Edit tour

Windows Analysis Report
FAXOC_03019_99091_02052521.pdf

Overview

General Information

Sample name:	FAXOC_03019_99091_02052521.pdf
Analysis ID:	1436917
MD5:	dfd293aa1d8895a61e95ee58954292a3
SHA1:	7467896aa9d95aad320c7531a4c14ceed0af0d5c
SHA256:	0954754f22379a4e2d6056687f39245023a1952a96c01b60390d62a3bad069fc
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6864 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\FAXOC_03019_99091_02052521.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7088 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7212 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1628,i,14454788536606698426,12340969754925004264,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://www.dulcesol.es" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7648 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1972,i,1686703969579029826,10444418147438048298,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 104.110.176.109:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.110.176.109:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49761 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 15.197.142.173 15.197.142.173
Source: Joe Sandbox View	IP Address: 15.197.142.173 15.197.142.173
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.61.58
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.61.58
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.61.58
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.61.58
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.61.58
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.61.58
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.61.58
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.61.58
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.61.58
Source: unknown	TCP traffic detected without corresponding DNS query: 96.17.61.58
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1rGhLGvLoLp5ZLL&MD=c2ZmrCt4 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1rGhLGvLoLp5ZLL&MD=c2ZmrCt4 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.dulcesol.esConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.dulcesol.es
Source: global traffic	DNS traffic detected: DNS query: dulcesol.es
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: FAXOC_03019_99091_02052521.pdf

String found in binary or memory: http://www.dulcesol.es)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 104.110.176.109:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.110.176.109:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49761 version: TLS 1.2

Source: classification engine

Classification label: clean1.winPDF@44/43@6/6

Source: FAXOC_03019_99091_02052521.pdf

Initial sample: http://www.dulcesol.es

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7120

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-06 18-45-49-456.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\FAXOC_03019_99091_02052521.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1628,i,14454788536606698426,12340969754925004264,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://www.dulcesol.es"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1972,i,1686703969579029826,10444418147438048298,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1628,i,14454788536606698426,12340969754925004264,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1972,i,1686703969579029826,10444418147438048298,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: FAXOC_03019_99091_02052521.pdf	Initial sample: PDF keyword /JS count = 0
Source: FAXOC_03019_99091_02052521.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: FAXOC_03019_99091_02052521.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
dulcesol.es	0%	Virustotal		Browse
www.dulcesol.es	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.dulcesol.es)	0%	Avira URL Cloud	safe
http://www.dulcesol.es/	0%	Avira URL Cloud	safe
http://www.dulcesol.es/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
dulcesol.es	15.197.142.173	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.64.196	true	false		high
www.dulcesol.es	unknown	unknown	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.dulcesol.es/	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.dulcesol.es)	FAXOC_03019_99091_02052521.pdf	false	Avira URL Cloud: safe	low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
15.197.142.173	dulcesol.es	United States	7430	TANDEMUS	false
96.17.61.58	unknown	United States	16625	AKAMAI-ASUS	false
142.250.64.196	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1436917
Start date and time:	2024-05-06 18:44:52 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 32s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	FAXOC_03019_99091_02052521.pdf
Detection:	CLEAN
Classification:	clean1.winPDF@44/43@6/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 104.110.176.137, 107.22.247.231, 18.207.85.246, 34.193.227.236, 54.144.73.197, 23.219.155.165, 23.219.155.148, 172.64.41.3, 162.159.61.3, 162.222.107.18, 192.229.211.108, 192.178.50.35, 142.250.98.84, 192.178.50.46, 34.104.35.123, 142.250.64.170, 172.217.165.202, 142.250.217.234, 142.250.217.202, 142.250.217.170, 192.178.50.42, 172.217.3.74, 142.250.64.234, 142.250.189.138, 192.178.50.74, 23.219.155.137, 142.250.217.195, 23.205.165.20, 23.205.165.13, 142.250.64.131, 142.251.35.238
Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, www.gstatic.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
239.255.255.250	http://links.mail.goodchancehome.com/u/click?_t=227501b6f20642d6aa94b69fe7743ad5&_m=50bccced307e48f68d13d220161848da&_e=nT2YQsbCrvSs-Gxvjuizlqrpy45s5fGISWkelYQb7fxsHfYsCvkGHb8QEEgXO5-KQmfplTH_id2KgTfJoZIarNfB-XI_yPk4MFqP99EhDKngrRCiDtdUEIQ0iYXx9q_Db2jibNdQLVYHEmh1J8-m1WcsFLW9HgUdFsjdBVHnB41BlpBOULw57ulwZV2-X8OtWYb6kVPzV5HguUKfNYt_axZFlCPjUqMGDqNRXhO7pXbo5vqRTa8AERuEUnPpLF28wcElrRMplD7ngqZsHpqyBTLARxak7gk982ZZk2jV6n8CeaqpFXZ1BKVYwtsoy_JehGfOkz2JGV4KSMSjVlSbc_GfzwD8iQ9GwYBlTWmdC6N5I9eJlWXGBA0mNm2pYGpZ	Get hash	malicious	Unknown	Browse
	https://cloudflare-ipfs.com/ipfs/QmbeJwFihP9xoaLPCcVBEcjgssPpVEwniWSzeJNkxGidYf	Get hash	malicious	HTMLPhisher	Browse
	Voicemail Cellnextelecom.html	Get hash	malicious	HTMLPhisher	Browse
	sample1.html	Get hash	malicious	Unknown	Browse
	https://efirehose-net.mutawakkil.com/	Get hash	malicious	HTMLPhisher	Browse
	http://195.242.110.135	Get hash	malicious	Unknown	Browse
	RDF842l.html	Get hash	malicious	Unknown	Browse
	https://docfilsxviews.webflow.io/	Get hash	malicious	Unknown	Browse
	https://btrnd-my.sharepoint.com/:b:/g/personal/teresa_masters_buildertrend_com/EZ-4ms-kiehHqABvOEa2vA8B0WwxJCjEbsEckD0s_KS2dA?e=4%3a6k2mfE&at=9	Get hash	malicious	HTMLPhisher	Browse
	http://www.zoopro.fr	Get hash	malicious	Unknown	Browse
15.197.142.173	http://www.multipli.com.au	Get hash	malicious	Unknown	Browse	www.multipli.com.au/
	LF2024022.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.hynasty.com/jn17/?Yxl0T=CPqtRfop&AjFxkn=4Z4u4b/qbn8Cou130t2H8xJ/sJoxTKoGByavsKrQBINpDrKHw6qvpsqL/DJvGOId8VRk
	JJUmnnkIxSCyKik.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.3051harborview.com/be03/?rTBtDp=suXbCTXU92ovHdaIXb7R9YYK1IkwIgSOp0dXqB8UbR93uWifCA/K/xk40N7Mr35M0Xbq&N2MtQP=A0D4vjHhyTdpNr2p
	http://www.creativeconcretend.com/	Get hash	malicious	Unknown	Browse	www.creativeconcretend.com/
	http://FrontierDermatology.com	Get hash	malicious	Unknown	Browse	frontierdermatology.com/favicon.ico
	Inquiry Second Reminder.exe	Get hash	malicious	FormBook	Browse	www.quickfinancebrokerage.com/dz25/?9rz0r6F8=CoMy9fI8EEZFQk9jtt/Un0HLWQ4rszorgc8lEDg7Ran8sXpCUnFPgm6FbRN/YzK+x3/l&RP=7nHTxl6
	4V457bAGOD.exe	Get hash	malicious	FormBook	Browse	www.rutgersorthopedics.com/kh11/?iBZ0=2dwhbDAPrRNxsv5&pFN4PFR=Iip38xbzW4Vl0cZT3E/lr35AfwmEn4iBqZL8fJqzX17FY9279t6Q8c1Vq7Nq0goNBlRrayBJwA==
	bnY2j1hTDlb4vxF.exe	Get hash	malicious	FormBook	Browse	www.maxhealthunity.com/ns03/?PpHd=6xy0BlzpHoW5nGBYZh1w9NwziEOpwYF/YRUtVwNXcka1y+WP4+BwE4Gzjf3uJ3TZNmsu&5jRh=8pz4F2e0
	BjPoJrAfGLAxsAS.exe	Get hash	malicious	FormBook	Browse	www.maxhealthunity.com/ns03/?P2J=6xy0BlydHITJ62csFR1w9NwziEOpwYF/YRUtVwNXcka1y+WP4+BwE4GzjcbtVHfhAHR4zS/1ug==&KvClV=Abf830Op1j0d5X80
	duGqHKp0OUXaX1D.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.maxhealthunity.com/ns03/?9rQhA=J48H&Mli=6xy0BlydHITJ62csFR1w9NwziEOpwYF/YRUtVwNXcka1y+WP4+BwE4Gzjf3LSGjZNmwj
96.17.61.58	#U00d6deme makbuzu ektedir.docx.doc	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	https://docfilsxviews.webflow.io/	Get hash	malicious	Unknown	Browse	23.61.53.95
	Gj8P0mbklo.exe	Get hash	malicious	Arc Stealer	Browse	23.61.62.148
	onxLpsxpVP.exe	Get hash	malicious	Arc Stealer	Browse	23.61.62.148
	#U00d6deme makbuzu ektedir.docx.doc	Get hash	malicious	Unknown	Browse	96.17.61.58
	powershell.exe	Get hash	malicious	Unknown	Browse	23.193.120.112
	pDWZMd3100.elf	Get hash	malicious	Mirai, Gafgyt	Browse	23.40.23.231
	bot.arm6.elf	Get hash	malicious	Mirai	Browse	96.16.159.21
	https://www.steamvr.com/de/	Get hash	malicious	Unknown	Browse	23.50.124.114
	https://steamcommunitlu.com/	Get hash	malicious	Unknown	Browse	23.50.124.114
	BS4GDarWw6.exe	Get hash	malicious	Vidar	Browse	23.66.133.162
TANDEMUS	PAYROLL.doc	Get hash	malicious	FormBook	Browse	15.197.130.221
	https://wywljs.com/	Get hash	malicious	Unknown	Browse	15.197.193.217
	https://www.multipli.com.au	Get hash	malicious	Unknown	Browse	15.197.142.173
	http://www.multipli.com.au	Get hash	malicious	Unknown	Browse	15.197.142.173
	https://icobath.filecloudonline.com/url/axbhz4sjfzebth22?shareto=finance@loans.company.com	Get hash	malicious	Unknown	Browse	15.197.143.135
	https://wywljs.com/	Get hash	malicious	Unknown	Browse	15.197.193.217
	http://goofle.com	Get hash	malicious	Unknown	Browse	15.197.224.234
	file.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	15.197.130.221
	https://zieonlineshop.com/	Get hash	malicious	Unknown	Browse	15.197.193.217
	https://pick-2-light.com/	Get hash	malicious	Unknown	Browse	15.197.193.217

