Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
87003962_317456885_12-APR-24_361171175001.PDF

Overview

General Information

Sample name:87003962_317456885_12-APR-24_361171175001.PDF
Analysis ID:1428854
MD5:aa4cd0f8e9356c607ff80dae416db7ff
SHA1:6335fe701b586124361287a1327382ffb5a242de
SHA256:01a2879a23b49e3a68c182d20726ec7944b160ab377f15fc336ba2da3d5ce176

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 7060 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\87003962_317456885_12-APR-24_361171175001.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6328 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6156 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2156 --field-trial-handle=1568,i,14145993654298625133,17833504530766648335,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 184.25.164.138:443
Source: global trafficTCP traffic: 184.25.164.138:443 -> 192.168.2.16:49709
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: classification engineClassification label: clean1.winPDF@17/19@0/43
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 18-02-49-436.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\87003962_317456885_12-APR-24_361171175001.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2156 --field-trial-handle=1568,i,14145993654298625133,17833504530766648335,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding DE61680B44F398C7C0B5F5CB15DB05EF
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2156 --field-trial-handle=1568,i,14145993654298625133,17833504530766648335,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 87003962_317456885_12-APR-24_361171175001.PDFInitial sample: PDF keyword /JS count = 0
Source: 87003962_317456885_12-APR-24_361171175001.PDFInitial sample: PDF keyword /JavaScript count = 0
Source: 87003962_317456885_12-APR-24_361171175001.PDFInitial sample: PDF keyword /Page count = 56
Source: 87003962_317456885_12-APR-24_361171175001.PDFInitial sample: PDF keyword stream count = 115
Source: 87003962_317456885_12-APR-24_361171175001.PDFInitial sample: PDF keyword /EmbeddedFile count = 0
Source: 87003962_317456885_12-APR-24_361171175001.PDFInitial sample: PDF keyword endstream count = 115
Source: 87003962_317456885_12-APR-24_361171175001.PDFInitial sample: PDF keyword obj count = 181
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
184.25.164.138
unknownUnited States
9498BBIL-APBHARTIAirtelLtdINfalse
23.54.200.159
unknownUnited States
16625AKAMAI-ASUSfalse
107.22.247.231
unknownUnited States
14618AMAZON-AESUSfalse
172.64.41.3
unknownUnited States
13335CLOUDFLARENETUSfalse

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1428854
Start date and time:2024-04-19 18:02:15 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:17
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
Analysis Mode:stream
Analysis stop reason:Timeout
Sample name:87003962_317456885_12-APR-24_361171175001.PDF
Detection:CLEAN
Classification:clean1.winPDF@17/19@0/43
Cookbook Comments:
  • Found application associated with file extension: .PDF

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe
  • Excluded IPs from analysis (whitelisted): 23.54.200.159
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
  • Not all processes where analyzed, report is missing behavior information
  • VT rate limit hit for: 87003962_317456885_12-APR-24_361171175001.PDF

