Edit tour

Windows Analysis Report
F-000687.pdf

Overview

General Information

Sample name:	F-000687.pdf
Analysis ID:	1542139
MD5:	7db0bb6e4f26570e3fde6768673d95aa
SHA1:	28f2e11a4487d7a175c2e8a9fa9fb8da56e73f94
SHA256:	fd72bba6429d89498a6bb6983637de088568092b7352f2af7cbe8797448efb4a
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 5448 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\F-000687.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 4544 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6792 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1628,i,7524813473393860247,17235938087909307302,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: classification engine

Classification label: clean0.winPDF@14/30@2/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 09-36-16-220.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\F-000687.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1628,i,7524813473393860247,17235938087909307302,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1628,i,7524813473393860247,17235938087909307302,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: F-000687.pdf	Initial sample: PDF keyword /JS count = 0
Source: F-000687.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: F-000687.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe
https://www.adobe.co	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false		unknown
x1.i.lencr.org	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	URL Reputation: safe	unknown
https://www.adobe.co	ReaderMessages.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542139
Start date and time:	2024-10-25 15:34:54 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	F-000687.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/30@2/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 34.193.227.236, 18.207.85.246, 107.22.247.231, 172.64.41.3, 162.159.61.3, 199.232.210.172, 2.16.164.91, 2.16.164.50, 2.23.197.184, 88.221.168.141
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: F-000687.pdf

Simulations

Behavior and APIs

Time	Type	Description
09:36:27	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	KaDadrn9mA.exe	Get hash	malicious	AsyncRAT	Browse	199.232.214.172
	ubBnwUNUUr.exe	Get hash	malicious	AsyncRAT	Browse	199.232.214.172
	ORDEM DE COMPRA.exe	Get hash	malicious	FormBook	Browse	199.232.210.172
	snBEoi6Tf4.exe	Get hash	malicious	AsyncRAT	Browse	199.232.210.172
	https://www.shareholds.com/eur/9fb868a2-97de-4fa6-bb9a-6e2bdc7c734d/99db7d04-72ba-41ea-a52e-2744d29c7f66/e845cf48-2115-4cda-904c-fc80c835df32/login?id=RDhIaE52RURnRGJHRWUzZ21seVc3R2xwMm5BK0k2NjNKbnlRYisvT3JURnNTa0p4Skp6OTRIVjNPa3VFclFOeEFTY2Jub0tIblFrbGo5SUhWb01RRCt4Q3FtaVlNeno4MU8zN2I3bmlveTF0Tm8yM0FOb1J4THRhM1RqNnhyazNHaDFNV3Zoc1RLN2VpV0ZZbUF2MDlWWGZ2Tk5STVpzUDVKaStnT0l0S1BVTlRzZ2lmcXI1Wkh6M1FheGd3Tjh2NVdaTzVOOTRQaVZrTmZrSjRIK3IvU1p4U2doYSsrYmtUOGl1RytpeGthUGFHT1g4UE4rbngvYnhpRXlJRG9oRVRWbUczdEc1ei9ESFJsT2lpZ2JyOFBLNTNoUXdzdVB0QjhVbmRBN1NSSUJYMTkrRnoxbENHSW5lYnJHczBnQytHaDlQSkRib1NTOFNJeTI2WVhCUkg5NGxNNzNMdzBmWktZenhCR2FnaFFaem5zU3FmbUV6WXowVFdOTEFjU3pGVnRjVlNFOHRtVlkvdk9WQjdibXBTNGZFcjUyb1BYTXRhQTRNNnJjbkJtcz0	Get hash	malicious	HTMLPhisher, Microsoft Phishing	Browse	199.232.214.172
	Instruction_1928.pdf.lnk.download.lnk	Get hash	malicious	LummaC	Browse	199.232.214.172
	Setup_179.msi	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0	Get hash	malicious	Unknown	Browse	199.232.210.172
	2811271181036830236.js	Get hash	malicious	Strela Downloader	Browse	199.232.210.172

