Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Briefkopf YG Business.pdf

Overview

General Information

Sample name:Briefkopf YG Business.pdf
Analysis ID:1546140
MD5:eb9b257ab180ee2bb68d738473d8f0f3
SHA1:6c6d4e404698bb700a408677a9232ab1dddb4a66
SHA256:46e69d437c09af59d573bd1ab4cefcd2c6ffcdab913fb33e50e7d411580f60ed
Infos:

Detection

Score:3
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 2636 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Briefkopf YG Business.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2680 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 1632 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1640,i,10097200807821530073,9878019752465417983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-31T14:59:15.768784+010020229301A Network Trojan was detected172.202.163.200443192.168.2.549717TCP
2024-10-31T14:59:57.462469+010020229301A Network Trojan was detected172.202.163.200443192.168.2.560993TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.5:60816
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.5:60816
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.5:60816
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.5:60816
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.5:60816
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.5:60816
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.5:60816
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.5:60816
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.5:60816
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 192.168.2.5:60816 -> 96.7.168.138:443
Source: global trafficTCP traffic: 96.7.168.138:443 -> 192.168.2.5:60816
Source: Joe Sandbox ViewIP Address: 96.7.168.138 96.7.168.138
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.5:49717
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.5:60993
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.168.138
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60816
Source: unknownNetwork traffic detected: HTTP traffic on port 60816 -> 443
Source: classification engineClassification label: clean3.winPDF@14/29@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5408Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 09-59-01-750.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Briefkopf YG Business.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1640,i,10097200807821530073,9878019752465417983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1640,i,10097200807821530073,9878019752465417983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Briefkopf YG Business.pdfInitial sample: PDF keyword /JS count = 0
Source: Briefkopf YG Business.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Briefkopf YG Business.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546140 Sample: Briefkopf YG Business.pdf Startdate: 31/10/2024 Architecture: WINDOWS Score: 3 14 x1.i.lencr.org 2->14 16 bg.microsoft.map.fastly.net 2->16 7 Acrobat.exe 18 58 2->7         started        process3 process4 9 AcroCEF.exe 108 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 18 96.7.168.138, 443, 60816 INTERNEXABRASILOPERADORADETELECOMUNICACOESSABR United States 11->18

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      96.7.168.138
      		unknownUnited States
      		262589INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRfalse

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1546140
      Start date and time:2024-10-31 14:58:07 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 2s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowspdfcookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:9
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:Briefkopf YG Business.pdf
      Detection:CLEAN
      Classification:clean3.winPDF@14/29@1/1
      Cookbook Comments:
      • Found application associated with file extension: .pdf
      • Found PDF document
      • Close Viewer

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197, 162.159.61.3, 172.64.41.3, 2.23.197.184, 23.32.184.135, 199.232.214.172, 2.19.126.149, 2.19.126.143
      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
      • VT rate limit hit for: Briefkopf YG Business.pdf

      Simulations

      Behavior and APIs

      TimeTypeDescription
      09:59:12API Interceptor2x Sleep call for process: AcroCEF.exe modified

      LLM Input / Output

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      96.7.168.138Proposal From SIOLI Alexander Pino#U2026.pdfGet hashmaliciousUnknownBrowse
        0438.pdf.exeGet hashmaliciousUnknownBrowse
          0438.pdf.exeGet hashmaliciousUnknownBrowse
            401K .pdfGet hashmaliciousHTMLPhisherBrowse
              http://assets.website-files.com/65f02117700897a29c49fb10/65f7c129cb837c2310c7044e_tisamijujute.pdfGet hashmaliciousUnknownBrowse
                Oakville_Service_Update_d76b33a1-3420-40be-babd-e82e253ad25c.pdfGet hashmaliciousHTMLPhisherBrowse
                  2025+Policies_645622_929-5.pdfGet hashmaliciousUnknownBrowse
                    https://dl.dropboxusercontent.com/scl/fi/95is2w1ywjvorzayt88dp/DKM-0192PDF.zip?rlkey=svoej4s4tb5lwbnvthtgrmokl&st=d99zdn1k&dl=0Get hashmaliciousAbobus ObfuscatorBrowse
                      0438.pdf.exeGet hashmaliciousUnknownBrowse
                        Sars Urgent Notice.pdfGet hashmaliciousUnknownBrowse

