Edit tour

Windows Analysis Report
OFICIO SMEG.pdf

Overview

General Information

Sample name:	OFICIO SMEG.pdf
Analysis ID:	1544490
MD5:	ff426638417b9244dbbc4bfc0f1aab4b
SHA1:	72b3d199dcde65a9279254f5e3b13dedd5b45f66
SHA256:	4f12c165c0374507733f9524525f16a9d93359f1289b3399ae52100519301e1c
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 4276 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\OFICIO SMEG.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 4124 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6552 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1608,i,16796527182136476170,6293693514644931092,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 77EC63BDA74BD0D0E0426DC8F8008506.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean0.winPDF@14/32@0/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 08-53-24-918.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\OFICIO SMEG.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1608,i,16796527182136476170,6293693514644931092,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1608,i,16796527182136476170,6293693514644931092,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: OFICIO SMEG.pdf	Initial sample: PDF keyword /JS count = 0
Source: OFICIO SMEG.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: OFICIO SMEG.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: OFICIO SMEG.pdf

Initial sample: PDF keyword obj count = 66

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1544490
Start date and time:	2024-10-29 13:52:20 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	OFICIO SMEG.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/32@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.5.13.197, 23.22.254.206, 52.202.204.11, 54.227.187.23, 172.64.41.3, 162.159.61.3, 199.232.210.172, 2.23.197.184, 88.221.168.141, 2.19.126.143, 2.19.126.149, 192.168.2.8, 23.47.194.65, 88.221.110.91, 2.16.100.168
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: OFICIO SMEG.pdf

