Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
example@email.com.pdf

Overview

General Information

Sample name:example@email.com.pdf
Analysis ID:1544571
MD5:4cbefad8b132c8db189dbf857ac5298d
SHA1:6aeb30d1e57e6eba7d059b1806f96a0403902a9a
SHA256:ea6e8fc39aa5a5ca48802a06ce26cc41fedd60f10586df320623ee2d1467d0eb
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

PDF is encrypted
Potential document exploit detected (performs DNS queries)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6588 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\example@email.com.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 4092 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6416 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1676,i,15610711063450441042,6409612462774580190,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean1.winPDF@14/27@3/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1992Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 10-36-55-559.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\example@email.com.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1676,i,15610711063450441042,6409612462774580190,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1676,i,15610711063450441042,6409612462774580190,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: example@email.com.pdfInitial sample: PDF keyword /JS count = 0
Source: example@email.com.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: example@email.com.pdfInitial sample: PDF keyword /Encrypt count = 1
Source: example@email.com.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: example@email.com.pdfInitial sample: PDF keyword /Encrypt
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1544571 Sample: example@email.com.pdf Startdate: 29/10/2024 Architecture: WINDOWS Score: 1 13 x1.i.lencr.org 2->13 7 Acrobat.exe 57 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
example@email.com.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1544571
    Start date and time:2024-10-29 15:35:52 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 3m 59s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:10
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:example@email.com.pdf
    Detection:CLEAN
    Classification:clean1.winPDF@14/27@3/0
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 107.22.247.231, 34.193.227.236, 54.144.73.197, 162.159.61.3, 172.64.41.3, 93.184.221.240, 2.23.197.184, 95.101.148.135, 2.19.126.143, 2.19.126.149
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, wu.azureedge.net, acroipm2.adobe.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
    • VT rate limit hit for: example@email.com.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    10:37:06API Interceptor2x Sleep call for process: AcroCEF.exe modified