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):290
Entropy (8bit):5.2473015012962145
Encrypted:false
SSDEEP:
MD5:C38C4773BBB9B0FE8ED7AE111DB588D3
SHA1:522DFD52A721D32E9FE4C4C4DC61C848F31043EE
SHA-256:7EB2D08E7708EBA245D086F3B5F5389F93B2FFBDECDB88286D633804B80E2A77
SHA-512:2C96D78106B1F2AD302B6029A74D23D38236F374165EF71FA7FC30FA0C8439F416D6BE3FDC4E28B4551A87CDA1BAD2A3A4149416C709F52F49AD26001030E66D
Malicious:false
Reputation:unknown
Preview:2024/04/19-18:02:47.862 1638 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/19-18:02:47.863 1638 Recovering log #3.2024/04/19-18:02:47.863 1638 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):331
Entropy (8bit):5.209851539897441
Encrypted:false
SSDEEP:
MD5:F8C58583DA0F7070A7A6DBA900544D17
SHA1:80B92C6667B248A8F7B643CB2B5F001E6CEC7C23
SHA-256:8D09025DD1803CD05A8CA841D25C7642A16F45A39967C029D59118DC18305362
SHA-512:E3ACE20F6D6A3A56763576D03A65A783AC676DCCB775F11BE312E5E7E9A6B139C9DC0B81DCAA3D02381CD0E58305317BD3565DE6AEEF05B378F8B18C60E7B1E3
Malicious:false
Reputation:unknown
Preview:2024/04/19-18:02:47.755 43c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/19-18:02:47.758 43c Recovering log #3.2024/04/19-18:02:47.759 43c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\6511ce01-6c71-4b23-b72b-7f931537f664.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):403
Entropy (8bit):4.953858338552356
Encrypted:false
SSDEEP:
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\753d7db3-3018-4277-b686-7b979a6e06d1.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):403
Entropy (8bit):4.991808789254847
Encrypted:false
SSDEEP:
MD5:25CFC87559B0562AF402A067BFB9945E
SHA1:DD912E81C6333750AD53AD0909EEFA99C18493A6
SHA-256:160B86887613CC27A959E71B7EEAAB92BC252D1A1C19A6D6E4075CCAC348585B
SHA-512:5C9D12B7C1386323311F6BE3DE47B8AFE1045598217529859EFE8A4055C5975996EDB5B0DDEF3CEB804D988CDB91B93F22D0765E3ABBC327458F5F322C8788E7
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358102579199409","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":106554},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF46f1fc.TMP (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):0
Entropy (8bit):0.0
Encrypted:false
SSDEEP:
MD5:4C313FE514B5F4E7E89329630909F8DC
SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:false
Reputation:unknown
Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):4099
Entropy (8bit):5.231640472778348
Encrypted:false
SSDEEP:
MD5:94ED742C0E720B9680456F4C1065D938
SHA1:EC01890AAB0A604791421FB1FBED3ADE19FA9C9B
SHA-256:68BAFFF64A75D26FC666427F51B47B243FEED03783145BE04DAE23E5A1EFD82A
SHA-512:1FAF6E68A4313C71420EEACD6F95F8BC5F959D1D3F0A6AA4051288F1FC32FB16B087C386EC4DD2C22EAB189AD7EBA8D4A2450FEE2D07A00978BA47D14E469244
Malicious:false
Reputation:unknown
Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):319
Entropy (8bit):5.193299089180035
Encrypted:false
SSDEEP:
MD5:36A543F53AF88DBE9A93A51FCD0F97A8
SHA1:9770CE9D7B003E073DEC91C6CF709351D37E73BC
SHA-256:61D8712A2CFA9B2A59249CD65EF565C098F2C0E322AE272269A7C45F52533615
SHA-512:ABAFB05BE9B16C5D435348134AC99822E8FFECDCB9677D09C5BB114357631F9D7F0EE317CB86D122175498AE01B311046678497524F74731B6A734F4F9345077
Malicious:false
Reputation:unknown
Preview:2024/04/19-18:02:47.905 43c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/19-18:02:47.907 43c Recovering log #3.2024/04/19-18:02:47.909 43c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:dropped
Size (bytes):57344
Entropy (8bit):3.291927920232006
Encrypted:false
SSDEEP:
MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):16928
Entropy (8bit):1.2160291275063095
Encrypted:false
SSDEEP:
MD5:F56DDCBF8A49786539B8E0C9802D8DA6
SHA1:AE15DC8852474AE78D5648C5607E6BC86515353F
SHA-256:FBEF7CD173F7E022D74AB61DD9F4273DCF29AF6E941823F9C4C184792A1A2BF8
SHA-512:7FBE6EA593F0C9519D1AB3D16D9588A1F9228BAC097900249C104AB70C3D89807D2DE4CCA488F29554CD39E4D727255372C1FBAEA5387B48A6B14EFD2FD1C43B
Malicious:false
Reputation:unknown
Preview:.... .c.....z...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Reputation:unknown