Simulations

Behavior and APIs

Time	Type	Description
08:53:35	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.24296582160523
Encrypted:	false
SSDEEP:	6:ctW6Q+q2PCHhJ2nKuAl9OmbnIFUt8Ht1vwgZmw+Hti6QVkwOCHhJ2nKuAl9Ombjd:iWGvBHAahFUt8NX/+Nit56HAaSJ
MD5:	3DEB2E7E9A67C0F23D05FC1575662B9E
SHA1:	9D499027DF3BFB862724101AF9EDF73C77D3BE13
SHA-256:	DA8C4947525C4A5706F50C2476E21EA211683DB05EA8D80B0AF5EB19C21A3205
SHA-512:	10227BC1B6F6D8637BEEB3842706EE1B0FA616C238F63E61A4B49B4A3C842061D5A7D1356A6E42B1C2EB2D99DFD066D93C6D2F997B79AD01878FC99E9668E5DE
Malicious:	false
Reputation:	low
Preview:	2024/10/29-08:53:23.402 648 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/29-08:53:23.405 648 Recovering log #3.2024/10/29-08:53:23.406 648 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.24296582160523
Encrypted:	false
SSDEEP:	6:ctW6Q+q2PCHhJ2nKuAl9OmbnIFUt8Ht1vwgZmw+Hti6QVkwOCHhJ2nKuAl9Ombjd:iWGvBHAahFUt8NX/+Nit56HAaSJ
MD5:	3DEB2E7E9A67C0F23D05FC1575662B9E
SHA1:	9D499027DF3BFB862724101AF9EDF73C77D3BE13
SHA-256:	DA8C4947525C4A5706F50C2476E21EA211683DB05EA8D80B0AF5EB19C21A3205
SHA-512:	10227BC1B6F6D8637BEEB3842706EE1B0FA616C238F63E61A4B49B4A3C842061D5A7D1356A6E42B1C2EB2D99DFD066D93C6D2F997B79AD01878FC99E9668E5DE
Malicious:	false
Reputation:	low
Preview:	2024/10/29-08:53:23.402 648 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/29-08:53:23.405 648 Recovering log #3.2024/10/29-08:53:23.406 648 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.214771872156734
Encrypted:	false
SSDEEP:	6:ctcE+q2PCHhJ2nKuAl9Ombzo2jMGIFUt8HtPZZmw+HtPNVkwOCHhJ2nKuAl9OmbX:iSvBHAa8uFUt8NB/+Nb56HAa8RJ
MD5:	8ED658E905EBB842EE9F78C6B4580624
SHA1:	D7F0D83C70025BFDD80F9E0AA169FDBFB8E1749F
SHA-256:	076A7EA0D5076C5A32289254CADD7F322962CBE95506ACD53630C0DD5D6C11F8
SHA-512:	72D1682D797BFDD036A713B71E22615C1BB65A928B84F4B636BBC9442D13D136CE6E29D34DACBCA685C5B09F1918DA3DEA77833FE4464EE15194271FB3996247
Malicious:	false
Reputation:	low
Preview:	2024/10/29-08:53:23.584 a58 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/29-08:53:23.586 a58 Recovering log #3.2024/10/29-08:53:23.586 a58 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.214771872156734
Encrypted:	false
SSDEEP:	6:ctcE+q2PCHhJ2nKuAl9Ombzo2jMGIFUt8HtPZZmw+HtPNVkwOCHhJ2nKuAl9OmbX:iSvBHAa8uFUt8NB/+Nb56HAa8RJ
MD5:	8ED658E905EBB842EE9F78C6B4580624
SHA1:	D7F0D83C70025BFDD80F9E0AA169FDBFB8E1749F
SHA-256:	076A7EA0D5076C5A32289254CADD7F322962CBE95506ACD53630C0DD5D6C11F8
SHA-512:	72D1682D797BFDD036A713B71E22615C1BB65A928B84F4B636BBC9442D13D136CE6E29D34DACBCA685C5B09F1918DA3DEA77833FE4464EE15194271FB3996247
Malicious:	false
Reputation:	low
Preview:	2024/10/29-08:53:23.584 a58 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/29-08:53:23.586 a58 Recovering log #3.2024/10/29-08:53:23.586 a58 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9d737c9c-4094-414f-a076-ac14670e67a7.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.975824910517686
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqlhsBdOg2H4pHgcaq3QYiub6P7E4T3y:Y2sRdsmydMHW3QYhbS7nby
MD5:	7813166B51ECB56F3C6639C99DD286E5
SHA1:	7F7015504A747B3FB32B483624EA5EB7DDAD96C7
SHA-256:	8A9195368DB8DFF42AD6AD796357CE443464C32B71919676189FAF9F123B712E
SHA-512:	90F841490D0DFD6C241EC5F7520A93693FB4A0488B4C0327D9383EACE4E4975BB5EA289C35CCAD983AD96B414A5309AC3285C800DA2D4B9FB7647A7907F1B33D
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374766409396676","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":350722},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.975824910517686
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqlhsBdOg2H4pHgcaq3QYiub6P7E4T3y:Y2sRdsmydMHW3QYhbS7nby