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	300
Entropy (8bit):	5.2828693526091035
Encrypted:	false
SSDEEP:	6:/eVFUQt+q2PcNwi2nKuAl9OmbnIFUt8ieDsXZmw+ieDs3VkwOcNwi2nKuAl9Omb5:WvIvLZHAahFUt8FD4/+FDg54ZHAaSJ
MD5:	627CEB0BAEC0883C2965D418658E0CF7
SHA1:	040214C0793A54EC7C47D6DF3F9A98151F90A898
SHA-256:	6E047EEFCF6620623B28F800D3279E7371BD68F9369ABBD8ABD94AB7712AD8C0
SHA-512:	1D995F15EA94FE68D17DD5B9953BD4B57FECBA8CDE8143BFC242ED744B5F6B28392744C2C0D628C183092D6173AE26609C0518343CD083C8C852E7D81EC615CA
Malicious:	false
Reputation:	low
Preview:	2024/10/25-09:36:14.520 1698 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-09:36:14.523 1698 Recovering log #3.2024/10/25-09:36:14.523 1698 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	300
Entropy (8bit):	5.2828693526091035
Encrypted:	false
SSDEEP:	6:/eVFUQt+q2PcNwi2nKuAl9OmbnIFUt8ieDsXZmw+ieDs3VkwOcNwi2nKuAl9Omb5:WvIvLZHAahFUt8FD4/+FDg54ZHAaSJ
MD5:	627CEB0BAEC0883C2965D418658E0CF7
SHA1:	040214C0793A54EC7C47D6DF3F9A98151F90A898
SHA-256:	6E047EEFCF6620623B28F800D3279E7371BD68F9369ABBD8ABD94AB7712AD8C0
SHA-512:	1D995F15EA94FE68D17DD5B9953BD4B57FECBA8CDE8143BFC242ED744B5F6B28392744C2C0D628C183092D6173AE26609C0518343CD083C8C852E7D81EC615CA
Malicious:	false
Reputation:	low
Preview:	2024/10/25-09:36:14.520 1698 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-09:36:14.523 1698 Recovering log #3.2024/10/25-09:36:14.523 1698 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.207249530475916
Encrypted:	false
SSDEEP:	6://rSQ+q2PcNwi2nKuAl9Ombzo2jMGIFUt8iipdWZmw+iiXDQVkwOcNwi2nKuAl97:r3+vLZHAa8uFUt8tXW/+tsV54ZHAa8RJ
MD5:	087B3E5071B06D4FBF888BC3A06FE6CA
SHA1:	F120E1BC4FE81E79E665932D3A324816CDA503BC
SHA-256:	8A33B2E2A1C6EA615B3DD362D7110D86F56D3995DECA6A4E9C4220FEA7CD764E
SHA-512:	57083AB725896911F1324D63B39344A59B0129B940D9A41D7CD0F4CC74C69416BB7706A706DD3421FE3ADCF9658637FE5F7CE083B92E1575B2765E3901F0D83E
Malicious:	false
Reputation:	low
Preview:	2024/10/25-09:36:14.600 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-09:36:14.701 1c3c Recovering log #3.2024/10/25-09:36:14.703 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	344
Entropy (8bit):	5.207249530475916
Encrypted:	false
SSDEEP:	6://rSQ+q2PcNwi2nKuAl9Ombzo2jMGIFUt8iipdWZmw+iiXDQVkwOcNwi2nKuAl97:r3+vLZHAa8uFUt8tXW/+tsV54ZHAa8RJ
MD5:	087B3E5071B06D4FBF888BC3A06FE6CA
SHA1:	F120E1BC4FE81E79E665932D3A324816CDA503BC
SHA-256:	8A33B2E2A1C6EA615B3DD362D7110D86F56D3995DECA6A4E9C4220FEA7CD764E
SHA-512:	57083AB725896911F1324D63B39344A59B0129B940D9A41D7CD0F4CC74C69416BB7706A706DD3421FE3ADCF9658637FE5F7CE083B92E1575B2765E3901F0D83E
Malicious:	false
Reputation:	low
Preview:	2024/10/25-09:36:14.600 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-09:36:14.701 1c3c Recovering log #3.2024/10/25-09:36:14.703 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969814904260269
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
MD5:	7BE9C8316EB1B7252CB363207744A145
SHA1:	57861355BE6541501AED40F896891579DCF473BF
SHA-256:	B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
SHA-512:	2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF57627b.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969814904260269