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.242489699125768
    Encrypted:false
    SSDEEP:6:PGGRFIq2P92nKuAl9OmbnIFUt8cGwZmw+cG4kwO92nKuAl9OmbjLJ:yv4HAahFUt8k/+E5LHAaSJ
    MD5:B1A77CC71A5037E27D98AD432FA30E41
    SHA1:13D47B682949169E1B3AC1CF5BACCBF8FA1F054A
    SHA-256:62139A63F6C939129C58BA4C6329BC0663D97020A0F83962485A0D43588B4516
    SHA-512:3F6E87D2B62210FF7382F2804D2C79A8C5AF7F3464169DB72282C0458A4948E9A75B8B7632AE3EB1F857ABA4623E91794963CE1D1F75840245413E2655216820
    Malicious:false
    Reputation:low
    Preview:2024/10/29-10:36:55.723 fc4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/29-10:36:55.725 fc4 Recovering log #3.2024/10/29-10:36:55.725 fc4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.242489699125768
    Encrypted:false
    SSDEEP:6:PGGRFIq2P92nKuAl9OmbnIFUt8cGwZmw+cG4kwO92nKuAl9OmbjLJ:yv4HAahFUt8k/+E5LHAaSJ
    MD5:B1A77CC71A5037E27D98AD432FA30E41
    SHA1:13D47B682949169E1B3AC1CF5BACCBF8FA1F054A
    SHA-256:62139A63F6C939129C58BA4C6329BC0663D97020A0F83962485A0D43588B4516
    SHA-512:3F6E87D2B62210FF7382F2804D2C79A8C5AF7F3464169DB72282C0458A4948E9A75B8B7632AE3EB1F857ABA4623E91794963CE1D1F75840245413E2655216820
    Malicious:false
    Reputation:low
    Preview:2024/10/29-10:36:55.723 fc4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/29-10:36:55.725 fc4 Recovering log #3.2024/10/29-10:36:55.725 fc4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):338
    Entropy (8bit):5.204872922650898
    Encrypted:false
    SSDEEP:6:PG1vRQ+q2P92nKuAl9Ombzo2jMGIFUt8cG1jUkpdWZmw+cG1upQVkwO92nKuAl97:K5Q+v4HAa8uFUt85Ng/+5cQV5LHAa8RJ
    MD5:BDB81BEE754554E85F3F43B34ED257A5
    SHA1:8F08EA67724258F29B733A4DDA622AC57EF07ABA
    SHA-256:82ABC9E2B81F8E89EF6F6A417F2B68DAF323474D5208380295DF0EBECBF37E6A
    SHA-512:C8CBB83D482634EEF3BDE6FEC9C6D2AAE2795EE16C6BEC32DD34DAAAFEE2C0DAC1386474F6812BC6BE882ADC02D563183DAB0D425E0B1926B1A5EF75A423601B
    Malicious:false
    Reputation:low
    Preview:2024/10/29-10:36:55.840 190c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/29-10:36:55.844 190c Recovering log #3.2024/10/29-10:36:55.845 190c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):338
    Entropy (8bit):5.204872922650898
    Encrypted:false
    SSDEEP:6:PG1vRQ+q2P92nKuAl9Ombzo2jMGIFUt8cG1jUkpdWZmw+cG1upQVkwO92nKuAl97:K5Q+v4HAa8uFUt85Ng/+5cQV5LHAa8RJ
    MD5:BDB81BEE754554E85F3F43B34ED257A5
    SHA1:8F08EA67724258F29B733A4DDA622AC57EF07ABA
    SHA-256:82ABC9E2B81F8E89EF6F6A417F2B68DAF323474D5208380295DF0EBECBF37E6A
    SHA-512:C8CBB83D482634EEF3BDE6FEC9C6D2AAE2795EE16C6BEC32DD34DAAAFEE2C0DAC1386474F6812BC6BE882ADC02D563183DAB0D425E0B1926B1A5EF75A423601B
    Malicious:false
    Reputation:low
    Preview:2024/10/29-10:36:55.840 190c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/29-10:36:55.844 190c Recovering log #3.2024/10/29-10:36:55.845 190c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\142f00dc-7faf-41fd-b262-c452a52dd01a.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):508
    Entropy (8bit):5.063171228375724
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqtsBdOg2Hicaq3QYiubxnP7E4T3OF+:Y2sRdsrdMHt3QYhbxP7nbI+
    MD5:3EAAA49FA1B98B68FFA0A7BECD60FB71
    SHA1:E3433B301C0890EBF5CBB45F0948D92987931805
    SHA-256:66A7DB6B4A1552FD54C2947FE3C721F4785702EA11005E07519BD179D718F196
    SHA-512:591DDCB8A719AFA670190040B6EDA800D979AB3B74B56D7D2E188178DB6714D84F8697764694ACECD28C297BFDC15A34B6AC4A9B0A9749A539EBFE1BB340BF5E
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374772621776800","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":255507},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):508
    Entropy (8bit):5.063171228375724
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqtsBdOg2Hicaq3QYiubxnP7E4T3OF+:Y2sRdsrdMHt3QYhbxP7nbI+
    MD5:3EAAA49FA1B98B68FFA0A7BECD60FB71
    SHA1:E3433B301C0890EBF5CBB45F0948D92987931805
    SHA-256:66A7DB6B4A1552FD54C2947FE3C721F4785702EA11005E07519BD179D718F196