MD5:	7813166B51ECB56F3C6639C99DD286E5
SHA1:	7F7015504A747B3FB32B483624EA5EB7DDAD96C7
SHA-256:	8A9195368DB8DFF42AD6AD796357CE443464C32B71919676189FAF9F123B712E
SHA-512:	90F841490D0DFD6C241EC5F7520A93693FB4A0488B4C0327D9383EACE4E4975BB5EA289C35CCAD983AD96B414A5309AC3285C800DA2D4B9FB7647A7907F1B33D
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374766409396676","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":350722},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.8","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4288
Entropy (8bit):	5.2264436026583985
Encrypted:	false
SSDEEP:	96:S4bz5vsZ4CzSAsfTxiVud4TxY0CIOr3MCWO3VxBaw+bO/vDHsDgZ:S43C4mS7fFi0KFYDjr3LWO3V3aw+bO/3
MD5:	ACEC24EF607EF78282812086C66E24D6
SHA1:	6685DD7EE8A036338073A4B51FD2D3CF46F61104
SHA-256:	53491588AD5DFE7CB87A46B0117F49D3C7C24F1205777A213F26C6DDB1BDBB73
SHA-512:	B11AF8D0025D2E877D0831C227254F19B2A9A2CAF8CE9129F0C60A046C67E4341138FEFFE4EAF2A6639F0CF38992811967B9131D35B57340FCBA56BD6343346A
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-8..\|o................next-map-id.1.Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/.0...dr................next-map-id.2.Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.2.$..o................next-map-id.4.Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/.3+...^...............Pnamespace-656dc224_0825_4dad_892f_a4fe9098071c-https://rna-resource.acrobat.com/....^...............Pnamespace-f0c0a73c_e89b_42d5_bb63_4f8a3b04cf3a-https://rna-resource.acrobat.com/T.3.a...............Snamespace-ef12e1ab_9f14_41d7_aae3_3f05adf09ebc-https://rna-v2-resource.acrobat.com/.U..a...............Snamespace-07eb38e9_046b_46c4_bd67_b1578df56145-https://rna-v2-resource.acrobat.com/.$..o................next-map-id.5.Pnamespace-c66013b9_73b6_4b3f_b279_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.244675023952448
Encrypted:	false
SSDEEP:	6:ctavt+q2PCHhJ2nKuAl9OmbzNMxIFUt8HttZmw+HtY/NVkwOCHhJ2nKuAl9OmbzE:iaQvBHAa8jFUt8Nt/+N2z56HAa84J
MD5:	8871D048BC586E61B6DA452881217DDC
SHA1:	49E9F3067E5080D353A1B452B3FC402DC634AB5A
SHA-256:	C7448F2B29CE489D1A6C1C4B6B358F66F1D0C446E325D83B3C35E1166BE2EEEE
SHA-512:	6AD6B9A59B3B19E68306CEC17871B0FF6F99CC73849AF70DE498C8114D4B8CA6982E8E3CB088E7283D1DDDE8419858AA9CA8A0CB406B40CA47955BC889CCAD97
Malicious:	false
Reputation:	low
Preview:	2024/10/29-08:53:23.734 a58 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/29-08:53:23.735 a58 Recovering log #3.2024/10/29-08:53:23.736 a58 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.244675023952448
Encrypted:	false
SSDEEP:	6:ctavt+q2PCHhJ2nKuAl9OmbzNMxIFUt8HttZmw+HtY/NVkwOCHhJ2nKuAl9OmbzE:iaQvBHAa8jFUt8Nt/+N2z56HAa84J
MD5:	8871D048BC586E61B6DA452881217DDC
SHA1:	49E9F3067E5080D353A1B452B3FC402DC634AB5A
SHA-256:	C7448F2B29CE489D1A6C1C4B6B358F66F1D0C446E325D83B3C35E1166BE2EEEE
SHA-512:	6AD6B9A59B3B19E68306CEC17871B0FF6F99CC73849AF70DE498C8114D4B8CA6982E8E3CB088E7283D1DDDE8419858AA9CA8A0CB406B40CA47955BC889CCAD97
Malicious:	false
Reputation:	low
Preview:	2024/10/29-08:53:23.734 a58 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/29-08:53:23.735 a58 Recovering log #3.2024/10/29-08:53:23.736 a58 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241029125327Z-173.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.7541674312795401
Encrypted:	false
SSDEEP:	96:WAj7VF0LKY7CxiBmT8MYxfdb1OgqMJJbMZU9JkgC+EMRem6Yv6jUldMMMMM7MNeX:/eC6fdbRFec/ApPXCrojxcr2frBl
MD5:	6628D52746998AE2E3EBC68D4BA21F4D
SHA1:	EAB5A182C983A14A26B6EA6452B30FE085E3B6A3
SHA-256:	E0352C20C19AD607ED3C54F99D16CA2CFDC5A1CD1D99502DAD8F96A8C3DBE1F5
SHA-512:	E1BD5608B3050D4C73C6547531FE0A899A1F5EC643AA7E07689BD07AD715515DAE71DD962A65B245C8061804BD976AB118CD0312C9C696F3989BA8421964F083