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://cloudflare-ipfs.com/ipfs/QmbeJwFihP9xoaLPCcVBEcjgssPpVEwniWSzeJNkxGidYf	Get hash	malicious	HTMLPhisher	Browse	104.110.176.109 20.12.23.50
	Voicemail Cellnextelecom.html	Get hash	malicious	HTMLPhisher	Browse	104.110.176.109 20.12.23.50
	sample1.html	Get hash	malicious	Unknown	Browse	104.110.176.109 20.12.23.50
	http://195.242.110.135	Get hash	malicious	Unknown	Browse	104.110.176.109 20.12.23.50
	RDF842l.html	Get hash	malicious	Unknown	Browse	104.110.176.109 20.12.23.50
	https://btrnd-my.sharepoint.com/:b:/g/personal/teresa_masters_buildertrend_com/EZ-4ms-kiehHqABvOEa2vA8B0WwxJCjEbsEckD0s_KS2dA?e=4%3a6k2mfE&at=9	Get hash	malicious	HTMLPhisher	Browse	104.110.176.109 20.12.23.50
	Employee Handbook Manual Revised Today - ref#4qe7wFVxJj.htm	Get hash	malicious	Unknown	Browse	104.110.176.109 20.12.23.50
	http://movierr.site.	Get hash	malicious	Unknown	Browse	104.110.176.109 20.12.23.50
	pjadkins wbfosson.com shared _Indirect Solutions LLC_ with you.eml	Get hash	malicious	HTMLPhisher	Browse	104.110.176.109 20.12.23.50
	FW_ New PO Acknowledgement From The Vankam Freightways.eml	Get hash	malicious	HTMLPhisher	Browse	104.110.176.109 20.12.23.50