    SHA-512:591DDCB8A719AFA670190040B6EDA800D979AB3B74B56D7D2E188178DB6714D84F8697764694ACECD28C297BFDC15A34B6AC4A9B0A9749A539EBFE1BB340BF5E
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374772621776800","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":255507},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4509
    Entropy (8bit):5.234608573659125
    Encrypted:false
    SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUtvDhoFhZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL7
    MD5:4F23E9769EFB0A736CFFA94FCB904F21
    SHA1:F824B02E473C458166AAC852BB76735C240269D7
    SHA-256:E223922A1A5908670F12BF8E6516C6829F032F346A65E62A835AB0DA1B6DCDBD
    SHA-512:46B3D7BD75F50FC1630EE1893051EB70F261FF10DBBC11B7E38DD09D9D6E0A053E33CB4503C7FCBA7F923F3582E622DF6939FB93ADEF8611F88D2C8E60B2D7FA
    Malicious:false
    Reputation:low
    Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):326
    Entropy (8bit):5.178887903059975
    Encrypted:false
    SSDEEP:6:PGkQ+q2P92nKuAl9OmbzNMxIFUt8cGqF/dWZmw+cGqF/QVkwO92nKuAl9OmbzNMT:1Q+v4HAa8jFUt8eF/g/+eF/QV5LHAa8E
    MD5:8A27FD9C645BC3C9B2D1EE9E5F99D237
    SHA1:C2A0B0ABB25E8C28FAAC35715CB221FF045DD7F5
    SHA-256:E1024BCDB560A516B60971FBDF09DCADE04D0EA63A09DE7D1E3C447ADD893CAF
    SHA-512:95D71A1D69818B1234442EEE0AE6D9B5B5A5D01E57992AB405D31979F434325C91F48813400FC36A0B7CA80D76142E8AA910AC67681CC32E74C4B1F9DF63CC27
    Malicious:false
    Reputation:low
    Preview:2024/10/29-10:36:56.149 190c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/29-10:36:56.150 190c Recovering log #3.2024/10/29-10:36:56.150 190c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):326
    Entropy (8bit):5.178887903059975
    Encrypted:false
    SSDEEP:6:PGkQ+q2P92nKuAl9OmbzNMxIFUt8cGqF/dWZmw+cGqF/QVkwO92nKuAl9OmbzNMT:1Q+v4HAa8jFUt8eF/g/+eF/QV5LHAa8E
    MD5:8A27FD9C645BC3C9B2D1EE9E5F99D237
    SHA1:C2A0B0ABB25E8C28FAAC35715CB221FF045DD7F5
    SHA-256:E1024BCDB560A516B60971FBDF09DCADE04D0EA63A09DE7D1E3C447ADD893CAF
    SHA-512:95D71A1D69818B1234442EEE0AE6D9B5B5A5D01E57992AB405D31979F434325C91F48813400FC36A0B7CA80D76142E8AA910AC67681CC32E74C4B1F9DF63CC27
    Malicious:false
    Preview:2024/10/29-10:36:56.149 190c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/29-10:36:56.150 190c Recovering log #3.2024/10/29-10:36:56.150 190c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1391
    Entropy (8bit):7.705940075877404
    Encrypted:false
    SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
    Malicious:false
    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
    Category:dropped
    Size (bytes):71954
    Entropy (8bit):7.996617769952133
    Encrypted:true
    SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
    Malicious:false
    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):192
    Entropy (8bit):2.756901573172974
    Encrypted:false
    SSDEEP:3:kkFklIk4DM1fllXlE/HT8ks0/tNNX8RolJuRdxLlGB9lQRYwpDdt:kKRhM2T8+7NMa8RdWBwRd
    MD5:74BB72004693DF5E714E0915B2B9300F
    SHA1:2F7122ED9C54A96D831A9F5A5ED0AFCBD17086FC
    SHA-256:C91E0CB707A4C0D33A53094F26C96548B0D7255E8BCD711A39A27ACF909921E4
    SHA-512:B5F8649C1016CF237FFF9256333DD01D961C7D1E2B92D4A3D6D3C4A397B4050E602CED2EF3E6F0DD181C33865C94405E7389583C2E9A9AA3FF69E30246ABBA4D
    Malicious:false
    Preview:p...... .............*..(....................................................... ..........W.....C..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:modified
    Size (bytes):328
    Entropy (8bit):3.1379890379152853
    Encrypted:false
    SSDEEP:6:kKH9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:+DnLNkPlE99SNxAhUe/3
    MD5:092DF4505B52B7FE2B6794F821D98013
    SHA1:502B7D9BC89169757622F9178E217DBE71A99893
    SHA-256:21E085F38847AFC3159717550E1E0EBB02CC4F46DA83F0E959046968AE3245DC
    SHA-512:08558B0183A6AAB4F870270C19D893F76C236EBD2F584FE315B1A9980AA5F3626399039793F3D6A4ED28F479056E4FF009A50276F838882FCF07F00A3DC2D00A
    Malicious:false
    Preview:p...... .............*..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1992