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 4, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.29379800543989
Encrypted:	false
SSDEEP:	192:PedRBuVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:Pekci5H5FY+EUUUTTcHqFzqFP
MD5:	22F6BC4888704F6E46A0B09B03C59C5A
SHA1:	044E6280D6557E1AD3AD2886FB34AB5E96398BDE
SHA-256:	BBE48B967969B74A37AD99651E72568A9E4E49BB2584F5370715CD009917BA0D
SHA-512:	C11FD5A28BEEA4D8E1258C2A0A84509B1C061BCCC90F19ED41D76589DFA9A0CEAC3B3CB0519ECE49B2CD300503E6F18E695B14E88A6DC9F58B9A87DA59A2F992
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.213957546475127
Encrypted:	false
SSDEEP:	24:7+t9dMwKnqLKzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzb:7MD0nqOmFTIF3XmHjBoGGR+jMz+LhK
MD5:	9D0098C778CEA494FFE33C4A329FC8C0
SHA1:	094D91C65DB6D3C5C5FD17C1B0DFF37C2BEFB2FC
SHA-256:	D49C74C6031A6B0E38C030166D09B9C0C089F3A9D6963ADA786F64D94612AB23
SHA-512:	644A4833422B93F19FF7437137CEA96526AAD3C77E2CCB43DBE13407974B30453806CC36A48362EEE75A0E21D1E7549178B1D0F41F07FEE681441B2EA8F63B08
Malicious:	false
Preview:	.... .c......\.j........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.73533016978716
Encrypted:	false
SSDEEP:	3:kkFkl3B53l1fllXlE/HT8ktFhlltNNX8RolJuRdxLlGB9lQRYwpDdt:kKzT8kFRNMa8RdWBwRd
MD5:	5D423B7A12B290A66D98C6C103CB1AEC
SHA1:	15B4ADB6EA5F84660F183EF91DC0AF3D69B745BA
SHA-256:	6407193517E2AAB00AD8A5DF21F9343D24E87644A0E7FC2ACEDA7DEC7A23BB40
SHA-512:	4B80404C7B6AF95696E1098947EF8D8048516BDB769A0998FE4C40715471708B7E2816B7318945A7812FF6BEB5891DB2537761D243BD49900BC555421504578A
Malicious:	false
Preview:	p...... .........d\..*..(....................................................... ..........W....HX..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.2407377588831796
Encrypted:	false
SSDEEP:	6:kKM9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:HDImsLNkPlE99SNxAhUe/3
MD5:	24CE3237FA8B749C80D8F6C5C790F86D
SHA1:	DC0772972EE3AE0CD8E977FAADA810E9E487D3F1
SHA-256:	4A17B05EC280BBCD7F18B9E71BAD8B623C434ECDB7922890970D5A4824490025
SHA-512:	47C722488ADF499035762E05BA107D4ED852AB7C242ECCB1B621086A032B738726402F271A9E054A216823320D991A5460580360D2AB7076BD693D3FACDB67C8
Malicious:	false
Preview:	p...... ........!I...*..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2145
Entropy (8bit):	5.07046401025013
Encrypted:	false
SSDEEP:	48:Y5o+eHIYH8TFSGTFXwiTFgCTF3bTFDL0ToT3UTpNMaTN:hhoJLWNMu
MD5:	53C814AC6A89DB079E2304041D3CA439
SHA1:	D180E325072CFDF3E0DD7726904DA3AED3033553
SHA-256:	B00C7D1079233D0B0173E0BD50502E837C00736093BA52E3AD5AD0288ACB4D77
SHA-512:	525FA830959DC04D28C13699D67345C2473B72FE79011519C7A0DB996C0F826273D20A0F7FCC0278A081A3AF464C960DF32631CC3A19DB3522A4E3914ACAC1C8
Malicious:	false
Preview:	{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1730206405000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1f627a0ebb1619d115b1670685dc36d6","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696494934000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"1a6c845034c91b8f895804fd80befd78","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696494933000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"27da5dddbe5bafa6951ba0799b63a0fa","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696494928000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"52e4d71a3bec9e300fc55dce48c3c732","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1696493920000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c5e64480adba3de9b9cf370b71aefd47","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696493920000},{"id":"Edit_InApp_Aug2020","info":{"dg":"8b26a75f