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
MD5:	7BE9C8316EB1B7252CB363207744A145
SHA1:	57861355BE6541501AED40F896891579DCF473BF
SHA-256:	B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
SHA-512:	2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a6d64c38-7a05-4e90-aa84-cd6c6114a73a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.9602737064168165
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqRdhsBdOg2HU2caq3QYiubSpDyP7E4T3y:Y2sRdsA0dMHUJ3QYhbSpDa7nby
MD5:	5BE94EF8A877A93630ECEBA8213BBA2D
SHA1:	8B24919CAEFB720FB463088FE116587494F08D9B
SHA-256:	D7747A3E5638734FC7F5FB9EE8C25FF4EB631A5264F3EA56113F97B12A418417
SHA-512:	0F80C411D1F8D231C89D7892E0A45FA5DB5B86A44A6A02B447CA91319DA98EB163E4CE7736E550EED1BCF5CAB32739A44A89E563B8E3F4896BB179E256E78D37
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374423380684498","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":249882},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ca77f2d1-e7f5-4313-a334-e32b7aff2bfa.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.969814904260269
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqPsBdOg2HSOgcaq3QYiubSpDyP7E4T3y:Y2sRdsRdMHSOL3QYhbSpDa7nby
MD5:	7BE9C8316EB1B7252CB363207744A145
SHA1:	57861355BE6541501AED40F896891579DCF473BF
SHA-256:	B8F7FC35C094B26B18BB46BB695F1D520904FF063398D86C5B06FD3E20F1881D
SHA-512:	2C7A056CDC3EF05D5E62822CC0BD835FA80CD06131CB76BF559B1D06F735A279C7DCEDE51F1E3A418596573CC960BAFAA038A45966E8007F671F7B6BFFD885DB
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341052428587673","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146366},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.7","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.237061812911161
Encrypted:	false
SSDEEP:	96:CwNwpDGHqPySfkcr2smSX8I2OQCDh28wDtPxN2mUmBZ:CwNw1GHqPySfkcigoO3h28ytPxN2mUmr
MD5:	79765EDFA7CFC62AB73C418CC04AA684
SHA1:	65DBE461887C41F7544BA86B1B344F70A740A3D7
SHA-256:	3FCEC7A8794627652DDDB6CD3BC9A9639954D38AD6C16D3D4C4F7FFA04B07E65
SHA-512:	738BD17643005999F46ED51C79C26D4A23A398A4BE59BB698CD0731FB468C2A0A4B33CF52B704B8CB1627395E4B9365E807694F62D0834F9863FA0E2E4FD1CC8
Malicious:	false
Preview:	...#................version.1..namespace-.aw.o................next-map-id.1.Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.0I.$.r................next-map-id.2.Snamespace-9a9aa6d6_c307_4dda_b6c0_dc91084c8e68-https://rna-v2-resource.acrobat.com/.1!...r................next-map-id.3.Snamespace-1fbd9dc5_70a3_4975_91b4_966e0915c27a-https://rna-v2-resource.acrobat.com/.2..N.o................next-map-id.4.Pnamespace-0e0aed8d_6d6f_4be0_b28f_8e02158bc792-https://rna-resource.acrobat.com/.3.z.o................next-map-id.5.Pnamespace-52652c26_09c2_43f2_adf7_da56a1f00d32-https://rna-resource.acrobat.com/.4.{.^...............Pnamespace-aa11265e_f35e_4e5d_85db_f163e1c0f691-https://rna-resource.acrobat.com/.C..r................next-map-id.6.Snamespace-3a89c6b0_72b9_411a_9e44_fa247f34ac91-https://rna-v2-resource.acrobat.com/.5.q._r................next-map-id.7.Snamespace-02b23955_9103_42e0_ba64_3f8683969652-https://rna-v2-resource.acrobat.com/.6..d.o..............