                          Domains

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          bg.microsoft.map.fastly.nethttps://hidrive.ionos.com/lnk/FamigcCEFGet hashmaliciousUnknownBrowse
                          • 199.232.214.172
                          http://djaahaf.r.af.d.sendibt2.comGet hashmaliciousUnknownBrowse
                          • 199.232.214.172
                          http://www.kristinsacademy.com/?wptouch_switch=desktop&redirect=http://lagunaua.comGet hashmaliciousHTMLPhisherBrowse
                          • 199.232.214.172
                          Invoice Ref ++_Donuts.htmlGet hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          https://0nline1.logs-trading.site/?O462BZ3P81OgZBKGet hashmaliciousHTMLPhisherBrowse
                          • 199.232.210.172
                          Uschamber-TimeSheet Reports.pdfGet hashmaliciousUnknownBrowse
                          • 199.232.214.172
                          https://www.chambersschool.org/programs/early-childhoodGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                          • 199.232.214.172
                          https://alaskan.s3.eu-north-1.amazonaws.com/muna.html?login=abc@everbridge.com&pcnt=3&no_redrct=no_redrct&request_type=cancel_requestGet hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          https://www.transfernow.net/dl/20241030KnXGth9fGet hashmaliciousUnknownBrowse
                          • 199.232.210.172
                          ORDER REF_47806798 .exeGet hashmaliciousXWormBrowse
                          • 199.232.214.172

                          ASNs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          INTERNEXABRASILOPERADORADETELECOMUNICACOESSABRProposal From SIOLI Alexander Pino#U2026.pdfGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          0438.pdf.exeGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          0438.pdf.exeGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          401K .pdfGet hashmaliciousHTMLPhisherBrowse
                          • 96.7.168.138
                          http://assets.website-files.com/65f02117700897a29c49fb10/65f7c129cb837c2310c7044e_tisamijujute.pdfGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          Oakville_Service_Update_d76b33a1-3420-40be-babd-e82e253ad25c.pdfGet hashmaliciousHTMLPhisherBrowse
                          • 96.7.168.138
                          2025+Policies_645622_929-5.pdfGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          https://dl.dropboxusercontent.com/scl/fi/95is2w1ywjvorzayt88dp/DKM-0192PDF.zip?rlkey=svoej4s4tb5lwbnvthtgrmokl&st=d99zdn1k&dl=0Get hashmaliciousAbobus ObfuscatorBrowse
                          • 96.7.168.138
                          0438.pdf.exeGet hashmaliciousUnknownBrowse
                          • 96.7.168.138
                          Sars Urgent Notice.pdfGet hashmaliciousUnknownBrowse
                          • 96.7.168.138