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2145
    Entropy (8bit):5.069382185571257
    Encrypted:false
    SSDEEP:24:YFus3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCDxiW:YLAwmWXZYEtoitbRCwu20wD+JliWxao
    MD5:4BB9609F4CD94A566C4A5CEFB0EF5067
    SHA1:8F813BC14F900153DAC296EE71F90696E72A70C6
    SHA-256:9AFEEC7CCBCD22F2D97CA85BB91D29DAC19C640047F1871721A6F0F8967EAC71
    SHA-512:904CB3E11DC8842794EBB12E131BC95A093505F54479DAF51F6B365B5A46D63F6E6184E9028940747C46D273CB529A8A1560BE6B607C3713F872F36940536C61
    Malicious:false
    Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1730212617000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d550de899f04b5f1cb01c3a7438d5d96","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696428962000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cfa45c7829b86b94abc8cd788add6752","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696428962000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"2dd86d6e5f99203c47dd099f6b5e82b8","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696428955000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"3ef850c86adcfefa30feaf6c5c1404b1","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1696426848000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"955b63af1bb125ce44faeb9a35adb91d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696426848000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):0.9843116219452896
    Encrypted:false
    SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpiAd4zJwtNBwtNbRZ6bRZ4fAdF:TVl2GL7ms6ggOVpd2zutYtp6PL3
    MD5:23B69ECC0BC82A7A95E18EE53D574C07
    SHA1:E6731ABDDCA6C49D10BBB86B84162395864E13E0
    SHA-256:5DE160D39E2797271C912BD68807A56934DF2EA6D75195DA5DB4934F0F9B286A
    SHA-512:D652B3D597FBD78F18C80A30688EBAEEC64CE7BB6CCC20D418FACF684D2C0FB87617F741B0AFFB3D3AAE7E7019C36B36AB2C62FBAF043F53701F3037C9FE0A48
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.3396840329440196
    Encrypted:false
    SSDEEP:24:7+t7AD1RZKHs/Ds/SpiAdPzJwtNBwtNbRZ6bRZWf1RZK2WqLBx/XYKQvGJF7urs2:7M7GgOVpdtzutYtp6PMxWqll2GL7msGh
    MD5:E7E0412299E70247647F51D84A654B05
    SHA1:A6A204AAB1D507E9022EB8647F1A0EADF8B98DFC
    SHA-256:0CF78C2A73C9F84938EDAF076CFC545CC77CD38AEA1B7BB77585A683365411BA
    SHA-512:1C0BCDB48A4D529F7E7D3F79F13DFBC364DD3D586336CBA90887022A6C7AAAAAAD1129AA339AF3A2D518D44ED950F9B73540402A31C7CE296697BEC50FB5C4FB
    Malicious:false
    Preview:.... .c........?......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSI6b9d5.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.511206980872271
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xOlQqdNx3H:Qw946cPbiOxDlbYnuRK5bH
    MD5:FBFC5BA37B242F6087D0AA0A061A50C1
    SHA1:1E5CCFACBCC1E1E13D7B4F10E6C0630A7DAE3C79
    SHA-256:FDE7FDCC8BFD0F22D21E2BB358F3D6412434230FA72C19023B0CB0CB161A6CE9
    SHA-512:51CCB0E22BC07BCA7E0D748C02D2776735D7944C48F9B52F35F21B05B02D43FF572C5E3017C79EEDF339907E2D13C2B25A99800532295481147B5C3277203A58
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.9./.1.0./.2.0.2.4. . .1.0.:.3.7.:.0.2. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-29 10-36-55-559.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.376360055978702
    Encrypted:false
    SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
    MD5:1336667A75083BF81E2632FABAA88B67
    SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
    SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
    SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
    Malicious:false
    Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):15111
    Entropy (8bit):5.358745637383151
    Encrypted:false
    SSDEEP:384:vB1ZIItUfp+z84u7P269QDCDd0sPsEvE0aJu57t1b9ENc6s5+JRmvCrsrqjLRH/3:qez
    MD5:B71D822B18D9E2528C3AB60C49236340
    SHA1:3F2CD5C3B2FE278A71D4EC05EEDA1F42BEEA7D28
    SHA-256:B289A31EAFB979EEB675E14B16F7263126D36B7824273B8510E24A40D65DA70D
    SHA-512:4F6AD402A472473156AAD8330E3138FB42F6800ADAD60490C7761CC7882B453DFD9FFF2429DE69CFFA2767D089EF4B3A71CEF32767C076DB77D7DA3691C0DBF2
    Malicious:false
    Preview:SessionID=ee47b380-d942-4cb9-8a54-10c2403cf3ff.1730212615580 Timestamp=2024-10-29T10:36:55:580-0400 ThreadID=3064 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=ee47b380-d942-4cb9-8a54-10c2403cf3ff.1730212615580 Timestamp=2024-10-29T10:36:55:580-0400 ThreadID=3064 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=ee47b380-d942-4cb9-8a54-10c2403cf3ff.1730212615580 Timestamp=2024-10-29T10:36:55:580-0400 ThreadID=3064 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=ee47b380-d942-4cb9-8a54-10c2403cf3ff.1730212615580 Timestamp=2024-10-29T10:36:55:581-0400 ThreadID=3064 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=ee47b380-d942-4cb9-8a54-10c2403cf3ff.1730212615580 Timestamp=2024-10-29T10:36:55:581-0400 ThreadID=3064 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.404783507502839
    Encrypted:false
    SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbh:Yo
    MD5:A2B3C324730AE494FA613A2D218555B6
    SHA1:C6372B4027673E188FF3C425424BA1315E39675E
    SHA-256:7FA44AE2BE51AF12478A1E40992BDA65CFBF5B6923BA5FAD099315DD524A3ED9
    SHA-512:4A5948109B1C66DD7261F625280649380D2504EE9850B7890CADCD79AB2A9AEDE923E00DD45AA1D01931E36A5076C40D348B7F279D9BD90B550C6AEEA5A1DB35
    Malicious:false
    Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\0ada6ff0-ee22-420b-aa1c-d418f89062af.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/xTwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JTwZG/WLxYGZN3mlind9i4ufFXpAXkru
    MD5:62F2E9F22B4021BA764763F066157442
    SHA1:0BBCDDCCA2B7342980503F1522E9249B077DED4C
    SHA-256:747B773557070E01063EDCDF20C3DA8DD01599EF5EE5E5320BA7328DFDB2E721
    SHA-512:0D58BA35B2BBE548612357D9252FD87DDDC939B346DC666778CCE2C44E60F4A58434A42FDA5BDC7DF9552999D29ACD35E2F77FC5BD3D423B336F224D157F00A6
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\45fc13ec-779a-467b-8b7c-ee704d3fd05d.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    C:\Users\user\AppData\Local\Temp\acrocef_low\c2954044-de4a-4439-9ae5-96307e00212e.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    C:\Users\user\AppData\Local\Temp\acrocef_low\d5d0e173-536f-4918-97cc-0868a694ba67.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
    MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
    SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
    SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
    SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    Static File Info