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.205789036900478
Encrypted:	false
SSDEEP:	6:b5SQ+q2PcNwi2nKuAl9OmbzNMxIFUt80pdWZmw+FMQVkwOcNwi2nKuAl9OmbzNMT:b5+vLZHAa8jFUt8YW/+F5V54ZHAa84J
MD5:	D4FDA2023B2974410DC84CE1A0EE002F
SHA1:	B32427FB5F7409F96ACD719D201733DA2090CFB4
SHA-256:	3AE363040EA865B74F2D910ABEF3498586756A0B1261D3F2B641CD9E06962BF2
SHA-512:	1F41C34CA8C825DB9F7A25120D6D02153DF8B3CB71C79BE1A2C94EF1C40B52DD375FDE3AC23094AE5E2EF268366FC39C5F9BAD8EF07D0CC0D4476AE9BF8454B1
Malicious:	false
Preview:	2024/10/25-09:36:15.070 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-09:36:15.091 1c3c Recovering log #3.2024/10/25-09:36:15.103 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.205789036900478
Encrypted:	false
SSDEEP:	6:b5SQ+q2PcNwi2nKuAl9OmbzNMxIFUt80pdWZmw+FMQVkwOcNwi2nKuAl9OmbzNMT:b5+vLZHAa8jFUt8YW/+F5V54ZHAa84J
MD5:	D4FDA2023B2974410DC84CE1A0EE002F
SHA1:	B32427FB5F7409F96ACD719D201733DA2090CFB4
SHA-256:	3AE363040EA865B74F2D910ABEF3498586756A0B1261D3F2B641CD9E06962BF2
SHA-512:	1F41C34CA8C825DB9F7A25120D6D02153DF8B3CB71C79BE1A2C94EF1C40B52DD375FDE3AC23094AE5E2EF268366FC39C5F9BAD8EF07D0CC0D4476AE9BF8454B1
Malicious:	false
Preview:	2024/10/25-09:36:15.070 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-09:36:15.091 1c3c Recovering log #3.2024/10/25-09:36:15.103 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025133618Z-165.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.4195099593798866
Encrypted:	false
SSDEEP:	96:ThDvoeMVXugc7kzaJXuYsGfkKXKAiOqxxZal6BmAlMhN2rRp4pKVlTGG2ykhki9a:ThDvodwkyl28kAKfEVY
MD5:	B7DB2E4E736B6B81BB7A8355510457AA
SHA1:	A84B723449B0ECF5DEFD64C8DDAC8D0EE22BB5E7
SHA-256:	33B51E07703BCF6B59D7F6D54295C4B032A11FC4F299EF012536B43ACAE1A7A9
SHA-512:	6528CD17D0768C7B719E740220206C6628DD29FF6AE95B5917A4A8A7FE31EB173E283C7261792A2C96BC83237AD45D333DE913708468841248A003A93782E8EF
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.439071984416051
Encrypted:	false
SSDEEP:	384:yeaci5GciBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:1wurVgazUpUTTGt
MD5:	0F4AD3A853A22843B08CD98462EEA660
SHA1:	B4EB6B5C29971FC7EB0D647B3D30A70DF7C2FDDD
SHA-256:	43AD6409FB0A8F6343234F252870BF39039D9513D302A334782396DB592476A7
SHA-512:	62C9A35EE357199E05AE566DF8D5B25030086087633E142E6257D6058E37F0A83754A1084F973111B1037FE2B5150D67FA82A3C25EAC97EB170B9108F4A49408
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7751931001788948
Encrypted:	false
SSDEEP:	48:7Mfcp/E2ioyVNioy3DoWoy1CABoy1JKOioy1noy1AYoy1Wioy1hioybioy9oy1np:77pjuN0iAPXKQcEb9IVXEBodRBki
MD5:	C9933E1536D6838D74F71882E321CC15
SHA1:	9404C346D3311A2EC541B30508E5547834D857DC
SHA-256:	A8C24B270760F08CCB6627ABA03107E5F59B9EAA17829610196B4F947E5BB490
SHA-512:	AD756038AFF7560C3F04E913473795B291FAD7109312FEC6D239C5B7A69973DBEC5C5C9ECC96746BE3D6EE6BAF23AA29401BBCA2972CD58BC2F80825495AF068
Malicious:	false
Preview:	.... .c......!.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7569015731729736
Encrypted:	false
SSDEEP:	3:kkFklBNFDtfllXlE/HT8knGz1NNX8RolJuRdxLlGB9lQRYwpDdt:kKCDeT8uG3NMa8RdWBwRd
MD5:	FA59CC5E4888DBB5FD470E76B3FD0234
SHA1:	BB98C445FBC87195AD87D06F91C203B33673F49B
SHA-256:	110156FC30FCBC0228C53E5A3603E95A55E339934AD6576EE5AD69C8D63392B8
SHA-512:	E8B67CCB1F15E21E2B68FADF9AB5F98C75A5919EFCC00831BE61D0EBE6075DB009507B0E7A23321754C8C642F16F6740C1792CF76EBA8238E678AF16998C0E37
Malicious:	false
Preview:	p...... .........aA..&..(....................................................... ..........W.....G..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.247897867253902
Encrypted:	false
SSDEEP:	6:kK1b3/L9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:13aDImsLNkPlE99SNxAhUe/3
MD5:	F19E9E4F260CE3A5292CCC2CE7474B5C
SHA1:	21748658E656EFD4A3729C88EA8795610381CC44