                          JA3 Fingerprints

                          No context

                          Dropped Files

                          No context

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.243207227121602
                          Encrypted:false
                          SSDEEP:6:YfIjUEcM+q2P92nKuAl9OmbnIFUt8xfIjNNJZmw+xfIjNNcMVkwO92nKuAl9Omb5:hUpM+v4HAahFUt80NX/+0NqMV5LHAaSJ
                          MD5:C18CCC58EBC80271DF60E7DC2CAC694D
                          SHA1:A1DBDECE22D03F0E5415DDD885E68CB6CACF9DC2
                          SHA-256:13F42576DFDEDF2978538DE5363EC09994A1E314E2C27C0C23B70DC964A42225
                          SHA-512:D24391A3710A164F876CE94F26FD536D3AC5A5572FF4642084140392A2D02C8C89E0F6E5F5194447A97F742098D4174BE47C908272CC50B3FA51FB812C593DA7
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/31-09:58:59.497 18fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-09:58:59.499 18fc Recovering log #3.2024/10/31-09:58:59.499 18fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.243207227121602
                          Encrypted:false
                          SSDEEP:6:YfIjUEcM+q2P92nKuAl9OmbnIFUt8xfIjNNJZmw+xfIjNNcMVkwO92nKuAl9Omb5:hUpM+v4HAahFUt80NX/+0NqMV5LHAaSJ
                          MD5:C18CCC58EBC80271DF60E7DC2CAC694D
                          SHA1:A1DBDECE22D03F0E5415DDD885E68CB6CACF9DC2
                          SHA-256:13F42576DFDEDF2978538DE5363EC09994A1E314E2C27C0C23B70DC964A42225
                          SHA-512:D24391A3710A164F876CE94F26FD536D3AC5A5572FF4642084140392A2D02C8C89E0F6E5F5194447A97F742098D4174BE47C908272CC50B3FA51FB812C593DA7
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/31-09:58:59.497 18fc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-09:58:59.499 18fc Recovering log #3.2024/10/31-09:58:59.499 18fc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):338
                          Entropy (8bit):5.217441518219713
                          Encrypted:false
                          SSDEEP:6:YfI8Q+q2P92nKuAl9Ombzo2jMGIFUt8xfIO4gZmw+xfImQVkwO92nKuAl9Ombzos:2Q+v4HAa8uFUt8Ag/+JQV5LHAa8RJ
                          MD5:8B49CFA9789D5056B0237307201B21FB
                          SHA1:80B66FB3210D8080FFA7F18BAEB62F688BD9B1F7
                          SHA-256:04D4E954494F51F946DE96BEBEB8904385E32A56A7FAF507D476A443DF8A369E
                          SHA-512:4CCA0CEBFF3CFC8165EA8C62A08451F0B8F566396B118A8088E1AC5220CA3BC7669995270BE7432A7A943AEB83C61F8BC256828757A1DFB4900660EC434C5308
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/31-09:58:59.581 157c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-09:58:59.582 157c Recovering log #3.2024/10/31-09:58:59.583 157c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):338
                          Entropy (8bit):5.217441518219713
                          Encrypted:false
                          SSDEEP:6:YfI8Q+q2P92nKuAl9Ombzo2jMGIFUt8xfIO4gZmw+xfImQVkwO92nKuAl9Ombzos:2Q+v4HAa8uFUt8Ag/+JQV5LHAa8RJ
                          MD5:8B49CFA9789D5056B0237307201B21FB
                          SHA1:80B66FB3210D8080FFA7F18BAEB62F688BD9B1F7
                          SHA-256:04D4E954494F51F946DE96BEBEB8904385E32A56A7FAF507D476A443DF8A369E
                          SHA-512:4CCA0CEBFF3CFC8165EA8C62A08451F0B8F566396B118A8088E1AC5220CA3BC7669995270BE7432A7A943AEB83C61F8BC256828757A1DFB4900660EC434C5308
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/31-09:58:59.581 157c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-09:58:59.582 157c Recovering log #3.2024/10/31-09:58:59.583 157c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0a41d476-36f3-478c-8f6c-0aebe40bbbeb.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:modified
                          Size (bytes):508
                          Entropy (8bit):5.051963888937989
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqFZsBdOg2HeJgcaq3QYiubxnP7E4T3OF+:Y2sRdsRdMHeJL3QYhbxP7nbI+
                          MD5:FAA4468D866C25E0408558CB9DBB92A3
                          SHA1:B73695A773AC22AAABF115CB35083E547E7608ED
                          SHA-256:8FA70BBBD3432DE96813F8093A3BCDD9F4B47E806F1983CB0D2D36D05D7BA729
                          SHA-512:77C48706BEC775CD2A1F4DE9A746CA95258AA571FDCDE32165A289A2127C99A59336E91C45CA2A9F3A184670E963B73237DDEF0FC52A5174D3129BB50AC39061
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374943145418901","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":253861},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):508
                          Entropy (8bit):5.051963888937989
                          Encrypted:false
                          SSDEEP:12:YH/um3RA8sqFZsBdOg2HeJgcaq3QYiubxnP7E4T3OF+:Y2sRdsRdMHeJL3QYhbxP7nbI+
                          MD5:FAA4468D866C25E0408558CB9DBB92A3
                          SHA1:B73695A773AC22AAABF115CB35083E547E7608ED
                          SHA-256:8FA70BBBD3432DE96813F8093A3BCDD9F4B47E806F1983CB0D2D36D05D7BA729
                          SHA-512:77C48706BEC775CD2A1F4DE9A746CA95258AA571FDCDE32165A289A2127C99A59336E91C45CA2A9F3A184670E963B73237DDEF0FC52A5174D3129BB50AC39061
                          Malicious:false
                          Reputation:low
                          Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374943145418901","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":253861},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4509
                          Entropy (8bit):5.234106380431998
                          Encrypted:false
                          SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUlZOZtvWZZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLM
                          MD5:4A7AA52ADCB24F979FD599C94E65E731