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.251021122479032
Encrypted:	false
SSDEEP:	6:Deaq2Pwkn2nKuAl9OmbnIFUt86i+XZmw+6i+FkwOwkn2nKuAl9OmbjLJ:DVvYfHAahFUt86i+X/+6i+F5JfHAaSJ
MD5:	D69815426CD99796CDAA734E3C020FBC
SHA1:	3C84323F3DE431591D4A690A5F2C990BE3FF3479
SHA-256:	675AA6CE291E9C80B2F69B92772493EE31AF90847E1CC67CF6B231FF243A7EF0
SHA-512:	328E7A614285AF074881835D1A08856082476D86D5C29528C0252A525AE011B3698321653915E9B7E66B5CF9DD63393BC80EE790702C76DC240FE816251BCEF5
Malicious:	false
Reputation:	low
Preview:	2024/05/06-18:45:47.142 19e0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/06-18:45:47.143 19e0 Recovering log #3.2024/05/06-18:45:47.143 19e0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.251021122479032
Encrypted:	false
SSDEEP:	6:Deaq2Pwkn2nKuAl9OmbnIFUt86i+XZmw+6i+FkwOwkn2nKuAl9OmbjLJ:DVvYfHAahFUt86i+X/+6i+F5JfHAaSJ
MD5:	D69815426CD99796CDAA734E3C020FBC
SHA1:	3C84323F3DE431591D4A690A5F2C990BE3FF3479
SHA-256:	675AA6CE291E9C80B2F69B92772493EE31AF90847E1CC67CF6B231FF243A7EF0
SHA-512:	328E7A614285AF074881835D1A08856082476D86D5C29528C0252A525AE011B3698321653915E9B7E66B5CF9DD63393BC80EE790702C76DC240FE816251BCEF5
Malicious:	false
Reputation:	low
Preview:	2024/05/06-18:45:47.142 19e0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/05/06-18:45:47.143 19e0 Recovering log #3.2024/05/06-18:45:47.143 19e0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.211952461422486
Encrypted:	false
SSDEEP:	6:DVFqM+q2Pwkn2nKuAl9Ombzo2jMGIFUt861Zmw+66ulMVkwOwkn2nKuAl9Ombzos:DP+vYfHAa8uFUt861/+6bWV5JfHAa8RJ
MD5:	5D64F6963E459A070B42C454A1557112
SHA1:	396DE1483AC8AAB89D934F089BF765B22AB32E3B
SHA-256:	CAD9134670349EF21A107F7EE11238C389524A8A7E790081628FCF7E0C735456
SHA-512:	6F49D52E3D74D788D9BD29A017566EB22B76695261275769A8BC45FD50BF282BC5CAF13C2500E2A39B3B591145DA67D1625DBFC39EC2740498A16D53592916B0
Malicious:	false
Reputation:	low
Preview:	2024/05/06-18:45:47.298 1cac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/06-18:45:47.300 1cac Recovering log #3.2024/05/06-18:45:47.301 1cac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.211952461422486
Encrypted:	false
SSDEEP:	6:DVFqM+q2Pwkn2nKuAl9Ombzo2jMGIFUt861Zmw+66ulMVkwOwkn2nKuAl9Ombzos:DP+vYfHAa8uFUt861/+6bWV5JfHAa8RJ
MD5:	5D64F6963E459A070B42C454A1557112
SHA1:	396DE1483AC8AAB89D934F089BF765B22AB32E3B
SHA-256:	CAD9134670349EF21A107F7EE11238C389524A8A7E790081628FCF7E0C735456
SHA-512:	6F49D52E3D74D788D9BD29A017566EB22B76695261275769A8BC45FD50BF282BC5CAF13C2500E2A39B3B591145DA67D1625DBFC39EC2740498A16D53592916B0
Malicious:	false
Reputation:	low
Preview:	2024/05/06-18:45:47.298 1cac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/05/06-18:45:47.300 1cac Recovering log #3.2024/05/06-18:45:47.301 1cac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7ddc6c95-b97e-459a-b526-e47205f963a8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.963716805413449
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZcEfHksBdOg2HcZcaq3QYiubInP7E4T3y:Y2sRdsadMHd3QYhbG7nby
MD5:	9EC0FE2C65E870E7013F09F525630608
SHA1:	802E373072F81A3CA423E3E98ECB21B601ECA347
SHA-256:	4FC997CFD684F2AA72A01B05D339932CDFA147A4D7C87895AAA4AFBFAB9FABBA
SHA-512:	19AD9E154AF95E0C5226AD21487074CE5B17D83671257E0AFA78C9B41DA9EC8AA008CBA75A96262D389457A9F528CBC08EA4DC9A9DD0A76852EFA4D65EE8C8FF
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13359573959093443","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":112150},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.963716805413449
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZcEfHksBdOg2HcZcaq3QYiubInP7E4T3y:Y2sRdsadMHd3QYhbG7nby
MD5:	9EC0FE2C65E870E7013F09F525630608
SHA1:	802E373072F81A3CA423E3E98ECB21B601ECA347
SHA-256:	4FC997CFD684F2AA72A01B05D339932CDFA147A4D7C87895AAA4AFBFAB9FABBA
SHA-512:	19AD9E154AF95E0C5226AD21487074CE5B17D83671257E0AFA78C9B41DA9EC8AA008CBA75A96262D389457A9F528CBC08EA4DC9A9DD0A76852EFA4D65EE8C8FF
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13359573959093443","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":112150},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.258597208783717
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7wC91/bMrC9GT/Z:etJCV4FiN/jTN/2r8Mta02fEhgO73gos
MD5:	24D0A0BEB9F777E0377F35D9724CD476
SHA1:	EA53BA45BA555C58C49CD90EC60CFF1D83D5F63D
SHA-256:	C34CC14352D5A38F35008573C4D1A8C27617E5F76E34069E5AE4EB9E63C22D3D
SHA-512:	D02903553D4F027402625BC93DF471F99A6C29B0A6CA52023C6E7ED1FDA816C9C4E5C5FAEA35AF2801BA05430D48C4D901248F418E3F7B1A15FC7D45B8C0902E
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.242081958685227
Encrypted:	false
SSDEEP:	6:DKFqM+q2Pwkn2nKuAl9OmbzNMxIFUt86CFXZmw+6KMVkwOwkn2nKuAl9OmbzNMFd:DKt+vYfHAa8jFUt86C5/+6XV5JfHAa8E
MD5:	8CEBECE6E114A3D45BBF41D16C7603C8
SHA1:	460D593788A65A773052066FF25AE08AF42E7C63
SHA-256:	212AFE61BDF468770353B24C0E42D32DCC821FCB2FEC981AA96711BB40878B73
SHA-512:	E0C081B7361116F7F17628E9F41687BDE59C3DD272C877BC7F50A5EF6814479B9AC72E58204F6A2F965FB0763953EFDA075E367E0B3F6DD1C1AB9A74B3E88D3C
Malicious:	false
Reputation:	low
Preview:	2024/05/06-18:45:47.921 1cac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/06-18:45:47.929 1cac Recovering log #3.2024/05/06-18:45:47.935 1cac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.242081958685227
Encrypted:	false
SSDEEP:	6:DKFqM+q2Pwkn2nKuAl9OmbzNMxIFUt86CFXZmw+6KMVkwOwkn2nKuAl9OmbzNMFd:DKt+vYfHAa8jFUt86C5/+6XV5JfHAa8E
MD5:	8CEBECE6E114A3D45BBF41D16C7603C8
SHA1:	460D593788A65A773052066FF25AE08AF42E7C63
SHA-256:	212AFE61BDF468770353B24C0E42D32DCC821FCB2FEC981AA96711BB40878B73
SHA-512:	E0C081B7361116F7F17628E9F41687BDE59C3DD272C877BC7F50A5EF6814479B9AC72E58204F6A2F965FB0763953EFDA075E367E0B3F6DD1C1AB9A74B3E88D3C
Malicious:	false
Reputation:	low
Preview:	2024/05/06-18:45:47.921 1cac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/05/06-18:45:47.929 1cac Recovering log #3.2024/05/06-18:45:47.935 1cac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240506164551Z-160.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.4263969225994708
Encrypted:	false
SSDEEP:	768:GbuVvHslrVXr0tVxFLySZyvNXZZJwdA0VmPwgBgK7Do2RVgWlhK2W:8S
MD5:	74F545E9F52D1679554CAE516B9F4A8E
SHA1:	F70B275858CB5C4D911EA8C7B410209A28CCDA90
SHA-256:	328A0B696507C7932CFF45AAA2907D283D57A7C6E8EF209FB0C0C4227937BE4F
SHA-512:	AAC29EE51CB512C69FBBC92FADB15E0B2E6B051AE866BFFF5D40E284DCA1D87559EC421EC6795B4FFC0E5012D2A504604C5D884101AEF9498838D13AE28EE73C
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.4454429802653355
Encrypted:	false
SSDEEP:	384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL
MD5:	E905E1733338ECB4133FE4135CF9A69D
SHA1:	36813C3FDDE7022392F49E7251ECFECF531CD58E
SHA-256:	CB6E911122C0874E38E777623AAB6B4A56A5BBE96F778C61BC5BA13B183940B1
SHA-512:	F6ECE253A2EAF6EE5D37C766DCCDFD61575B8B061489CED5B290C42FC7B50C3CD26C7383130615CF8A5DD1A0DD03D3257CCD45BAFD4D0373BEC6C6EB3D3245C9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7774033857618066
Encrypted:	false
SSDEEP:	48:7Mgp/E2ioyVBioy9oWoy1Cwoy1xKOioy1noy1AYoy1Wioy1hioybioyxoy1noy1s:7HpjuBFUXKQocb9IVXEBodRBkp
MD5:	B59C06F1361CADA9DE785A8C3E954BE5
SHA1:	19C51EA5A9A937C73246426EEC93DEDCF5A132E3
SHA-256:	0BB50DAD145EC3AD0128A8DB79D7E0D0BDB2E9A1D26CBB391B85AAA58812674F
SHA-512:	9C293EB054663852700D422967FDBB2000C41EE62EF92128751B3354A99EDE03ACE7D6EB1B8E0EDCD629CE112E835F96646E7BE6CD2CE5C4F6846974D9CC0342
Malicious:	false
Preview:	.... .c..... ..}...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7120