    General

    File type:PDF document, version 2.0, 1 pages
    Entropy (8bit):7.948765376288248
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:example@email.com.pdf
    File size:38'577 bytes
    MD5:4cbefad8b132c8db189dbf857ac5298d
    SHA1:6aeb30d1e57e6eba7d059b1806f96a0403902a9a
    SHA256:ea6e8fc39aa5a5ca48802a06ce26cc41fedd60f10586df320623ee2d1467d0eb
    SHA512:2a957e3a37037b6e804bce3b548a4b90bde30db6f6951c0f1830b8bae2a354f56925d2470eb0a9f2c601a13fee404307e5023861fa9603405b9a7774f967a6bc
    SSDEEP:768:CiyvCVgncP4+gppVdCiEg6VzquM5rxZuYkRrSgKvuMiPhVS:WvXcP4dndAxqu6upRsvXia
    TLSH:7F03E1C5DF28B53C8C02CE1B972456D4DDBA51AA22132C2B306C6FD678C8C97AF79431
    File Content Preview:%PDF-2.0.%.....1 0 obj.<<./Filter /Standard./V 2./Length 128./R 3./O <09BB0B88F5EEB18F87B82246A416C481A0877462A4CB401676F49569404C7A0A>./U <248FEE1ABD64C37E613D2C471A833AB528BF4E5E4E758A4164004E56FFFA0108>./P -4.>>.endobj.6 0 obj.<<./ca 1./BM /Normal.>>.e

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-2.0
    Total Entropy:7.948765
    Total Bytes:38577
    Stream Entropy:7.993699
    Stream Bytes:34474
    Entropy outside Streams:5.342104
    Bytes outside Streams:4103
    Number of EOF found:1
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj23
    endobj23
    stream11
    endstream11
    xref0
    trailer0
    startxref1
    /Page1
    /Encrypt1
    /ObjStm1
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Network Behavior

    Network Port Distribution

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Oct 29, 2024 15:37:06.550393105 CET5160653192.168.2.51.1.1.1
    Oct 29, 2024 15:37:18.926623106 CET5998153192.168.2.51.1.1.1
    Oct 29, 2024 15:37:32.239057064 CET6165653192.168.2.51.1.1.1

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Oct 29, 2024 15:37:06.550393105 CET192.168.2.51.1.1.10xd8b1Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
    Oct 29, 2024 15:37:18.926623106 CET192.168.2.51.1.1.10x6a6Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
    Oct 29, 2024 15:37:32.239057064 CET192.168.2.51.1.1.10x62f8Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Oct 29, 2024 15:37:06.560281038 CET1.1.1.1192.168.2.50xd8b1No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
    Oct 29, 2024 15:37:18.936548948 CET1.1.1.1192.168.2.50x6a6No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
    Oct 29, 2024 15:37:32.250997066 CET1.1.1.1192.168.2.50x62f8No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:10:36:52
    Start date:29/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\example@email.com.pdf"
    Imagebase:0x7ff686a00000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    General

    Target ID:2
    Start time:10:36:55
    Start date:29/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff6413e0000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    General

    Target ID:4
    Start time:10:36:55
    Start date:29/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1676,i,15610711063450441042,6409612462774580190,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff6413e0000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Disassembly

    No disassembly