                          SHA1:75AE76A74CDBCDB5034C6CD3FF0C99FEB7F69AB7
                          SHA-256:730FCEDDB285DAC8FBE93E48AC9DD06C32ADFD8D3CAF9277278D492F7212CB08
                          SHA-512:843839CF36BFE8D51E0BDBE6F0EE287FA8906352E6119A3E61C2435BE63E04A56CCC25BE0C896DA312FE1BBC7DE044B09CC99F321BA8BDFBBC47BF46ADBA1D8D
                          Malicious:false
                          Reputation:low
                          Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):326
                          Entropy (8bit):5.2202163135701
                          Encrypted:false
                          SSDEEP:6:YfIKQ+q2P92nKuAl9OmbzNMxIFUt8xfIAgZmw+xfIIf1SQVkwO92nKuAl9OmbzNq:wQ+v4HAa8jFUt8Hg/+HtSQV5LHAa84J
                          MD5:866D6D33ABA2A0703CD40DC0FE635ED3
                          SHA1:75D26D1E3303026AC5722140587E5BF1E8493D7F
                          SHA-256:2EB368EF2B980A02420FBCE658F3D6ADE3733B428C1A02E55480344D3BEE62B8
                          SHA-512:6BB098447BC8D2D7D631532676C57364B7C4B2874C7CC52B782C051297222C9B408C6D3E215FBA03B41EE60C6B46E92E1EF622EDE30896C3C754FBEA5A5CC7A3
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/31-09:58:59.705 157c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-09:58:59.707 157c Recovering log #3.2024/10/31-09:58:59.708 157c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):326
                          Entropy (8bit):5.2202163135701
                          Encrypted:false
                          SSDEEP:6:YfIKQ+q2P92nKuAl9OmbzNMxIFUt8xfIAgZmw+xfIIf1SQVkwO92nKuAl9OmbzNq:wQ+v4HAa8jFUt8Hg/+HtSQV5LHAa84J
                          MD5:866D6D33ABA2A0703CD40DC0FE635ED3
                          SHA1:75D26D1E3303026AC5722140587E5BF1E8493D7F
                          SHA-256:2EB368EF2B980A02420FBCE658F3D6ADE3733B428C1A02E55480344D3BEE62B8
                          SHA-512:6BB098447BC8D2D7D631532676C57364B7C4B2874C7CC52B782C051297222C9B408C6D3E215FBA03B41EE60C6B46E92E1EF622EDE30896C3C754FBEA5A5CC7A3
                          Malicious:false
                          Reputation:low
                          Preview:2024/10/31-09:58:59.705 157c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-09:58:59.707 157c Recovering log #3.2024/10/31-09:58:59.708 157c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241031135903Z-156.bmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                          Category:dropped
                          Size (bytes):65110
                          Entropy (8bit):0.7511644010062073
                          Encrypted:false
                          SSDEEP:192:xfCODezvdiaC9IcGdiEeovp0GeO6PAVvAW0M3fOl3+WKvWOmqBZs5sxRx+:xfwRx+
                          MD5:F7F063A16DB2DDC587E4727D527AABC2
                          SHA1:D211052EF96D725B091D6AEF68D85E7B8F7C0398
                          SHA-256:D029944D4193A4721412425D87F57C20D2B491923B909CB0BF8B17C058F2A2FF
                          SHA-512:50EDE02E71EF557A7829D9C817E941E4F5AF8A83D477337580CB6FF7930CEED07D6E42026ADD4F88747FD6EA9C9318F163C4061AB9F16A265F60E3D7DDE3335E
                          Malicious:false
                          Reputation:low
                          Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Certificate, Version=3
                          Category:dropped
                          Size (bytes):1391
                          Entropy (8bit):7.705940075877404
                          Encrypted:false
                          SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                          Malicious:false
                          Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                          Category:dropped
                          Size (bytes):71954
                          Entropy (8bit):7.996617769952133
                          Encrypted:true
                          SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                          Malicious:false
                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):192
                          Entropy (8bit):2.756901573172974
                          Encrypted:false
                          SSDEEP:3:kkFklvyItllXfllXlE/HT8kubNNX8RolJuRdxLlGB9lQRYwpDdt:kKVIGT8zNMa8RdWBwRd
                          MD5:35A862BEC2A1AEB12EC242724D3A5FFB
                          SHA1:51D1C8FCF1F47F7D19EA52FEDA6D0167D3DFBD54
                          SHA-256:98210B33CFD337E30BD25A002F9DD8718140043111264A113FEEFA00058CF229
                          SHA-512:FE6D9B76A6BE67892FE5F6E14962644D3CB36A7A0BDAF2261AC89C1AC71574AE3A04128BF765567818BF805B09A7BD500F520859F17043AB3B47A81DA431AD4A
                          Malicious:false
                          Preview:p...... .............+..(....................................................... ..........W....;...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:modified
                          Size (bytes):328
                          Entropy (8bit):3.253995428229511
                          Encrypted:false
                          SSDEEP:6:kKAF9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:IsDImsLNkPlE99SNxAhUe/3
                          MD5:3E49513927532AF2B7F110079B9C75D0
                          SHA1:433275E0E75B6177FD1BBDF39F4AFFE2C7C7EAE3
                          SHA-256:4D721D5042102E24382BE4CBCDDB22F20DD0CE0207ADDEA4C7B8B0355CF7EFCA
                          SHA-512:574C2B0642011A2EE900E17139CFCBDFEAFA2D54DAB646AF03D410B08F3830FAAFC909B29F555BC8D2681C99133873EBC80B00360D0FD4EEFDBF7BB4DC287624
                          Malicious:false
                          Preview:p...... .........].#.+..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5408