SHA-256:	00DF81DD8196973E5847F2655FE0177644A224F5F3C5321CD815718FEE9DD3D9
SHA-512:	49F3C743C4F4C24FB20491070378412955FB0FA23C73DC8D00FFAD27EF8864CCE78111EDAC713426A1C5A94E65CE7FD1FBACB16ACDFD99D9AD516EDCC60D0EC5
Malicious:	false
Preview:	p...... .........F...&..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2145
Entropy (8bit):	5.082398570258171
Encrypted:	false
SSDEEP:	48:YL8YvXvwvfb7ACHaECU6akn2ZqijwiIE0O:mfif4oh612ZdXrz
MD5:	A80C712E5423E54263ED296CF86EF95C
SHA1:	31B123AE629278BCC967D93E9210C29995541CB6
SHA-256:	EB4491F44EE1AA12DE072D03FE90BBA0EB44B496C47267A221E4C39EAE3ACAFA
SHA-512:	DE581F33E091B27CA68DB6B1149F319B24CCB66D36C41F19BB8F7F49A656BC69D54B188799C65CB18E23CC5B82354EA4F32CF1BB72410FB5A6F676D3AB418096
Malicious:	false
Preview:	{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1729863377000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"600435bc6c3bfd6739f3c39b93bb45a3","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696492435000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"5c23293c742ed52b97ce6913651e2bac","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696492429000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1281d7dbf4238170aa87c435aca63c66","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696492423000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"824a4ec59c469b030f3b98175cf76e67","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696491691000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9e3dce9d3ce52b8c98d60243d5cf7aa0","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696491691000},{"id":"DC_Reader_Edit_LHP_Banner"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.4550694654155512
Encrypted:	false
SSDEEP:	48:TGufl2GL7msCvrBd6dHtbGIbPe0K3+fDy2dsTlx:lNVmsw3SHtbDbPe0K3+fDZdk
MD5:	E2AEA269B876E280303F2C2300F59D61
SHA1:	A72DFD0C623E3C7A2B325E5C3C2BE998C82E162B
SHA-256:	7C764A6C48EB00D499C53E6780F79476217D0618AD9ED804DB4BA431C75A6DD9
SHA-512:	FDFC12814EED1EE16BF1D1791ABA69704C91F3E1B639CF8C2F7DFAE1265255E3DD36ED4480ADE2748004773074335A5304BB5B50980C6EF484F9B27B7486D8C0
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.9582836900032294
Encrypted:	false
SSDEEP:	48:7MHrvrBd6dHtbGIbPe0K3+fDy2dsS4WqFl2GL7mst:723SHtbDbPe0K3+fDZdnKVmst
MD5:	DF28BDE9775E9AC22C85641590165207
SHA1:	991006C60D43259915E87AEED80663C7EFA983B0
SHA-256:	8C07DBEB8CA1C91C762699E67C9AB08B048D3EF9BD57DB8726A3D6B7D2D796E4
SHA-512:	E5A9924B88FF0EC4FCD6CAE2EEB91420A3A09D893D86C94C6D8618BCF694787B443C64AF816CC952844A16CE35DBA005B2DF29AA364C30B99FFB65D8B18715BB
Malicious:	false
Preview:	.... .c.....7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI72459.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5325285763919316
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8jaI0lH:Qw946cPbiOxDlbYnuRKo09
MD5:	C6E71BF674630C3760DB158122E26942
SHA1:	41A51211CA37344D14BC2B0181885A738CA6F96B
SHA-256:	B0AAC388203658343F6AA69A6EF03047D81245397EBB2C55A2EAFD4CEDCC1791
SHA-512:	295C19F9148D4988A1A6F7CB2392C4B8D200316773498FB141AA81B1F1858A4CC9285DEE929DF17B4574FCDC6ADD8CABDC13A9B354B7F8DC77CDEEDADD4C0B91
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.1.0./.2.0.2.4. . .0.9.:.3.6.:.2.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 09-36-16-220.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.386483451061953
Encrypted:	false
SSDEEP:	384:A2+jkjVj8jujXj+jPjghjKj0jLjmF/FRFO7t75NsXNsbNsgNssNsNNsaNsliNsTY:AXg5IqTS7Mh+oXChrYhFiQHXiz1W60ID
MD5:	F49CA270724D610D1589E217EA78D6D1
SHA1:	22D43D4BB9BDC1D1DEA734399D2D71E264AA3DD3
SHA-256:	D2FFBB2EF8FCE09991C2EFAA91B6784497E8C55845807468A3385CF6029A2F8D
SHA-512:	181B42465DE41E298329CBEB80181CBAB77CFD1701DBA31E61B2180B483BC35E2EFAFFA14C98F1ED0EDDE67F997EE4219C5318CE846BB0116A908FB2EAB61D29