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.347477817444748
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJM3g98kUwPeUkwRe9:YvXKXv9jEZc0v5tOGMbLUkee9
MD5:	CA94D9735FE14AF814F6FF74C614A356
SHA1:	21938D9DCC618101FBB346357438DD0366416B2C
SHA-256:	0E436C07EDF38B01D1D4B22123D476E880C0F2B95016575C66A39B4518078F6D
SHA-512:	DDF85523F232B2BB1A9B9B33D216481476D72605FC59C8BABEE6389ADF866C40A1385112C48A1BC87C3813449074433AABFC2B3372069D498D3B58247DEBFB08
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.295589163207157
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfBoTfXpnrPeUkwRe9:YvXKXv9jEZc0v5tOGWTfXcUkee9
MD5:	CBCF48C6C6B788E3C13BDEA7A8E955A0
SHA1:	1C905967B191476CB7F07B8F1D60071E10F1CC63
SHA-256:	C95F15F26D58C417A0195C8ED48E2F7138C2D598222CBAE6A5CF9DE708DD372D
SHA-512:	6123D7D4F82E5AB4DF0BA7054AB47941B0C555743ACAB5F6CCCEFB7B64F1301FE8F3A73CF4B16587817756D22CD71784B2C6EFCF218766376267BC8106E47E16
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.274410238252755
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfBD2G6UpnrPeUkwRe9:YvXKXv9jEZc0v5tOGR22cUkee9
MD5:	0962BA8DA726352E9B735933A9F2905B
SHA1:	B2437258BC74D3C65E4DC3EF3F761CE47585B72D
SHA-256:	48CE62A898C87E35A8BF3D7B743F4AB31B495390729DEBFD73EFEECFF04E4152
SHA-512:	BBEA2B23B3C45D00B650746326584CAFF28A7010FE13CDCB7055F8CCBC1EB526912F578655ED1E8D874EB8E3C8261B385E2E08FC5E5D3A2C624A08B6AD046EBE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.333930935258419
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfPmwrPeUkwRe9:YvXKXv9jEZc0v5tOGH56Ukee9
MD5:	4B0EADE3D396A7614E4075AA063DB996
SHA1:	42030EC09766A4264506A307F4C14FECBB3E646F
SHA-256:	5364D95FFB041B528A88CB52CD8C437E60F49595445C499D3143559B8C127A2E
SHA-512:	983A7ED03FEEC4EC83F2F369E1DE72813C79F90D46BA0F146E586305302A16B7C4A31F297DED134998B5B1466E8CCB68CE04820761148903E02F8B95710A2447
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.291390079437962
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfJWCtMdPeUkwRe9:YvXKXv9jEZc0v5tOGBS8Ukee9
MD5:	A60B6A299A87905E09263B17151E1699
SHA1:	B7201F1B49CC783D624846EB573760EA0E4B012D
SHA-256:	81C4A324A307BAAC1D659DF89A15CD744456019DCAD029AF1EC5B1300A5E2959
SHA-512:	E1466F869230659642B6BC34BBF7555F61B18E1A8C0C1F894553DEAE5C676631CAF342548F614C3B460C0AE252A830A0055988CA698EF53075189E98BDE9210A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2783607986899055
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJf8dPeUkwRe9:YvXKXv9jEZc0v5tOGU8Ukee9
MD5:	1E57946AE71E00894441F3DF93262016
SHA1:	362168DC08ADDF10F0194DADEA4E42C2484C3D48
SHA-256:	E38C071FD6D098401E8F77102CA152AFD6BE20908B0A00C1B30BAAF9E286596F
SHA-512:	00CD6D38F09A0451FF3AA7260ACD06DB0EA2C63C08BEF2AF1BD8D4F1DA2CE249AD46926939DBA3F0B1009A39CF20E64B62DA6F433036E8A98E52B7CDAF6CA10F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.282499927542389
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfQ1rPeUkwRe9:YvXKXv9jEZc0v5tOGY16Ukee9
MD5:	0E32B82AFB6CD434D67B75525FAA87C3
SHA1:	94D8A398BBC9DF5565197AE9FEAF9DCDB089107F
SHA-256:	66D0E00318AC22EF5B30F948D5FCD10F4B662E27B4E7375C7C6539B074EE8AA3
SHA-512:	ECF693C0419917955A181EF4B4FBC4BAAF5C541A1D5FB05E1C1C05E73D6797C5973291F26CA1781FEA92A6663E17D480377D48FA4A0F626D27755ADB940CAF6C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2876638827473155
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfFldPeUkwRe9:YvXKXv9jEZc0v5tOGz8Ukee9
MD5:	3F9D31F69728FA1BC5588513555961A5
SHA1:	29F221B459F77A18264161992FA25CF627A2FCC6
SHA-256:	29E985F584A1328489F45729F848744A491BE52999201CE8FED292B92606FB27
SHA-512:	6C458A9A1DEE82F8E60CD6E6345A776FD054424C3B767656F6D9E7473AD3DAF6D5396615CDAAC9D665DAABE367E14060720A01C063A1E2F898176412D4B19F62
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.734507054407414
Encrypted:	false
SSDEEP:	24:Yv6Xv+zvzKKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNEu:YvUWeEgigrNt0wSJn+ns8cvFJOu
MD5:	419A523A5C168720FCFBFCF14E900F81
SHA1:	D21B0521347FF55BB7FA2CFA839F74A732BED162
SHA-256:	15841498CDD7D0B5DBC6F0BAC70F4ACCC8873E5A2A3CCC74F00E6D9DA922AF87
SHA-512:	7EDFAF7B3B9657776349F06CD9E2B66219C6F26DB146E1A020D93FC74CE93D774E25877A5A26D5CB98F85964B571C52E476BEDA850C715EE257803C99BDFCB5E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.284374002038652
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfYdPeUkwRe9:YvXKXv9jEZc0v5tOGg8Ukee9
MD5:	3390B1B2F7D14888F7E494B851025F0B
SHA1:	D7C8A257455C15732CF4199B21FF5FE0D386DBBC
SHA-256:	D5426AE17CC7487B3B8375686494F451EC7CBF5B2355322B46F46496BF784324
SHA-512:	A8413E9A60E2CC89F78739AACAB36FC58828540719945FC6DC58AC48F664A1196B5E8F834D7DD95F7B55AE8A11B818B7B3EA3B495EC05B49CF8B7577B8A26D71
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.770836903382114
Encrypted:	false
SSDEEP:	24:Yv6Xv+zvz5rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNcu:YvUWVHgDv3W2aYQfgB5OUupHrQ9FJKu
MD5:	E1FD6DAB44C572A5ADD6268F42B595A3
SHA1:	4D7E53785146E5D5424127508EA707D9E7E12483
SHA-256:	D59D1CD5BF93C19805D05CD08B64466B3166D9BCC2282BFE7A6D5B432972A1CF
SHA-512:	30EC24DA662441E0391C5D30DAEFBDE3C2D89C764058E6C48FB4558040AE2CCE4B991268891F835CD481B910CABB6FB1E17E39FBF2218519BA675828F85CA095
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.268028494887507
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfbPtdPeUkwRe9:YvXKXv9jEZc0v5tOGDV8Ukee9
MD5:	DCCD0EF5A3A35AC20DB01ACD78100F4B
SHA1:	6ED1E9492F496D9C52305C1568BCFCB1DE6E1239
SHA-256:	E6457180E9A1A3F13CBB70582AE85D56E57D2A7F495FEF3D73D8C6C59BBB7BC1
SHA-512:	BCC2E93D9E500BA5D43AEA6E7CE41AFBAC695D857060B2916285235DB2A56C2C043093624DC4583529C1C679D9EFF88EFDC3D527599466B85799047A1DB8B84E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.272759525963817
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJf21rPeUkwRe9:YvXKXv9jEZc0v5tOG+16Ukee9
MD5:	345CABAA655A7E398A4372054E8DDCCD
SHA1:	8473CD7B320FB1FD8F844DCD54C4B49816AF599C
SHA-256:	AB3591E46BD84B6D49DF55528EDBCDA1BA2BBC8CA69F161F169BA468144F3B34
SHA-512:	1152CC27CA31271551C1D5889F945313E3D74FD82B644D3AC3322F0ED4DC1ADC1FC8B5C5168173EDB877ED4D6BEE2B8C2120E01899DB2903C58A9FCC48EE2541
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2914866083219225
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfbpatdPeUkwRe9:YvXKXv9jEZc0v5tOGVat8Ukee9
MD5:	35A9FD1BBB9C1B879FE747EBFE7B87BC
SHA1:	BAC9D0C66AA0F1B4B9FD81A29AB157C358FC5F65
SHA-256:	9DA6E06C5E537E108D2EAFBFD56517C1F7D82F2184638B38BA7971F44919D195
SHA-512:	56DD2AE9C87593C7498FC1ED84F32D15A8296580F5D0BDF02E4443108824CA3E8EE70F53DD15EA491EDFE675B38D49EEA435740C510E04848EA44DE7F7B2B3D1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.248330377388274
Encrypted:	false
SSDEEP:	6:YEQXJ2HXKkFzwq9VoZcg1vRcR0YytxoAvJfshHHrPeUkwRe9:YvXKXv9jEZc0v5tOGUUUkee9
MD5:	6BB37343FA7E02E1783A1BB5E45654ED
SHA1:	1B010FC8447636B757D9850DE63E932ADA2C0071
SHA-256:	793F1FB03A89E63C65A112CC5582578F484D78A397ABC2A4164BC7B09DBC5FC7
SHA-512:	CDBA875DB423937326FD17314EECC000840CE86C1551D42E7C4C0CBADCF38CFE3F5739720865E69A5D23B75BF27DECFB39093335B505CA6EF330B13B815BB280
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.362013240922771
Encrypted:	false
SSDEEP:	12:YvXKXv9jEZc0v5tOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWgu:Yv6Xv+zvzY168CgEXX5kcIfANhru