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):227002
                          Entropy (8bit):3.392780893644728
                          Encrypted:false
                          SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
                          MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
                          SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
                          SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
                          SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
                          Malicious:false
                          Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:3:e:e
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Preview:....

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2145
                          Entropy (8bit):5.0696201399125345
                          Encrypted:false
                          SSDEEP:24:YFuE3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCDxiW:YzAwmWXZYEtoitbRCwu20wD+JliWxao
                          MD5:3796AA8FFE26B2B6DFC084635A6DC1B2
                          SHA1:790E5D65EF2D327D9633DFC8EE575B4D0CF4CB4F
                          SHA-256:725EF451FB4FD03CEA02A3A703F237EE345AA921E3F6E80042FCDC76FC58762B
                          SHA-512:48EAF3A28016F70128D051428DE3AF40EDABB3AA3CB7783476988188A6CEA41A3AD0FF2FFAFDEF0F792CAC86FD7B6F882F1E921A459C95457AA88908C4FCA737
                          Malicious:false
                          Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1730383142000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d550de899f04b5f1cb01c3a7438d5d96","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696428962000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cfa45c7829b86b94abc8cd788add6752","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696428962000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"2dd86d6e5f99203c47dd099f6b5e82b8","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696428955000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"3ef850c86adcfefa30feaf6c5c1404b1","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1696426848000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"955b63af1bb125ce44faeb9a35adb91d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696426848000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg"