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.320286232351537
Encrypted:	false
SSDEEP:	24:TLKufx/XYKQvGJF7urs9Ohn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMeotqVpaD:TGufl2GL7ms9WR1CPmPbPahSypilIW
MD5:	9F01CD3E33B2A78CEF40ECD7AF8A5F90
SHA1:	D5D9A24AEFCEF377FB3A2EB7EA03E6FAC0ABD590
SHA-256:	9A4CB9D372344AF35E16754B9ACE9DC6E8D9DF9B877F70BDE4F10DDFAA0D5C2E
SHA-512:	4FDD01234477B18C33CED45EFA603E5FCB2A11DF20B1D944D5AD1CBE0C6B121B7B83350268D59145787AC257B4C4365198BACFF99DA1C929B910C93C2E2D16A3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.781169568137311
Encrypted:	false
SSDEEP:	24:7+tSlhn07oz7oF0Hl0FopUEiP66UEiPbnPnNknNMeo4qVpaVrScVr0InuZqLhx/c:7MZWR1CPmPbPahTypilINZqFl2GL7msS
MD5:	164A2E62D086CD05A2A772CB08B9D00E
SHA1:	3E5C7E7098D6FBDC01E8CFE3BB6CA0156C1BA8A9
SHA-256:	5E6E14133D735CC22BA28CF944926AC91EA5276F3EBF7A4E533BB9BE902D2429
SHA-512:	9F88633689EF6F3338FE2B92E49513BB60420DAB7E047E3BFB753E1C8BF1C3BA191EF8518949010114C6CC024F7A5322BCAEF68031C69ECA2B32E1FA8A8B82BB
Malicious:	false
Preview:	.... .c......f%<..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.p.p.p.p.p.p.p.p.p.p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI3f47e.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5390718303530573
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xOlQklW6wlYH:Qw946cPbiOxDlbYnuRK58lYH
MD5:	05780D439E5C19539F70B0E7558CCB49
SHA1:	CB1E1B5B57F0081A2CDA2F57479EFFE09FABE3CB
SHA-256:	0B9A20E139C4FA9A7B541728F0A6DE43C7FB5BCCBC96AA32D86196A46BA6FAE7
SHA-512:	7E66475B1C15A3A9D1C1DE9081D4C246B2067C265BDB84965D043046A75FB3095D6613C11B26203507D9E86B6253A886936863A920B4B92D7DF7DCE8FC37D9DD
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.9./.1.0./.2.0.2.4. . .0.8.:.5.3.:.3.0. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91ir74cc_1g21gz9_4kc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A99ylpv0_1g21gza_4kc.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 08-53-24-918.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.33860678500249
Encrypted:	false
SSDEEP:	384:IC2heaVGJMUPhP80d0Wc+9eG/CCihFomva7RVRkfKhZmWWyC7rjgNgXo6ge5iaW0:X8B
MD5:	C3FEDB046D1699616E22C50131AAF109
SHA1:	C9EEA5A1A16BD2CD8154E8C308C8A336E990CA8D
SHA-256:	EA948BAC75D609B74084113392C9F0615D447B7F4AACA78D818205503EACC3FD
SHA-512:	845CDB5166B35B39215A051144452BEF9161FFD735B3F8BD232FB9A7588BA016F7939D91B62E27D6728686DFA181EFC3F3CC9954B2EDAB7FC73FCCE850915185
Malicious:	false
Preview:	SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:080+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=29b7f1b4-edf3-467e-b302-20b20356cfee.1696494928080 Timestamp=2023-10-05T10:35:28:081+0200 ThreadID=6832 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.377493142314839
Encrypted:	false
SSDEEP:	384:5kzNkMBkMUkM5kMdkMYkM2skMEkMHk5nk5ik58k5Nk5q7k5gkqKkjD8kjD6kjD0N:5uH+HHiUsulQbxMv7DSXpNTTcrF8i2MK
MD5:	A4483C1821E1F2CC176CA5A3600D5E38
SHA1:	406026F5016A4B2C7F2E4E968ABF708762E06185
SHA-256:	BF194AC2B71CFCD3FE3FA34315F7F3CFDFC60978E474D7CFEE14138ACBB11E01
SHA-512:	0117EBBE8BC98224D771667D5C1C40453D50477CAFDF27D491F9DD525D04902629DD4DEE533DD0FAD0412F54CBCA3012A44442EEF7D22ACD1C477D2339940AFB
Malicious:	false