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2814
Entropy (8bit):5.140208431460936
Encrypted:false
SSDEEP:
MD5:00543D7CEC7C2054A1FDBA37214D099B
SHA1:B82D14C27A014D95FA86D6DF55C30BB5B5C2B7BE
SHA-256:FB4D89DB2C870A98BA0430434F63654869B0FD8485701BBCFBBADFA8E69B5007
SHA-512:34A7C24187B9A3FDAB3097FA7DF37F20A65E3790CA18B39010DE7E81345A2C1F728552A5FA12866A55BE4BA42CCDB13962D050E24018FE9831E693C2BFFAA4FD
Malicious:false
Reputation:unknown
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"fb672c15ebf91428f65166e738d36320","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713542571000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a80f299de9e2818daeadf95e26e6a587","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713542571000},{"id":"Edit_InApp_Aug2020","info":{"dg":"9937809fbec41a919c5900fc59049e12","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713542571000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"0efa9aab968d5711c941b8a85a7eb635","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713542571000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"4b6ec35bd00880146a8a4eef1c142b59","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713542571000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"800c9f5bbd6c96a671458c44617a81e2","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713542571000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:dropped
Size (bytes):12288
Entropy (8bit):0.9891329221162634
Encrypted:false
SSDEEP:
MD5:102CAA76C4F1A9CF0943EB7A67CB0E0F
SHA1:1D1BB30CBA96B3191334BA123C041527A639E42D
SHA-256:069423EDADA650391AF3FBC10D30A558371B490022F87474561C76A00C5CDBA9
SHA-512:D091A4B4129F55BA5693E3F0643BA3C84856C8999B1DFD6D7C045EB84D3D255042E3936ECA14E1BF1ED49BD18514E2CF967C039227DC7F21EF257BBA1AE94CF5
Malicious:false
Reputation:unknown
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.3452936134471505
Encrypted:false
SSDEEP:
MD5:184CB9BB0977B07E22695DEA8D5E2EA6
SHA1:4F02E952FB29B391AA754C042431B2A1C5FD5E32
SHA-256:62173EDB784D861040F75FA40127DF83FD6D002B76F97842EF95795951921012
SHA-512:2FDCA818CC429423E6AD5AB2199F64B65239D37A0DD06BB66E78CEC45A8B0C8A962313A72AC7C2108D1C9364B7B9B97766874C851914C12EC56DFF76514BBF82
Malicious:false
Reputation:unknown
Preview:.... .c.....B..G......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI5e57e.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.5278731006694652
Encrypted:false
SSDEEP:
MD5:68BC8CB2AEA0261AE341470DED0A644B
SHA1:11866F79F88025A50F2367220F1B571678B7CEDA
SHA-256:9851BAC224EBAB95B326F3DA1600C590FA7C1CCE414D91F6F357B7F0C9DAD250
SHA-512:2BA766AC4FE5175C0126FF18BEF98A2B1B3A32A0CF6FB930E261BB1D28B9D1BCD680DCBC5F2AB6DDA2D7CD034220E318062DB6ADE332F44CF4A51483032EF476
Malicious:false
Reputation:unknown
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.0.4./.2.0.2.4. . .1.8.:.0.2.:.5.4. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 18-02-49-436.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.353642815103214
Encrypted:false
SSDEEP:
MD5:91F06491552FC977E9E8AF47786EE7C1
SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:false
Reputation:unknown
Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29752
Entropy (8bit):5.421941949491684
Encrypted:false
SSDEEP:
MD5:4A87906220088474BD6F49643326FB32
SHA1:F8CBB4693D2A4CB6E3D201FD88E6A3F38E2DDB89
SHA-256:0CB2AB2ABC5DC8EFD188DFD301F51C375A93BF6996644466F35B9AF72BD6CBA8
SHA-512:8482510D0F33E5F5E8EEE32EE04467CBB714DF9F0E6A08C493A36F68858491C80F369D4E29A64309A29D77B498011137AC1659C4F12512E6D3CC67B49A10495F
Malicious:false
Reputation:unknown
Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\84a8bbcc-1276-4e27-8273-91e84742df36.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:
MD5:408F8BA5ED5014C1E10FA19D75C944A6
SHA1:87595F69D692B4D785AAFAD71394426879C7980F
SHA-256:FFFE47EBC7E157F63F4BE40AC0B2DCD73A5DCDF57B9D03FEA3EB99212A7EC16F
SHA-512:01B286CA276C6B4302AC6ABA30466CE2048F6AC7FA5ACD7DCA375541C91339CEE94377B783A3A7710D10C315CA062CAE79DD2A073406D1C3C76AC4787DA5A793
Malicious:false
Reputation:unknown
Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