Malicious:	false
Preview:	SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:808+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f1c78126-6a87-4f56-987d-4547733fd5ac.1696492435808 Timestamp=2023-10-05T09:53:55:809+0200 ThreadID=6044 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.324200672561885
Encrypted:	false
SSDEEP:	384:T3rTcHTcwTcfTczTc8di0dIdRdJdqdwdD76747y7otbtTtitPtyeAgxAWHWrwroT:zcLk2S+g
MD5:	258B77982D4BB11A091E735DA6432C4D
SHA1:	26D5EC7D75F4EA1B6578A9BEF0F5E434BD16A6B7
SHA-256:	F918BA531B6764ED2D9C51F43AC55E3CEE2D0D1537FD06B1A22EA6D239BFEEB1
SHA-512:	35B5AC1D95CD54E80888F6066043AC6535A79AD1766FE3ADE41512A2FC1F426BCD666C375D832C97C52B9936FFDD5A56C55BCD59D4E7B0BA19D39CD611024FE6
Malicious:	false
Preview:	SessionID=e2d32157-6619-4229-a53d-2ae00a5105ca.1729863376245 Timestamp=2024-10-25T09:36:16:245-0400 ThreadID=7624 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=e2d32157-6619-4229-a53d-2ae00a5105ca.1729863376245 Timestamp=2024-10-25T09:36:16:246-0400 ThreadID=7624 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=e2d32157-6619-4229-a53d-2ae00a5105ca.1729863376245 Timestamp=2024-10-25T09:36:16:246-0400 ThreadID=7624 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=e2d32157-6619-4229-a53d-2ae00a5105ca.1729863376245 Timestamp=2024-10-25T09:36:16:246-0400 ThreadID=7624 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=e2d32157-6619-4229-a53d-2ae00a5105ca.1729863376245 Timestamp=2024-10-25T09:36:16:246-0400 ThreadID=7624 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35721
Entropy (8bit):	5.421043883944
Encrypted:	false
SSDEEP:	768:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRldy0+AyxkHBDgRh9gRC:hRDD/ATOlQwlgR6RgRT4xk1Bh9+R6gRM
MD5:	A7773D7A2602E71779C53BB78924B803
SHA1:	576F6D211674FC5D6395D5CAEA3B51FED773135B
SHA-256:	B5DDE128CA30E989C8DC448C520537318965EA109D5960CBF2E95F6BFFA2FF40
SHA-512:	891E7F17B02E1B93C804C0CFC042CA5097D47660AF6D064E0429D8A65AB4BBA26685B57E1440A0AA60D71594F6336755E9C62D2FEDEF5E7D73D9992CA3064BE3
Malicious:	false
Preview:	05-10-2023 08:41:17:.---2---..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:41:17:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:41:17:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\197d16a8-905a-4cae-8218-5701fb04e1f4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\70ed1157-b027-473d-8a00-c2e6bc39fbef.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\8d958a6c-5012-4e4b-a3c0-d2e931b20b2c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
MD5:	CA6B0D9F8DDC295DACE8157B69CA7CF6
SHA1:	6299B4A49AB28786E7BF75E1481D8011E6022AF4
SHA-256:	A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
SHA-512:	9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\db2e7506-c990-4684-8dd0-3cc8fcb13acf.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.5, 1 pages (zip deflate encoded)
Entropy (8bit):	7.957961970427303
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	F-000687.pdf
File size:	35'897 bytes
MD5:	7db0bb6e4f26570e3fde6768673d95aa
SHA1:	28f2e11a4487d7a175c2e8a9fa9fb8da56e73f94
SHA256:	fd72bba6429d89498a6bb6983637de088568092b7352f2af7cbe8797448efb4a
SHA512:	e19c97654f5fdfc853b2c1dad9667d05f5c40b3bdda0d5b1833afd5bd837bcad8d7e0345a70cc6b2904cd1d265d7929573188430b41bba024b7d50057484c76f
SSDEEP:	768:XSKkSAsM67J66OJ3XuzxAfcFuNspn0hu0vfR6tUC3IATdLhWLj:X8SAV+UJUuhA0vfErIATdLMj
TLSH:	23F2E150EBFAF9CBE8810446B608386FE57DF1478ED4B8E0555C084AA254E167EE0AE7
File Content Preview:	%PDF-1.5.%.....4 0 obj.<</ColorSpace/DeviceGray/Subtype/Image/Height 122/Filter/FlateDecode/Type/XObject/Width 340/Length 9304/BitsPerComponent 8>>stream.x....X.Gw...7E.P.Tl.."....5F..Qc7..%vc.^.Q.F.].Qc..;..V. E8.......-.'.._.....7.f.......@..P..P..P..P.

