056BA
      Malicious:false
      Preview:.... .c..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Temp\MSI61d49.LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
      Category:dropped
      Size (bytes):246
      Entropy (8bit):3.537590009309966
      Encrypted:false
      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cjzKw:Qw946cPbiOxDlbYnuRKHv
      MD5:397C5790C47AC8F3D18E0773CDC30904
      SHA1:DE1FDA50894E117CA91ADFAF991ED99D7BEFE8C8
      SHA-256:400DD9877769C05CDA8FEC482BD618128D68CFAAE9FA97B19D084B0AA5C3FEED
      SHA-512:9499EBAD149BA89E6C9C7669AE89963A507502F20A8642A627792B91EB8434200B7D60BB9A0C8E0758BC124E738A8BFB0FCBB9501F2DF5DDC8F8BE03BC2915E9
      Malicious:false
      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.1.0./.2.0.2.4. . .0.6.:.5.8.:.2.9. .=.=.=.....

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 06-58-24-369.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with very long lines (393)
      Category:dropped
      Size (bytes):16525
      Entropy (8bit):5.338264912747007
      Encrypted:false
      SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
      MD5:128A51060103D95314048C2F32A15C66
      SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
      SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
      SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
      Malicious:false
      Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with very long lines (393), with CRLF line terminators
      Category:dropped
      Size (bytes):15114
      Entropy (8bit):5.330436307279696
      Encrypted:false
      SSDEEP:384:EKOjmynyvO9Z7JpBrp1uHFqLTIvCxuK4xaiIj/lscKFTZ4bU+jsIO3O7i9PQXw4J:HiD
      MD5:3F83D5CD0ECFF634E2345756C34B03B3
      SHA1:4234452CAA6268ABEB1BFE5F02532F5E650EB6A0
      SHA-256:CF484FB079E45EE522DBC3966C82EF1732593B93101705574C2C3977DEE0CB1E
      SHA-512:735B05FDA675160944B47BFA879B1A7F14B8B9241C1D39A8C9FF694CE6FD7A4E16F3A3C1F8DEEA221EAF88DBD929DA11363BA37956C7BC973C323DA5A8E78338
      Malicious:false
      Preview:SessionID=04695deb-e9aa-4efd-85a0-8a6243d8ee5b.1729767504382 Timestamp=2024-10-24T06:58:24:382-0400 ThreadID=2836 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=04695deb-e9aa-4efd-85a0-8a6243d8ee5b.1729767504382 Timestamp=2024-10-24T06:58:24:384-0400 ThreadID=2836 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=04695deb-e9aa-4efd-85a0-8a6243d8ee5b.1729767504382 Timestamp=2024-10-24T06:58:24:384-0400 ThreadID=2836 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=04695deb-e9aa-4efd-85a0-8a6243d8ee5b.1729767504382 Timestamp=2024-10-24T06:58:24:384-0400 ThreadID=2836 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=04695deb-e9aa-4efd-85a0-8a6243d8ee5b.1729767504382 Timestamp=2024-10-24T06:58:24:384-0400 ThreadID=2836 Component=ngl-lib_NglAppLib Description="SetConf

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):29752
      Entropy (8bit):5.395149739403739
      Encrypted:false
      SSDEEP:768:FcZD55F6Zc5Iw3SDIBSDR4pqdFlJULUS9qMUl7pH1gj6I+/9qgEA:FcO
      MD5:DCA1B18B5DB10365E4F5F17573D3C991
      SHA1:0171756513D2DD0A4392C40B062D120B37A9CB3E
      SHA-256:1A4CB0FB2D750FBC7B41979BD78626F639088074251D2BE0D84AFA2C3C5E8A70
      SHA-512:70A2B508F7D95C45C68D761CF2D0EB40CC4CDBF298E8152ABACB8FF8E7EA41E5D28C37900AA76D8F26DFAE085B2CB2B25BDABC1C8D15FD7EBA77C0A1ADECBF15
      Malicious:false
      Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

      C:\Users\user\AppData\Local\Temp\acrocef_low\8e8c006f-22ea-4b9b-a450-beef77cc2c1a.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
      Category:dropped
      Size (bytes):1419751
      Entropy (8bit):7.976496077007677
      Encrypted:false
      SSDEEP:24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
      MD5:CA6B0D9F8DDC295DACE8157B69CA7CF6
      SHA1:6299B4A49AB28786E7BF75E1481D8011E6022AF4
      SHA-256:A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
      SHA-512:9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
      Malicious:false
      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

      C:\Users\user\AppData\Local\Temp\acrocef_low\b8feadb5-d2e9-412b-a7aa-3865b0fa8cd9.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
      Category:dropped
      Size (bytes):1407294
      Entropy (8bit):7.97605879016224
      Encrypted:false
      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
      Malicious:false
      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

      C:\Users\user\AppData\Local\Temp\acrocef_low\c5b5009c-14fd-4256-b286-58d32e8675cc.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
      Category:dropped
      Size (bytes):758601
      Entropy (8bit):7.98639316555857
      Encrypted:false
      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
      MD5:3A49135134665364308390AC398006F1
      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
      Malicious:false
      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