MD5:	BFC9AD8F9480EF625B4C460F26806B7A
SHA1:	41B31FE3EDEEC70EB6909DEFF07D27D961C05F91
SHA-256:	60B230818F8BBC5EB3332CC30CFD10DC88EB32E4361BDBF2A738C27AEA0C7325
SHA-512:	D30822F483E08F8E41928D7B38225AC7A67E645DFA2077610E05882107ECD47159670188172A91A0979D530DE3012E30168159E2A5A451C91C2C996C4F6060AF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"95aaea46-9943-49d3-917f-c7e3b2e329cd","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1715189527498,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1715013952527}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.125526830804106
Encrypted:	false
SSDEEP:	48:YQSVC6c0pa89mki1q7PeWcDQ+i9BPiSJ7m5TsjO90u3AtIO:BWD5g89mki1qyWcDQfjKSJ6sQ0u3AtIO
MD5:	AD137D7D92800B5DB1C473D899141224
SHA1:	9BAA8DE4708DEC483A3A81F7ECD1E18E43A16D76
SHA-256:	8567322B754163EE635387E7AA773DF0A8BAD0491D7A4648634976FCA5BCE5AE
SHA-512:	1B42CA9A9A4D5350334BDCA8009411640533AD2A6BB10C50A7362AE9FEB25ABE18F0264C5BDB68B789125FEE376898CFF49103F10C7515ECE28932D8A75FD487
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"5dc7cd4b12981545cbea7158b32abd23","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1715013952000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a0b1ba0a595c5a46003d71c50b7fb94a","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1715013952000},{"id":"Edit_InApp_Aug2020","info":{"dg":"70a5b0816d100f662409c55e46aeebce","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1715013952000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"efdd8eb469531621b50d7760d2d4caa0","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1715013952000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"e67532d7fed2bc3989f0848e1a395e06","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1715013952000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"e0e312686ff9d74466a29bb2d7eb43c6","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1715013952000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1881882861379554
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUMSvR9H9vxFGiDIAEkGVvpW:lNVmswUUUUUUUUM+FGSIty
MD5:	3987E756ADFEC6676CD05E282AC6813C
SHA1:	C45A1743F39088415B926BCCA01AF6B12922DA56
SHA-256:	DC6B49B23B70401673DA04E929A0C8E0FA2363374FA066D3DA6D6AEBE87616A4
SHA-512:	73873B6D36CACB04F586780D06CDF22717B5267B1646CC2A4964A2477A65C31AD7EFBB70B30572FBB2A7E8967713B421D6D40D52A36B075608666DCC1603D844
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.607331715051392
Encrypted:	false
SSDEEP:	48:7M0mtKUUUUUUUUUUevR9H9vxFGiDIAEkGVvmqFl2GL7ms1:7VmQUUUUUUUUUUiFGSItcKVms1
MD5:	9AF3A9259359A8344EF11EE52FE83E50
SHA1:	8C6E1EDF8271F616721E6ED2244AAEB93E94CEE6
SHA-256:	12B5825DF358C03F575BF53BD5E827CA9429471AB9D9AF00E16034C2E901AA61
SHA-512:	EFA84190D89073A482D67554AF423C522E3E5C67B5ACA6A33C5784151A5315A28EF4CD4814D21308EC967E76204527BB9C68DB6BDDB363F6570F685EEBE5DE4C
Malicious:	false
Preview:	.... .c.......Vp......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI3f9db.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5329345335875004
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88yFRw:Qw946cPbiOxDlbYnuRK+w
MD5:	794C958A82C1091A40859E22E6E72B4F
SHA1:	10F857DACC9F8C94D1AF26C1D2AE0CBA50CE623D
SHA-256:	61B981DC5EEFEA4506A783C84FAF1E7389A915F7F8A064610343C81A68B0588D
SHA-512:	787CC08F65D17EDEE2A18D144D7391901E18D02CE7C6DBA6752B12994C34F95BB4D1DB3FBFC381DCE86EC1469243C5EB6DD82BE214D6B9E655C910334EAD260A
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.6./.0.5./.2.0.2.4. . .1.8.:.4.5.:.5.5. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-06 18-45-49-456.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.385999451606317
Encrypted:	false
SSDEEP:	384:j1vMqUnsf6AvlmwV41lxfW/rE9/M4cKRmYaMoKqLbdrMPNQAebm3c3Kv+sevIA07:9Sl
MD5:	511477E38E1AF16F4A8C022C047569CA
SHA1:	70ADBA3E81EC0F83DCF494709C75E088FB852E5E
SHA-256:	6AD2D74CB2271E4DE76CA32FB9AABC2C1EECE654F3E8089A9009AEA9D4326C37
SHA-512:	EBA554ED34B6F6189BA354ABFE111A9767BB800567F4428772DBD4057B4D1030AE9AF4A2E4E55265E6523558A7C627105847C4542F1C569A792CE74078C84D58
Malicious:	false
Preview:	SessionID=028c638b-38a4-4a28-97b7-8fce8f426002.1715013949533 Timestamp=2024-05-06T18:45:49:533+0200 ThreadID=7768 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=028c638b-38a4-4a28-97b7-8fce8f426002.1715013949533 Timestamp=2024-05-06T18:45:49:534+0200 ThreadID=7768 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=028c638b-38a4-4a28-97b7-8fce8f426002.1715013949533 Timestamp=2024-05-06T18:45:49:534+0200 ThreadID=7768 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=028c638b-38a4-4a28-97b7-8fce8f426002.1715013949533 Timestamp=2024-05-06T18:45:49:534+0200 ThreadID=7768 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=028c638b-38a4-4a28-97b7-8fce8f426002.1715013949533 Timestamp=2024-05-06T18:45:49:535+0200 ThreadID=7768 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.399007158987435
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2r7:/
MD5:	31D0A4EFA0B763C322836F26B279E629
SHA1:	E231579F418D52B4F11E09C668535A05C6E63086
SHA-256:	BFD723D6B818EDA9F630760D216221798ABA9405CB2D8833BB295ED7956668B1
SHA-512:	6CBFD58F6D95B4F01C73EC4975C945EDDFB62325EA1F59F8D993FA266008AA246968B33B124FC2F23A79ECF708207B35905C58832FE54577BF4394853C001A24
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\17a8c77e-04ca-47f4-b630-3fee1807da27.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/x0Wo7olgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:J0W9lgGZtwZGk3mlind9i4ufFXpAXkru
MD5:	60A20736363451AD65B9217321E372DC
SHA1:	EB236E320D8C8531CF011BD6FDEE4442DB08972F
SHA-256:	89BE7B3D7546985FF85535E3F979C94C4519709B05E5FEC63747805FCF899CE0
SHA-512:	4A096D43D6EE15C7BD5255D35655AD55C265DF829A4AFBC24CAAB8C201D4C109AD2C3DDD298C6CB3980D0C6C31A19D5EAC8E509748FF5083A0F9E42ACA1589BA
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\30fbc8c5-0127-4c5f-80a6-d3cee20c8d3d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
MD5:	716C2C392DCD15C95BBD760EEBABFCD0
SHA1:	4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
SHA-256:	DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
SHA-512:	E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\36a20a01-9ff1-4afe-b7ac-c3250b72495b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\9dcc3df3-6b4e-4a65-adc8-3f37e5296464.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.809450068296632
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	FAXOC_03019_99091_02052521.pdf
File size:	15'695 bytes
MD5:	dfd293aa1d8895a61e95ee58954292a3
SHA1:	7467896aa9d95aad320c7531a4c14ceed0af0d5c
SHA256:	0954754f22379a4e2d6056687f39245023a1952a96c01b60390d62a3bad069fc
SHA512:	d23e2e9a888d3c1891a8a3de604fa3f59a0d75f0393e366994f3242f7dc1cfa7a0d392eab42907f667b931e07796fe93c1c9db4951a5f113946f0078fdc1fa31
SSDEEP:	384:JHVNZtcQaD12K1mCpErUQvvWIjEyd6jm7o0juClbisOz:JHVN7cQaD12K1mAErnXCykms0Hu
TLSH:	A2623C0FE2834BDDDDC7BA65E27172F25AEDA77E40CB2A1194A54D0DCEE409812019B3
File Content Preview:	%PDF-1.4.3 0 obj.<</Type /Page./Parent 1 0 R./Resources 2 0 R./Annots [<</Type /Annot /Subtype /Link /Rect [28.35 824.88 141.73 711.50] /Border [0 0 0] /A <</S /URI /URI (http://www.dulcesol.es)>>>>]./Group <</Type /Group /S /Transparency /CS /DeviceRGB>>