Preview:	SessionID=847bfb5d-7df0-4b56-a66c-b65b588734b6.1730206404941 Timestamp=2024-10-29T08:53:24:941-0400 ThreadID=1824 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=847bfb5d-7df0-4b56-a66c-b65b588734b6.1730206404941 Timestamp=2024-10-29T08:53:24:942-0400 ThreadID=1824 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=847bfb5d-7df0-4b56-a66c-b65b588734b6.1730206404941 Timestamp=2024-10-29T08:53:24:942-0400 ThreadID=1824 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=847bfb5d-7df0-4b56-a66c-b65b588734b6.1730206404941 Timestamp=2024-10-29T08:53:24:942-0400 ThreadID=1824 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=847bfb5d-7df0-4b56-a66c-b65b588734b6.1730206404941 Timestamp=2024-10-29T08:53:24:942-0400 ThreadID=1824 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.413010863653587
Encrypted:	false
SSDEEP:	192:TcbeIewcbVcbqI4ucbrcbQIrJcb6cbCIC4cbvjJJNiZUvySJdCjVWjCjZKDe/Mcs:ceo4+rsCjiFIp
MD5:	1CAF2B253B0CC5A6383CA21BA4960B20
SHA1:	FE75659458367C8B66925732A2D27F9948B88721
SHA-256:	6DE9A197C2AE220ACCF1CAFFEA9AA10E9D553858948B7C1EA281E8C92FD5C9CD
SHA-512:	47E9297FB2CCC827EAB146096BC347A3DDE255BEBE105CA2C6FA2602FE6B3EE926BD01091D24C61DA1663FD05158E8B82B00AFA327DC1E11883102DF6C57DE4C
Malicious:	false
Preview:	05-10-2023 10:18:29:.---2---..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 10:18:29:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 10:18:29:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\12173e34-2399-4a04-84aa-0085f783edae.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\209171b9-52cf-49c7-adfd-5009f6cc9845.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZzZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZze
MD5:	198F4E288D1DB22C155F252BF364EFCB
SHA1:	690AE63F7824B05C2B6A021E590703F050824B8E
SHA-256:	05F1AF075AB733EB1888CFA62B650396358C211C6DAE4C8159A176E6563E5934
SHA-512:	A11CB4DE3A4B38BB5FD8AFA7842FB2F9887AE0DA440999A175049B205ED8649C3A5C6BD12716BC406A6CA68440852BE2ABD92C6E31F102A253DBA6AB97860BE5
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\b73172af-e124-4401-aa5e-ac0c7335915a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\f81145a2-17dd-44ff-b8c1-95cdaccd473f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/9wYIGNPQmeWL07oXGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:lwZG2XWLxXGZN3mlind9i4ufFXpAXkru
MD5:	CDB0A9F62FD4871F0603FBBF1FE6BD06
SHA1:	C972A2B8E6E7CD72A156C1EAB8F5F31E76A7DA24
SHA-256:	85BD3F2168D078DFF0ECEB670C3DC651E8797522C6A2921EC478EAD5A09E415F
SHA-512:	7FC3B110A45F9D518FEA45930B73F196FEE7DF472A17FB2CBB19A3BCBF5C78D439F68E2C615D8DACD5821EF60C1447112FB86431D768E28D9F08457563011F28
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	98682
Entropy (8bit):	6.445287254681573
Encrypted:	false
SSDEEP:	1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
MD5:	7113425405A05E110DC458BBF93F608A
SHA1:	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:	6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:	false
Preview:	0...u0...\...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.501268097735403
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
MD5:	5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:	8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:	FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R.......~....)....i.n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