C:\Users\user\AppData\Local\Temp\acrocef_low\b465d672-9f0e-472e-8920-2d17833bafa3.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:
MD5:5C48B0AD2FEF800949466AE872E1F1E2
SHA1:337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:false
Reputation:unknown
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\c28ad43f-1f99-4f99-8454-15bdea7cdb8f.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Reputation:unknown
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\c28fbcb4-51a6-49be-b776-774e5b461076.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:dropped
Size (bytes):1419751
Entropy (8bit):7.976496077007677
Encrypted:false
SSDEEP:
MD5:1A39CAAE4C5F8AD2A98F0756FFCBA562
SHA1:279F2B503A0B10E257674D31532B01EA7DE0473F
SHA-256:57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95
SHA-512:73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99
Malicious:false
Reputation:unknown
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

Static File Info

General

File type:PDF document, version 1.4, 56 pages
Entropy (8bit):7.899164848999299
TrID:
  • Adobe Portable Document Format (5005/1) 100.00%
File name:87003962_317456885_12-APR-24_361171175001.PDF
File size:215'061 bytes
MD5:aa4cd0f8e9356c607ff80dae416db7ff
SHA1:6335fe701b586124361287a1327382ffb5a242de
SHA256:01a2879a23b49e3a68c182d20726ec7944b160ab377f15fc336ba2da3d5ce176
SHA512:efd67895037ed930cdc0dc443831ccaffe1a9c5983b629b54b367032160f2844a039f5096e8769f2cb2052abc6a29cd77f37a362a7d97f60e8567e08a7b1c8bc
SSDEEP:6144:T1NefpxEdK13T4V1s5YKfQdPLiy3YemvtDgMD:x4MdK13MV1s2KfKGQYecDdD
TLSH:5A24C021E90F4CFCD0049B927F7A20F79D9FB182B1D8B5913478C197C2C8E959C2BA66
File Content Preview:%PDF-1.4..5 0 obj..<<../Type /XObject../Subtype /Image../Filter /FlateDecode../Length 23004../Width 572../Height 169../BitsPerComponent 8../ColorSpace /DeviceRGB..>>..stream..x..].XTG.....Q..I.....$.K....ea...H...)"......b..;bW.!....H........JY....:.3!...

File Icon

Icon Hash:62cc8caeb29e8ae0

Static PDF Info

General

Header:%PDF-1.4
Total Entropy:7.899165
Total Bytes:215061
Stream Entropy:7.991930
Stream Bytes:187512
Entropy outside Streams:4.998720
Bytes outside Streams:27549
Number of EOF found:1
Bytes after EOF:

Keywords Statistics

NameCount
obj181
endobj181
stream115
endstream115
xref1
trailer1
startxref1
/Page56
/Encrypt0
/ObjStm0
/URI0
/JS0
/JavaScript0
/AA0
/OpenAction0
/AcroForm0
/JBIG2Decode0
/RichMedia0
/Launch0
/EmbeddedFile0

Image Streams

IDDHASHMD5Preview
5105d4d2e5f4d0975f63e8161c1e08b8a9a1ce481eae44d81