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	7.957962
Total Bytes:	35897
Stream Entropy:	7.992064
Stream Bytes:	32707
Entropy outside Streams:	5.325527
Bytes outside Streams:	3190
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	17
endobj	17
stream	7
endstream	7
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
4	a3b3b65458b6b682	0d58081264c75c25f0d45aadfe598ea1
5	a3b3b65458b6b682	9088f33c3e1b42f41126fbd9abd31ec8

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 15:36:26.976470947 CEST	55999	53	192.168.2.7	1.1.1.1
Oct 25, 2024 15:36:39.742666960 CEST	49646	53	192.168.2.7	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 15:36:26.976470947 CEST	192.168.2.7	1.1.1.1	0x15a5	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 25, 2024 15:36:39.742666960 CEST	192.168.2.7	1.1.1.1	0x69f3	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 15:36:25.892210960 CEST	1.1.1.1	192.168.2.7	0x9557	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 25, 2024 15:36:25.892210960 CEST	1.1.1.1	192.168.2.7	0x9557	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Oct 25, 2024 15:36:26.984910965 CEST	1.1.1.1	192.168.2.7	0x15a5	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 25, 2024 15:36:39.751379013 CEST	1.1.1.1	192.168.2.7	0x69f3	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 5448, Parent PID: 4056

General

Target ID:	0
Start time:	09:36:12
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\F-000687.pdf"
Imagebase:	0x7ff702560000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 4544, Parent PID: 5448

General

Target ID:	2
Start time:	09:36:13
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6c3ff0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6792, Parent PID: 4544

General

Target ID:	4
Start time:	09:36:14
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2092 --field-trial-handle=1628,i,7524813473393860247,17235938087909307302,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6c3ff0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report F-000687.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF57627b.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a6d64c38-7a05-4e90-aa84-cd6c6114a73a.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\ca77f2d1-e7f5-4313-a334-e32b7aff2bfa.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025133618Z-165.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI72459.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 09-36-16-220.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\197d16a8-905a-4cae-8218-5701fb04e1f4.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\70ed1157-b027-473d-8a00-c2e6bc39fbef.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\8d958a6c-5012-4e4b-a3c0-d2e931b20b2c.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\db2e7506-c990-4684-8dd0-3cc8fcb13acf.tmp

Static File Info

Windows Analysis Report
F-000687.pdf