Static File Info

General

File type:	PDF document, version 1.5, 2 pages
Entropy (8bit):	7.977045182569651
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	OFICIO SMEG.pdf
File size:	300'110 bytes
MD5:	ff426638417b9244dbbc4bfc0f1aab4b
SHA1:	72b3d199dcde65a9279254f5e3b13dedd5b45f66
SHA256:	4f12c165c0374507733f9524525f16a9d93359f1289b3399ae52100519301e1c
SHA512:	8d453f63c600a4d480cc3012d385d420aee0d04b7faf54b77c7e1e4e8d6cecf85612477db3942864763fedd1dda61388de60cb3a97f262e84e8c7b4a0749f9a4
SSDEEP:	6144:cyutLiyxtnNap+eLpnnFaVEZY/X5uW9auPCddy7/WJV0kQhIY7vZj:cyutLiyxtNK+sFmPTgdyDWDQT7x
TLSH:	9F541201EF88C9CDE3812785AF7B7C197B6FB33AB1C010A20D7C97570A80D65E563A5A
File Content Preview:	%PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(es-ES) /StructTreeRoot 46 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 30 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.5
Total Entropy:	7.977045
Total Bytes:	300110
Stream Entropy:	7.996356
Stream Bytes:	284518
Entropy outside Streams:	4.917420
Bytes outside Streams:	15592
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	66
endobj	66
stream	17
endstream	17
xref	2
trailer	2
startxref	2
/Page	2
/Encrypt	0
/ObjStm	1
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
14	4a6b159135454b1a	ff8c0b9404dc0bc6ca93f0beee241c90
15	0e2bd4d6179c96dc	f74ef4c321b29c809ba98630706eda7c
32	4a6b159135454b1a	ff8c0b9404dc0bc6ca93f0beee241c90
33	0e2bd4d6179c96dc	f74ef4c321b29c809ba98630706eda7c
44	6373b3b3b3f1b766	3d5f8f15a3c8835fd712f08afdd96b7b

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 4276, Parent PID: 4084

General

Target ID:	0
Start time:	08:53:21
Start date:	29/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\OFICIO SMEG.pdf"
Imagebase:	0x7ff6e8200000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 4124, Parent PID: 4276

General

Target ID:	2
Start time:	08:53:22
Start date:	29/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff79c940000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 6552, Parent PID: 4124

General

Target ID:	4
Start time:	08:53:23
Start date:	29/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1608,i,16796527182136476170,6293693514644931092,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff79c940000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report OFICIO SMEG.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9d737c9c-4094-414f-a076-ac14670e67a7.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241029125327Z-173.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI3f47e.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91ir74cc_1g21gz9_4kc.tmp

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A99ylpv0_1g21gza_4kc.tmp

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 08-53-24-918.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\12173e34-2399-4a04-84aa-0085f783edae.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\209171b9-52cf-49c7-adfd-5009f6cc9845.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\b73172af-e124-4401-aa5e-ac0c7335915a.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\f81145a2-17dd-44ff-b8c1-95cdaccd473f.tmp

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Windows Analysis Report
OFICIO SMEG.pdf