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):0.9843194076146096
                          Encrypted:false
                          SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spk4zJwtNBwtNbRZ6bRZ45F:TVl2GL7ms6ggOVpPzutYtp6PC
                          MD5:5A280BE4256C2AA7E2EC83B5E3A742BD
                          SHA1:9C0A60E7D1658E3DC35CDEC90FCA0DCAC01F3285
                          SHA-256:73AABCAC8FFB814BBCF3DBC352B33C02C7C2931BA0F81AB222AD434DB6BA124C
                          SHA-512:5BF11E7956EDEFB233ECA713FB00FC105CBEB4E2CE47A8047C94F440B0D31E412E9242CC214CD226F862DB9524C73AE4AB730262C7B72C79E9611D9A6F5FCFCB
                          Malicious:false
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.339028958087477
                          Encrypted:false
                          SSDEEP:24:7+tcEAD1RZKHs/Ds/SpkPzJwtNBwtNbRZ6bRZWf1RZK1JvqLBx/XYKQvGJF7ursh:7MBGgOVp4zutYtp6PMevqll2GL7msh
                          MD5:7F459A31D72BF69CD19E1E82CEBCE800
                          SHA1:8A2F6E393EA15A824CE36BEAC8B46D1D55158E58
                          SHA-256:298C98AF08B885BFB9A9B12DF2CB04596EC1F04C0945DA6988C97405DF095749
                          SHA-512:382DFB33709BA9F72934F5AD14F73F941CC35DE4A10CCD13568DA9ECDC109961E90FDFA686C4DB4D88952744E042508FE10D14A2905E8111C9EB8BA3B42F0B58
                          Malicious:false
                          Preview:.... .c......|........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\MSIf7cc.LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.5390718303530573
                          Encrypted:false
                          SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fQRaB+le:Qw946cPbiOxDlbYnuRKuB
                          MD5:5B8DDD6DF78DB2E609B71FFA7DA4FBE4
                          SHA1:799E42082B48AB82098825D2AE687BF9E6778533
                          SHA-256:F4548E7C28E1B20DCEDDD91B4CC867EE8A84D12876402AE60663948A646839F3
                          SHA-512:EDA339FD18CC623807F6DC52B065C1631846768B578F2A99316030ED578D872F54148C8D569EC63D99491A67F2B6824FAB90A1FF7907B0E579794A5180A33F5C
                          Malicious:false
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.1./.1.0./.2.0.2.4. . .0.9.:.5.9.:.0.6. .=.=.=.....

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 09-59-01-750.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.376360055978702
                          Encrypted:false
                          SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                          MD5:1336667A75083BF81E2632FABAA88B67
                          SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                          SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                          SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                          Malicious:false
                          Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393), with CRLF line terminators
                          Category:dropped
                          Size (bytes):15114
                          Entropy (8bit):5.355314463363054
                          Encrypted:false
                          SSDEEP:384:WzoM8MRM8M8M1MkvMh5i5y5P5B5UqXAqwqXwXwxwndRuMukubuEuU99A9s9e94LI:HCw
                          MD5:0064BA99593CBB3C580EF2A917E2E4F2
                          SHA1:A549EF94F5497CF6214871C2CDC91D82BE47844D
                          SHA-256:A1D5737A27D3D6ADD95A01152030B5488F1F99153A8E87DE8B2E9FFFEDB3599B
                          SHA-512:D19B7E026836D74634787799DBE2305DD4508C1AA246ABAD8C849897DC4DBD0139866AFB0E2EDACD22875831F2CF2CCBCD927CA44050ACE86ADCAC37F1F6F858
                          Malicious:false
                          Preview:SessionID=bf25ea37-6962-466d-8eec-48d0ddfe3688.1730383141761 Timestamp=2024-10-31T09:59:01:761-0400 ThreadID=7604 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=bf25ea37-6962-466d-8eec-48d0ddfe3688.1730383141761 Timestamp=2024-10-31T09:59:01:762-0400 ThreadID=7604 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=bf25ea37-6962-466d-8eec-48d0ddfe3688.1730383141761 Timestamp=2024-10-31T09:59:01:762-0400 ThreadID=7604 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=bf25ea37-6962-466d-8eec-48d0ddfe3688.1730383141761 Timestamp=2024-10-31T09:59:01:762-0400 ThreadID=7604 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=bf25ea37-6962-466d-8eec-48d0ddfe3688.1730383141761 Timestamp=2024-10-31T09:59:01:762-0400 ThreadID=7604 Component=ngl-lib_NglAppLib Description="SetConf