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.809450
Total Bytes:	15695
Stream Entropy:	7.893933
Stream Bytes:	13447
Entropy outside Streams:	5.107525
Bytes outside Streams:	2248
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	14
endobj	14
stream	4
endstream	4
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
11	0000505226160000	651a9a5b8799778f278c577c72765ee9
12	0000000008000000	639af13c200358a062260a9004068fff

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 6, 2024 18:45:53.391808987 CEST	49738	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.391855955 CEST	443	49738	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.391947985 CEST	49738	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.393686056 CEST	49738	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.393697023 CEST	443	49738	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.622330904 CEST	443	49738	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.622539997 CEST	49738	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.625720024 CEST	49738	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.625727892 CEST	443	49738	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.625974894 CEST	443	49738	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.659634113 CEST	49738	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.700120926 CEST	443	49738	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.837106943 CEST	443	49738	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.837181091 CEST	443	49738	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.837275028 CEST	49738	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.837414026 CEST	49738	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.837435007 CEST	443	49738	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.837447882 CEST	49738	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.837454081 CEST	443	49738	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.873992920 CEST	49739	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.874047995 CEST	443	49739	104.110.176.109	192.168.2.4
May 6, 2024 18:45:53.874162912 CEST	49739	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.874420881 CEST	49739	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:53.874432087 CEST	443	49739	104.110.176.109	192.168.2.4
May 6, 2024 18:45:54.100605965 CEST	443	49739	104.110.176.109	192.168.2.4
May 6, 2024 18:45:54.100677013 CEST	49739	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:54.106914997 CEST	49739	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:54.106929064 CEST	443	49739	104.110.176.109	192.168.2.4
May 6, 2024 18:45:54.107258081 CEST	443	49739	104.110.176.109	192.168.2.4
May 6, 2024 18:45:54.110474110 CEST	49739	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:54.156126022 CEST	443	49739	104.110.176.109	192.168.2.4
May 6, 2024 18:45:54.327394009 CEST	443	49739	104.110.176.109	192.168.2.4
May 6, 2024 18:45:54.327476025 CEST	443	49739	104.110.176.109	192.168.2.4
May 6, 2024 18:45:54.327527046 CEST	49739	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:54.328834057 CEST	49739	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:54.328855991 CEST	443	49739	104.110.176.109	192.168.2.4
May 6, 2024 18:45:54.328871012 CEST	49739	443	192.168.2.4	104.110.176.109
May 6, 2024 18:45:54.328876972 CEST	443	49739	104.110.176.109	192.168.2.4
May 6, 2024 18:45:59.641834021 CEST	49740	443	192.168.2.4	96.17.61.58
May 6, 2024 18:45:59.641870975 CEST	443	49740	96.17.61.58	192.168.2.4
May 6, 2024 18:45:59.641942978 CEST	49740	443	192.168.2.4	96.17.61.58
May 6, 2024 18:45:59.642119884 CEST	49740	443	192.168.2.4	96.17.61.58
May 6, 2024 18:45:59.642133951 CEST	443	49740	96.17.61.58	192.168.2.4
May 6, 2024 18:45:59.981525898 CEST	443	49740	96.17.61.58	192.168.2.4
May 6, 2024 18:45:59.983998060 CEST	49740	443	192.168.2.4	96.17.61.58
May 6, 2024 18:45:59.984019995 CEST	443	49740	96.17.61.58	192.168.2.4
May 6, 2024 18:45:59.984949112 CEST	443	49740	96.17.61.58	192.168.2.4
May 6, 2024 18:45:59.985018015 CEST	49740	443	192.168.2.4	96.17.61.58
May 6, 2024 18:45:59.987257957 CEST	49740	443	192.168.2.4	96.17.61.58
May 6, 2024 18:45:59.987309933 CEST	443	49740	96.17.61.58	192.168.2.4
May 6, 2024 18:45:59.987433910 CEST	49740	443	192.168.2.4	96.17.61.58
May 6, 2024 18:45:59.987445116 CEST	443	49740	96.17.61.58	192.168.2.4
May 6, 2024 18:46:00.038371086 CEST	49740	443	192.168.2.4	96.17.61.58
May 6, 2024 18:46:00.111706018 CEST	443	49740	96.17.61.58	192.168.2.4
May 6, 2024 18:46:00.111829042 CEST	443	49740	96.17.61.58	192.168.2.4
May 6, 2024 18:46:00.111888885 CEST	49740	443	192.168.2.4	96.17.61.58
May 6, 2024 18:46:00.112482071 CEST	49740	443	192.168.2.4	96.17.61.58
May 6, 2024 18:46:00.112499952 CEST	443	49740	96.17.61.58	192.168.2.4
May 6, 2024 18:46:04.999618053 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:04.999666929 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:04.999728918 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:05.001051903 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:05.001063108 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:05.425486088 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:05.425616026 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:05.429025888 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:05.429035902 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:05.429270029 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:05.478996992 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:05.902981997 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:05.948120117 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:06.177674055 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:06.177694082 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:06.177696943 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:06.177742004 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:06.177778959 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:06.177884102 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:06.177884102 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:06.177921057 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:06.177948952 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:06.177958012 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:06.177978992 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:06.178755999 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:06.190144062 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:06.190144062 CEST	49741	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:06.190177917 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:06.190192938 CEST	443	49741	20.12.23.50	192.168.2.4
May 6, 2024 18:46:13.107321978 CEST	49747	80	192.168.2.4	15.197.142.173
May 6, 2024 18:46:13.108292103 CEST	49749	80	192.168.2.4	15.197.142.173
May 6, 2024 18:46:13.216589928 CEST	80	49747	15.197.142.173	192.168.2.4
May 6, 2024 18:46:13.216703892 CEST	49747	80	192.168.2.4	15.197.142.173
May 6, 2024 18:46:13.217006922 CEST	49747	80	192.168.2.4	15.197.142.173
May 6, 2024 18:46:13.217447042 CEST	80	49749	15.197.142.173	192.168.2.4
May 6, 2024 18:46:13.217505932 CEST	49749	80	192.168.2.4	15.197.142.173
May 6, 2024 18:46:13.326272964 CEST	80	49747	15.197.142.173	192.168.2.4
May 6, 2024 18:46:13.354414940 CEST	80	49747	15.197.142.173	192.168.2.4
May 6, 2024 18:46:13.396825075 CEST	49747	80	192.168.2.4	15.197.142.173
May 6, 2024 18:46:13.474520922 CEST	49751	443	192.168.2.4	15.197.142.173
May 6, 2024 18:46:13.474560976 CEST	443	49751	15.197.142.173	192.168.2.4
May 6, 2024 18:46:13.474617004 CEST	49751	443	192.168.2.4	15.197.142.173
May 6, 2024 18:46:13.474865913 CEST	49751	443	192.168.2.4	15.197.142.173
May 6, 2024 18:46:13.474875927 CEST	443	49751	15.197.142.173	192.168.2.4
May 6, 2024 18:46:17.367810011 CEST	49753	443	192.168.2.4	142.250.64.196
May 6, 2024 18:46:17.367860079 CEST	443	49753	142.250.64.196	192.168.2.4
May 6, 2024 18:46:17.367937088 CEST	49753	443	192.168.2.4	142.250.64.196
May 6, 2024 18:46:17.368220091 CEST	49753	443	192.168.2.4	142.250.64.196
May 6, 2024 18:46:17.368231058 CEST	443	49753	142.250.64.196	192.168.2.4
May 6, 2024 18:46:17.611042023 CEST	443	49753	142.250.64.196	192.168.2.4
May 6, 2024 18:46:17.611416101 CEST	49753	443	192.168.2.4	142.250.64.196
May 6, 2024 18:46:17.611443043 CEST	443	49753	142.250.64.196	192.168.2.4
May 6, 2024 18:46:17.612453938 CEST	443	49753	142.250.64.196	192.168.2.4
May 6, 2024 18:46:17.612531900 CEST	49753	443	192.168.2.4	142.250.64.196
May 6, 2024 18:46:17.613917112 CEST	49753	443	192.168.2.4	142.250.64.196
May 6, 2024 18:46:17.613975048 CEST	443	49753	142.250.64.196	192.168.2.4
May 6, 2024 18:46:17.662230968 CEST	49753	443	192.168.2.4	142.250.64.196
May 6, 2024 18:46:17.662259102 CEST	443	49753	142.250.64.196	192.168.2.4
May 6, 2024 18:46:17.708184004 CEST	49753	443	192.168.2.4	142.250.64.196
May 6, 2024 18:46:27.593178034 CEST	443	49753	142.250.64.196	192.168.2.4
May 6, 2024 18:46:27.593287945 CEST	443	49753	142.250.64.196	192.168.2.4
May 6, 2024 18:46:27.593327045 CEST	49753	443	192.168.2.4	142.250.64.196
May 6, 2024 18:46:28.043560982 CEST	49753	443	192.168.2.4	142.250.64.196
May 6, 2024 18:46:28.043596983 CEST	443	49753	142.250.64.196	192.168.2.4
May 6, 2024 18:46:42.630121946 CEST	49761	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:42.630160093 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:42.630245924 CEST	49761	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:42.630719900 CEST	49761	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:42.630745888 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.050859928 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.051016092 CEST	49761	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:43.055522919 CEST	49761	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:43.055547953 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.055972099 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.064224005 CEST	49761	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:43.108118057 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.463890076 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.463911057 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.463927031 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.464036942 CEST	49761	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:43.464068890 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.464148045 CEST	49761	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:43.468787909 CEST	49761	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:43.468812943 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.468827009 CEST	49761	443	192.168.2.4	20.12.23.50
May 6, 2024 18:46:43.468832970 CEST	443	49761	20.12.23.50	192.168.2.4
May 6, 2024 18:46:43.476217031 CEST	49751	443	192.168.2.4	15.197.142.173
May 6, 2024 18:46:43.524116039 CEST	443	49751	15.197.142.173	192.168.2.4
May 6, 2024 18:46:44.510965109 CEST	49763	443	192.168.2.4	15.197.142.173
May 6, 2024 18:46:44.511020899 CEST	443	49763	15.197.142.173	192.168.2.4
May 6, 2024 18:46:44.511092901 CEST	49763	443	192.168.2.4	15.197.142.173
May 6, 2024 18:46:44.511368990 CEST	49764	443	192.168.2.4	15.197.142.173
May 6, 2024 18:46:44.511425018 CEST	443	49764	15.197.142.173	192.168.2.4
May 6, 2024 18:46:44.511476994 CEST	49764	443	192.168.2.4	15.197.142.173
May 6, 2024 18:46:44.511672974 CEST	49763	443	192.168.2.4	15.197.142.173