      C:\Users\user\AppData\Local\Temp\acrocef_low\ce6382d2-051b-4a69-86c0-9a2946f9264e.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
      Category:dropped
      Size (bytes):386528
      Entropy (8bit):7.9736851559892425
      Encrypted:false
      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
      MD5:5C48B0AD2FEF800949466AE872E1F1E2
      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
      Malicious:false
      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

      Static File Info

      General

      File type:PDF document, version 1.5
      Entropy (8bit):7.99071229868914
      TrID:
      • Adobe Portable Document Format (5005/1) 100.00%
      File name:14 PISCINA.PDF
      File size:269'159 bytes
      MD5:e41f391ea667ad49e742295b5202008d
      SHA1:2c38e71d25c0913093cb1b8ef88fe3357d6071e3
      SHA256:d6b5ac538bed9d2385f18d6ff62696692e783915d77504012c8f6d49834a9348
      SHA512:066f06efa6442d144009662b08cc6cd56bd2bd9414c54f85f67c9f53928c5e1a3ff6bf1dcc939933234d7682aa307a79a50ec8d51808eededece718b8dde4ae3
      SSDEEP:6144:2KXUe+YBIzBrZYdnLTPut34phZA0DOFR/fX9xQ:2Y1IzBULbutz0yR38
      TLSH:5544129F57B7A903AE767E20775045365DCF086C2E032B1671ED23038D39B2A7B8819B
      File Content Preview:%PDF-1.5.%......1 0 obj.<</Author ()/CreationDate (D:20240926081056Z00'00')/Creator (ARCHICAD \(GSPublisherVersion: 0.0.100.94\))/Keywords ()/ModDate (D:20240926081056Z00'00')/Producer (PDFTron PDFNet, V6.40292\n)/Title ()>>.endobj.2 0 obj.<</GSConverterD

      File Icon

      Icon Hash:62cc8caeb29e8ae0

      Static PDF Info

      General

      Header:%PDF-1.5
      Total Entropy:7.990712
      Total Bytes:269159
      Stream Entropy:7.990852
      Stream Bytes:266524
      Entropy outside Streams:5.565751
      Bytes outside Streams:2635
      Number of EOF found:1
      Bytes after EOF:

      Keywords Statistics

      NameCount
      obj15
      endobj15
      stream12
      endstream12
      xref0
      trailer0
      startxref1
      /Page1
      /Encrypt0
      /ObjStm2
      /URI0
      /JS0
      /JavaScript0
      /AA0
      /OpenAction0
      /AcroForm0
      /JBIG2Decode0
      /RichMedia0
      /Launch0
      /EmbeddedFile0

      Image Streams

      IDDHASHMD5Preview
      120000000000000000b4431c2cefbff5b7e6465ffc38093199

      Network Behavior

      Network Port Distribution

      UDP Packets

      TimestampSource PortDest PortSource IPDest IP
      Oct 24, 2024 12:58:35.779529095 CEST6375753192.168.2.61.1.1.1
      Oct 24, 2024 12:58:49.424340010 CEST6157653192.168.2.61.1.1.1

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Oct 24, 2024 12:58:35.779529095 CEST192.168.2.61.1.1.10xdab3Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
      Oct 24, 2024 12:58:49.424340010 CEST192.168.2.61.1.1.10x674cStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Oct 24, 2024 12:58:20.381742954 CEST1.1.1.1192.168.2.60x7491No error (0)shed.dual-low.s-part-0032.t-0009.t-msedge.netazurefd-t-fb-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
      Oct 24, 2024 12:58:20.381742954 CEST1.1.1.1192.168.2.60x7491No error (0)dual.s-part-0044.t-0009.fb-t-msedge.nets-part-0044.t-0009.fb-t-msedge.netCNAME (Canonical name)IN (0x0001)false
      Oct 24, 2024 12:58:20.381742954 CEST1.1.1.1192.168.2.60x7491No error (0)s-part-0044.t-0009.fb-t-msedge.net13.107.253.72A (IP address)IN (0x0001)false
      Oct 24, 2024 12:58:35.787954092 CEST1.1.1.1192.168.2.60xdab3No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
      Oct 24, 2024 12:58:49.516148090 CEST1.1.1.1192.168.2.60x674cNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

      Statistics

      CPU Usage

      Click to jump to process

      Memory Usage

      Click to jump to process

      High Level Behavior Distribution

      Click to dive into process behavior distribution

      Behavior

      Click to jump to process

      System Behavior

      General

      Target ID:0
      Start time:06:58:21
      Start date:24/10/2024
      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\14 PISCINA.PDF"
      Imagebase:0x7ff651090000
      File size:5'641'176 bytes
      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:2
      Start time:06:58:21
      Start date:24/10/2024
      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
      Imagebase:0x7ff70df30000
      File size:3'581'912 bytes
      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      General

      Target ID:4
      Start time:06:58:22
      Start date:24/10/2024
      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1728,i,17153010932264468926,8010953835632044136,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Imagebase:0x7ff70df30000
      File size:3'581'912 bytes
      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      Disassembly

      No disassembly