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):29752
                          Entropy (8bit):5.400770090011367
                          Encrypted:false
                          SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbK:5g
                          MD5:7730848CA39AAEAD8A7F84F6A3DCCD3C
                          SHA1:0792756C59B4684376A16253EB8AF0E88E417DC8
                          SHA-256:48823C3C37B0C9E60BC694434AF77EED5F9D813CB3843D133DA7A2E06C654CB9
                          SHA-512:395C64BD9F7BFB8A98A2A14BB2DD214FCDA9CD79AD7321996D4C585E0B80C5EE8C6C36BC81B426939298D82D637CBAF4C635E1BAEFB43016A7D91E85EFE290A1
                          Malicious:false
                          Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                          C:\Users\user\AppData\Local\Temp\acrocef_low\38d71874-ab04-4389-b1ae-0f999e3db7e6.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                          MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                          SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                          SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                          SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\40450446-502c-4dae-aff6-18adaa6ca144.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                          MD5:18E3D04537AF72FDBEB3760B2D10C80E
                          SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                          SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                          SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                          Malicious:false
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\87626cf8-e120-4089-b9f7-719961725bdb.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                          C:\Users\user\AppData\Local\Temp\acrocef_low\d5630bb1-0ee3-465b-9c06-381942c161d8.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                          MD5:3A49135134665364308390AC398006F1
                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                          Malicious:false
                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                          Static File Info

                          General

                          File type:PDF document, version 1.4, 1 pages
                          Entropy (8bit):5.787948006069064
                          TrID:
                          • Adobe Portable Document Format (5005/1) 100.00%
                          File name:Briefkopf YG Business.pdf
                          File size:51'641 bytes
                          MD5:eb9b257ab180ee2bb68d738473d8f0f3
                          SHA1:6c6d4e404698bb700a408677a9232ab1dddb4a66
                          SHA256:46e69d437c09af59d573bd1ab4cefcd2c6ffcdab913fb33e50e7d411580f60ed
                          SHA512:9e9b0c6118ced1aa6906ad6cf38849d91e3a15a8eeaf903e9eef34e7835986a91767a407fa3e84835db03e2c2fcfecbdefd9b29fed1a3277c55e030ab97389ad
                          SSDEEP:768:Y1atRvjPVXPkJOOBb7zrzvdcfeWZRFJEIG/04vwrL:/zvjPV/kwsmZehIP
                          TLSH:0E3339D189F30DFAF795027569EC0F507238B95B38CA2AC15376F5386DFAEA16283142
                          File Content Preview:%PDF-1.4.%.....1 0 obj.<<./Type /Catalog./Version /1.4./Pages 2 0 R./ViewerPreferences 3 0 R./Lang (de-DE).>>.endobj.4 0 obj.<<./Keywords (DAFLdHTPavs,BAFJkzkoN9I)./Author (Athanassios Fountas)./Creator (Canva)./Producer (Canva)./Title (Briefkopf HAMMA He

                          File Icon

                          Icon Hash:62cc8caeb29e8ae0

                          Static PDF Info

                          General

                          Header:%PDF-1.4
                          Total Entropy:5.787948
                          Total Bytes:51641
                          Stream Entropy:5.718582
                          Stream Bytes:50457
                          Entropy outside Streams:5.271655
                          Bytes outside Streams:1184
                          Number of EOF found:1
                          Bytes after EOF:

                          Keywords Statistics

                          NameCount
                          obj8
                          endobj8
                          stream2
                          endstream2
                          xref1
                          trailer1
                          startxref1
                          /Page1
                          /Encrypt0
                          /ObjStm0
                          /URI0
                          /JS0
                          /JavaScript0
                          /AA0
                          /OpenAction0
                          /AcroForm0
                          /JBIG2Decode0
                          /RichMedia0
                          /Launch0
                          /EmbeddedFile0

                          Image Streams

                          IDDHASHMD5Preview
                          8050104150e0c000c8f61a9b5a8906db68fe75035997ad2c0

                          Network Behavior

                          Suricata IDS Alerts

                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                          2024-10-31T14:59:15.768784+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.549717TCP
                          2024-10-31T14:59:57.462469+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.560993TCP