May 6, 2024 18:46:44.511686087 CEST	443	49763	15.197.142.173	192.168.2.4
May 6, 2024 18:46:44.511821985 CEST	49764	443	192.168.2.4	15.197.142.173
May 6, 2024 18:46:44.511832952 CEST	443	49764	15.197.142.173	192.168.2.4
May 6, 2024 18:46:58.146652937 CEST	49723	80	192.168.2.4	199.232.214.172
May 6, 2024 18:46:58.146711111 CEST	49724	80	192.168.2.4	199.232.214.172
May 6, 2024 18:46:58.222256899 CEST	49749	80	192.168.2.4	15.197.142.173
May 6, 2024 18:46:58.262444019 CEST	80	49723	199.232.214.172	192.168.2.4
May 6, 2024 18:46:58.262475014 CEST	80	49723	199.232.214.172	192.168.2.4
May 6, 2024 18:46:58.262623072 CEST	49723	80	192.168.2.4	199.232.214.172
May 6, 2024 18:46:58.268069983 CEST	80	49724	199.232.214.172	192.168.2.4
May 6, 2024 18:46:58.268112898 CEST	80	49724	199.232.214.172	192.168.2.4
May 6, 2024 18:46:58.268253088 CEST	49724	80	192.168.2.4	199.232.214.172
May 6, 2024 18:46:58.331561089 CEST	80	49749	15.197.142.173	192.168.2.4
May 6, 2024 18:46:58.365263939 CEST	49747	80	192.168.2.4	15.197.142.173
May 6, 2024 18:46:58.475097895 CEST	80	49747	15.197.142.173	192.168.2.4
May 6, 2024 18:47:13.266783953 CEST	80	49749	15.197.142.173	192.168.2.4
May 6, 2024 18:47:13.267013073 CEST	49749	80	192.168.2.4	15.197.142.173
May 6, 2024 18:47:13.354815960 CEST	80	49747	15.197.142.173	192.168.2.4
May 6, 2024 18:47:13.354913950 CEST	49747	80	192.168.2.4	15.197.142.173
May 6, 2024 18:47:14.521306992 CEST	49763	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:14.521946907 CEST	49764	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:14.526864052 CEST	49749	80	192.168.2.4	15.197.142.173
May 6, 2024 18:47:14.526899099 CEST	49747	80	192.168.2.4	15.197.142.173
May 6, 2024 18:47:14.568116903 CEST	443	49764	15.197.142.173	192.168.2.4
May 6, 2024 18:47:14.568116903 CEST	443	49763	15.197.142.173	192.168.2.4
May 6, 2024 18:47:14.636207104 CEST	80	49749	15.197.142.173	192.168.2.4
May 6, 2024 18:47:14.636233091 CEST	80	49747	15.197.142.173	192.168.2.4
May 6, 2024 18:47:17.318793058 CEST	49766	443	192.168.2.4	142.250.64.196
May 6, 2024 18:47:17.318844080 CEST	443	49766	142.250.64.196	192.168.2.4
May 6, 2024 18:47:17.318918943 CEST	49766	443	192.168.2.4	142.250.64.196
May 6, 2024 18:47:17.319231987 CEST	49766	443	192.168.2.4	142.250.64.196
May 6, 2024 18:47:17.319246054 CEST	443	49766	142.250.64.196	192.168.2.4
May 6, 2024 18:47:17.556404114 CEST	443	49766	142.250.64.196	192.168.2.4
May 6, 2024 18:47:17.556822062 CEST	49766	443	192.168.2.4	142.250.64.196
May 6, 2024 18:47:17.556833982 CEST	443	49766	142.250.64.196	192.168.2.4
May 6, 2024 18:47:17.557343960 CEST	443	49766	142.250.64.196	192.168.2.4
May 6, 2024 18:47:17.557641029 CEST	49766	443	192.168.2.4	142.250.64.196
May 6, 2024 18:47:17.557694912 CEST	443	49766	142.250.64.196	192.168.2.4
May 6, 2024 18:47:17.598946095 CEST	49766	443	192.168.2.4	142.250.64.196
May 6, 2024 18:47:19.562911987 CEST	49767	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:19.562968969 CEST	443	49767	15.197.142.173	192.168.2.4
May 6, 2024 18:47:19.563174009 CEST	49767	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:19.563182116 CEST	49768	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:19.563246012 CEST	443	49768	15.197.142.173	192.168.2.4
May 6, 2024 18:47:19.563303947 CEST	49768	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:19.563359976 CEST	49767	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:19.563371897 CEST	443	49767	15.197.142.173	192.168.2.4
May 6, 2024 18:47:19.563549995 CEST	49768	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:19.563566923 CEST	443	49768	15.197.142.173	192.168.2.4
May 6, 2024 18:47:27.542275906 CEST	443	49766	142.250.64.196	192.168.2.4
May 6, 2024 18:47:27.542340040 CEST	443	49766	142.250.64.196	192.168.2.4
May 6, 2024 18:47:27.542452097 CEST	49766	443	192.168.2.4	142.250.64.196
May 6, 2024 18:47:28.536092043 CEST	49751	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:28.536115885 CEST	443	49751	15.197.142.173	192.168.2.4
May 6, 2024 18:47:29.165404081 CEST	49766	443	192.168.2.4	142.250.64.196
May 6, 2024 18:47:29.165427923 CEST	443	49766	142.250.64.196	192.168.2.4
May 6, 2024 18:47:49.567049980 CEST	49767	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:49.567121029 CEST	49768	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:49.608131886 CEST	443	49768	15.197.142.173	192.168.2.4
May 6, 2024 18:47:49.612123013 CEST	443	49767	15.197.142.173	192.168.2.4
May 6, 2024 18:47:59.582110882 CEST	49763	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:59.582115889 CEST	49764	443	192.168.2.4	15.197.142.173
May 6, 2024 18:47:59.582135916 CEST	443	49763	15.197.142.173	192.168.2.4
May 6, 2024 18:47:59.582144976 CEST	443	49764	15.197.142.173	192.168.2.4
May 6, 2024 18:48:13.550939083 CEST	49751	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:13.550966024 CEST	443	49751	15.197.142.173	192.168.2.4
May 6, 2024 18:48:17.380495071 CEST	49770	443	192.168.2.4	142.250.64.196
May 6, 2024 18:48:17.380531073 CEST	443	49770	142.250.64.196	192.168.2.4
May 6, 2024 18:48:17.380721092 CEST	49770	443	192.168.2.4	142.250.64.196
May 6, 2024 18:48:17.381400108 CEST	49770	443	192.168.2.4	142.250.64.196
May 6, 2024 18:48:17.381412029 CEST	443	49770	142.250.64.196	192.168.2.4
May 6, 2024 18:48:17.615652084 CEST	443	49770	142.250.64.196	192.168.2.4
May 6, 2024 18:48:17.616763115 CEST	49770	443	192.168.2.4	142.250.64.196
May 6, 2024 18:48:17.616790056 CEST	443	49770	142.250.64.196	192.168.2.4
May 6, 2024 18:48:17.617172956 CEST	443	49770	142.250.64.196	192.168.2.4
May 6, 2024 18:48:17.617532969 CEST	49770	443	192.168.2.4	142.250.64.196
May 6, 2024 18:48:17.617609024 CEST	443	49770	142.250.64.196	192.168.2.4
May 6, 2024 18:48:17.660015106 CEST	49770	443	192.168.2.4	142.250.64.196
May 6, 2024 18:48:19.592854023 CEST	49771	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:19.592895985 CEST	443	49771	15.197.142.173	192.168.2.4
May 6, 2024 18:48:19.592988014 CEST	49771	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:19.593061924 CEST	49772	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:19.593118906 CEST	443	49772	15.197.142.173	192.168.2.4
May 6, 2024 18:48:19.593173027 CEST	49772	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:19.594027996 CEST	49772	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:19.594041109 CEST	443	49772	15.197.142.173	192.168.2.4
May 6, 2024 18:48:19.594189882 CEST	49771	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:19.594202042 CEST	443	49771	15.197.142.173	192.168.2.4
May 6, 2024 18:48:22.700391054 CEST	443	49751	15.197.142.173	192.168.2.4
May 6, 2024 18:48:27.610923052 CEST	443	49770	142.250.64.196	192.168.2.4
May 6, 2024 18:48:27.610986948 CEST	443	49770	142.250.64.196	192.168.2.4
May 6, 2024 18:48:27.611053944 CEST	49770	443	192.168.2.4	142.250.64.196
May 6, 2024 18:48:29.163204908 CEST	49770	443	192.168.2.4	142.250.64.196
May 6, 2024 18:48:29.163233995 CEST	443	49770	142.250.64.196	192.168.2.4
May 6, 2024 18:48:34.613246918 CEST	49767	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:34.613269091 CEST	443	49767	15.197.142.173	192.168.2.4
May 6, 2024 18:48:34.613267899 CEST	49768	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:34.613291025 CEST	443	49768	15.197.142.173	192.168.2.4
May 6, 2024 18:48:44.582989931 CEST	49763	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:44.582992077 CEST	49764	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:44.583012104 CEST	443	49764	15.197.142.173	192.168.2.4
May 6, 2024 18:48:44.583019972 CEST	443	49763	15.197.142.173	192.168.2.4
May 6, 2024 18:48:49.600488901 CEST	49772	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:49.600569010 CEST	49771	443	192.168.2.4	15.197.142.173
May 6, 2024 18:48:49.644117117 CEST	443	49771	15.197.142.173	192.168.2.4
May 6, 2024 18:48:49.644126892 CEST	443	49772	15.197.142.173	192.168.2.4
May 6, 2024 18:48:55.468369007 CEST	443	49763	15.197.142.173	192.168.2.4
May 6, 2024 18:48:55.468381882 CEST	443	49764	15.197.142.173	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 6, 2024 18:46:05.763716936 CEST	138	138	192.168.2.4	192.168.2.255
May 6, 2024 18:46:12.986135960 CEST	61304	53	192.168.2.4	1.1.1.1
May 6, 2024 18:46:12.986376047 CEST	58152	53	192.168.2.4	1.1.1.1
May 6, 2024 18:46:13.096010923 CEST	53	49956	1.1.1.1	192.168.2.4
May 6, 2024 18:46:13.102895975 CEST	53	61304	1.1.1.1	192.168.2.4
May 6, 2024 18:46:13.106805086 CEST	53	58152	1.1.1.1	192.168.2.4
May 6, 2024 18:46:13.107615948 CEST	53	50755	1.1.1.1	192.168.2.4
May 6, 2024 18:46:13.356848001 CEST	59853	53	192.168.2.4	1.1.1.1
May 6, 2024 18:46:13.357052088 CEST	58038	53	192.168.2.4	1.1.1.1
May 6, 2024 18:46:13.473457098 CEST	53	59853	1.1.1.1	192.168.2.4
May 6, 2024 18:46:13.474092007 CEST	53	58038	1.1.1.1	192.168.2.4
May 6, 2024 18:46:13.764154911 CEST	53	64944	1.1.1.1	192.168.2.4
May 6, 2024 18:46:17.254232883 CEST	54409	53	192.168.2.4	1.1.1.1
May 6, 2024 18:46:17.254393101 CEST	63702	53	192.168.2.4	1.1.1.1
May 6, 2024 18:46:17.364248037 CEST	53	54409	1.1.1.1	192.168.2.4
May 6, 2024 18:46:17.365828037 CEST	53	63702	1.1.1.1	192.168.2.4
May 6, 2024 18:46:25.335675001 CEST	53	51501	1.1.1.1	192.168.2.4
May 6, 2024 18:46:30.803924084 CEST	53	62052	1.1.1.1	192.168.2.4
May 6, 2024 18:46:43.475910902 CEST	53	56906	1.1.1.1	192.168.2.4
May 6, 2024 18:46:49.511429071 CEST	53	63771	1.1.1.1	192.168.2.4
May 6, 2024 18:47:11.848448038 CEST	53	63267	1.1.1.1	192.168.2.4
May 6, 2024 18:47:12.729039907 CEST	53	62454	1.1.1.1	192.168.2.4
May 6, 2024 18:47:40.474797010 CEST	53	60195	1.1.1.1	192.168.2.4
May 6, 2024 18:48:27.101119041 CEST	53	49558	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
May 6, 2024 18:46:12.986135960 CEST	192.168.2.4	1.1.1.1	0x74b2	Standard query (0)	www.dulcesol.es	A (IP address)	IN (0x0001)	false
May 6, 2024 18:46:12.986376047 CEST	192.168.2.4	1.1.1.1	0x48d0	Standard query (0)	www.dulcesol.es	65	IN (0x0001)	false
May 6, 2024 18:46:13.356848001 CEST	192.168.2.4	1.1.1.1	0xd5ce	Standard query (0)	dulcesol.es	A (IP address)	IN (0x0001)	false
May 6, 2024 18:46:13.357052088 CEST	192.168.2.4	1.1.1.1	0x3ca0	Standard query (0)	dulcesol.es	65	IN (0x0001)	false
May 6, 2024 18:46:17.254232883 CEST	192.168.2.4	1.1.1.1	0x6b6c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
May 6, 2024 18:46:17.254393101 CEST	192.168.2.4	1.1.1.1	0x1c57	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
May 6, 2024 18:46:13.102895975 CEST	1.1.1.1	192.168.2.4	0x74b2	No error (0)	www.dulcesol.es	dulcesol.es		CNAME (Canonical name)	IN (0x0001)	false
May 6, 2024 18:46:13.102895975 CEST	1.1.1.1	192.168.2.4	0x74b2	No error (0)	dulcesol.es		15.197.142.173	A (IP address)	IN (0x0001)	false
May 6, 2024 18:46:13.102895975 CEST	1.1.1.1	192.168.2.4	0x74b2	No error (0)	dulcesol.es		3.33.152.147	A (IP address)	IN (0x0001)	false
May 6, 2024 18:46:13.106805086 CEST	1.1.1.1	192.168.2.4	0x48d0	No error (0)	www.dulcesol.es	dulcesol.es		CNAME (Canonical name)	IN (0x0001)	false
May 6, 2024 18:46:13.473457098 CEST	1.1.1.1	192.168.2.4	0xd5ce	No error (0)	dulcesol.es		15.197.142.173	A (IP address)	IN (0x0001)	false
May 6, 2024 18:46:13.473457098 CEST	1.1.1.1	192.168.2.4	0xd5ce	No error (0)	dulcesol.es		3.33.152.147	A (IP address)	IN (0x0001)	false
May 6, 2024 18:46:17.364248037 CEST	1.1.1.1	192.168.2.4	0x6b6c	No error (0)	www.google.com		142.250.64.196	A (IP address)	IN (0x0001)	false
May 6, 2024 18:46:17.365828037 CEST	1.1.1.1	192.168.2.4	0x1c57	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

armmf.adobe.com

slscr.update.microsoft.com

www.dulcesol.es

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49747	15.197.142.173	80	7648	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 6, 2024 18:46:13.217006922 CEST	430	OUT	GET / HTTP/1.1 Host: www.dulcesol.es Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 6, 2024 18:46:13.354414940 CEST	355	IN	HTTP/1.1 301 Moved Permanently Date: Mon, 06 May 2024 16:46:13 GMT Content-Type: text/html; charset=utf-8 Content-Length: 54 Connection: keep-alive Location: https://dulcesol.es Server: ip-10-123-124-146.ec2.internal Vary: Accept-Encoding X-Request-Id: 7e00355a-e6db-4ca3-a13c-bd2ad1ddf8ed Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 75 6c 63 65 73 6f 6c 2e 65 73 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="https://dulcesol.es">Moved Permanently</a>.
May 6, 2024 18:46:58.365263939 CEST	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49749	15.197.142.173	80	7648	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
May 6, 2024 18:46:58.222256899 CEST	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	104.110.176.109	443

Timestamp	Bytes transferred	Direction	Data
2024-05-06 16:45:53 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-06 16:45:53 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=224268 Date: Mon, 06 May 2024 16:45:53 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	104.110.176.109	443

Timestamp	Bytes transferred	Direction	Data
2024-05-06 16:45:54 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-05-06 16:45:54 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=224194 Date: Mon, 06 May 2024 16:45:54 GMT Content-Length: 55 Connection: close X-CID: 2
2024-05-06 16:45:54 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	96.17.61.58	443	7212	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-05-06 16:45:59 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-05-06 16:46:00 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Mon, 06 May 2024 16:46:00 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49741	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-05-06 16:46:05 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1rGhLGvLoLp5ZLL&MD=c2ZmrCt4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-06 16:46:06 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 1e6b5d9b-afaa-4f28-a514-66f5c267c972 MS-RequestId: 5fe67146-3c1b-4e3e-8e4b-67cebd402470 MS-CV: v/+ocq0RN0uS53DY.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 06 May 2024 16:46:05 GMT Connection: close Content-Length: 24490
2024-05-06 16:46:06 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-05-06 16:46:06 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49761	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-05-06 16:46:43 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=1rGhLGvLoLp5ZLL&MD=c2ZmrCt4 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-05-06 16:46:43 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 8b16be60-9508-4447-b444-f9aa216aeff8 MS-RequestId: cf627023-df9b-4176-95b4-d8820d5b98ad MS-CV: wd310+aONkKDdPEq.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 06 May 2024 16:46:42 GMT Connection: close Content-Length: 25457
2024-05-06 16:46:43 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-05-06 16:46:43 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6864, Parent PID: 2580

General

Target ID:	0
Start time:	18:45:46
Start date:	06/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\FAXOC_03019_99091_02052521.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7088, Parent PID: 6864

General

Target ID:	1
Start time:	18:45:46
Start date:	06/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7212, Parent PID: 7088

General

Target ID:	3
Start time:	18:45:47
Start date:	06/05/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2080 --field-trial-handle=1628,i,14454788536606698426,12340969754925004264,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7220, Parent PID: 1456

General

Target ID:	9
Start time:	18:46:11
Start date:	06/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "http://www.dulcesol.es"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7648, Parent PID: 7220

General

Target ID:	10
Start time:	18:46:11
Start date:	06/05/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1972,i,1686703969579029826,10444418147438048298,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report FAXOC_03019_99091_02052521.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\7ddc6c95-b97e-459a-b526-e47205f963a8.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240506164551Z-160.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7120

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Windows Analysis Report
FAXOC_03019_99091_02052521.pdf