                          Network Port Distribution

                          TCP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 31, 2024 14:59:15.558465958 CET60816443192.168.2.596.7.168.138
                          Oct 31, 2024 14:59:15.558495045 CET4436081696.7.168.138192.168.2.5
                          Oct 31, 2024 14:59:15.558628082 CET60816443192.168.2.596.7.168.138
                          Oct 31, 2024 14:59:15.558744907 CET60816443192.168.2.596.7.168.138
                          Oct 31, 2024 14:59:15.558756113 CET4436081696.7.168.138192.168.2.5
                          Oct 31, 2024 14:59:16.314760923 CET4436081696.7.168.138192.168.2.5
                          Oct 31, 2024 14:59:16.315094948 CET60816443192.168.2.596.7.168.138
                          Oct 31, 2024 14:59:16.315103054 CET4436081696.7.168.138192.168.2.5
                          Oct 31, 2024 14:59:16.316123962 CET4436081696.7.168.138192.168.2.5
                          Oct 31, 2024 14:59:16.316195011 CET60816443192.168.2.596.7.168.138
                          Oct 31, 2024 14:59:16.359122038 CET60816443192.168.2.596.7.168.138
                          Oct 31, 2024 14:59:16.359188080 CET4436081696.7.168.138192.168.2.5
                          Oct 31, 2024 14:59:16.359323978 CET60816443192.168.2.596.7.168.138
                          Oct 31, 2024 14:59:16.359333038 CET4436081696.7.168.138192.168.2.5
                          Oct 31, 2024 14:59:16.402672052 CET60816443192.168.2.596.7.168.138
                          Oct 31, 2024 14:59:16.506688118 CET4436081696.7.168.138192.168.2.5
                          Oct 31, 2024 14:59:16.506757021 CET4436081696.7.168.138192.168.2.5
                          Oct 31, 2024 14:59:16.506813049 CET60816443192.168.2.596.7.168.138
                          Oct 31, 2024 14:59:16.507239103 CET60816443192.168.2.596.7.168.138
                          Oct 31, 2024 14:59:16.507249117 CET4436081696.7.168.138192.168.2.5

                          UDP Packets

                          TimestampSource PortDest PortSource IPDest IP
                          Oct 31, 2024 14:59:12.531021118 CET5392253192.168.2.51.1.1.1
                          Oct 31, 2024 14:59:14.925417900 CET53534171.1.1.1192.168.2.5

                          DNS Queries

                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                          Oct 31, 2024 14:59:12.531021118 CET192.168.2.51.1.1.10xce52Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                          DNS Answers

                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                          Oct 31, 2024 14:59:12.538367987 CET1.1.1.1192.168.2.50xce52No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                          Oct 31, 2024 14:59:13.427813053 CET1.1.1.1192.168.2.50x9c4eNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                          Oct 31, 2024 14:59:13.427813053 CET1.1.1.1192.168.2.50x9c4eNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                          HTTP Request Dependency Graph

                          • armmf.adobe.com

                          HTTPS Proxied Packets

                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                          0192.168.2.56081696.7.168.1384431632C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          TimestampBytes transferredDirectionData
                          2024-10-31 13:59:16 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                          Host: armmf.adobe.com
                          Connection: keep-alive
                          Accept-Language: en-US,en;q=0.9
                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                          Sec-Fetch-Site: same-origin
                          Sec-Fetch-Mode: no-cors
                          Sec-Fetch-Dest: empty
                          Accept-Encoding: gzip, deflate, br
                          If-None-Match: "78-5faa31cce96da"
                          If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                          2024-10-31 13:59:16 UTC198INHTTP/1.1 304 Not Modified
                          Content-Type: text/plain; charset=UTF-8
                          Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                          ETag: "78-5faa31cce96da"
                          Date: Thu, 31 Oct 2024 13:59:16 GMT
                          Connection: close


                          Statistics

                          CPU Usage

                          Click to jump to process

                          Memory Usage

                          Click to jump to process

                          High Level Behavior Distribution

                          Click to dive into process behavior distribution

                          Behavior

                          Click to jump to process

                          System Behavior

                          General

                          Target ID:0
                          Start time:09:58:58
                          Start date:31/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Briefkopf YG Business.pdf"
                          Imagebase:0x7ff686a00000
                          File size:5'641'176 bytes
                          MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:2
                          Start time:09:58:59
                          Start date:31/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                          Imagebase:0x7ff6413e0000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          General

                          Target ID:4
                          Start time:09:58:59
                          Start date:31/10/2024
                          Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          Wow64 process (32bit):false
                          Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1640,i,10097200807821530073,9878019752465417983,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                          Imagebase:0x7ff6413e0000
                          File size:3'581'912 bytes
                          MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:high
                          Has exited:true

                          Disassembly

                          No disassembly