Edit tour

Windows Analysis Report
DTG.pdf

Overview

General Information

Sample name:DTG.pdf
Analysis ID:1642017
MD5:7291c170fd32bab98a9305052c5d1207
SHA1:6d9399ad467c9bde39eca88558c0b1b3226b7386
SHA256:61455e571bd64004e29906022ef58547429cd182fd95468c307714d091ff09d4
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
AI detected landing page (webpage, office document or email)
Creates files inside the system directory
Deletes files inside the Windows folder
IP address seen in connection with other malware

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • Acrobat.exe (PID: 7128 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DTG.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 4996 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7204 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1588,i,15125319213121887021,13897611138504499756,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 2288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://aniffs.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPVVuSlFPVVU9JnVpZD1VU0VSMjYwMjIwMjVVMzMwMjI2NTE=N0123N[EMAIL]" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,2675019861959795683,16659478769108317773,262144 --variations-seed-version --mojo-platform-channel-handle=1932 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://aniffs.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPVVuSlFPVVU9JnVpZD1VU0VSMjYwMjIwMjVVMzMwMjI2NTE=N0123NAvira URL Cloud: Label: phishing

Phishing

barindex
Source: PDF documentJoe Sandbox AI: Page contains button: 'OPEN FILE' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'open file'
Source: unknownHTTPS traffic detected: 162.214.69.41:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.185.132:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: Joe Sandbox ViewIP Address: 72.246.169.163 72.246.169.163
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.227
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.227
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.32
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.4
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.160.4
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.77.188
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: aniffs.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: DTG.pdfString found in binary or memory: http://www.pdf-tools.com)
Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.drString found in binary or memory: http://x1.i.lencr.org/
Source: DTG.pdfString found in binary or memory: https://aniffs.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPVVuSlFPVVU9JnVpZD1VU0VSMjYwMjIwMjVVMzMwMjI2NTE=N0123N
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49682
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49681
Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownHTTPS traffic detected: 162.214.69.41:443 -> 192.168.2.6:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.185.132:443 -> 192.168.2.6:49717 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir2288_2052230070Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir2288_2052230070Jump to behavior
Source: classification engineClassification label: mal52.winPDF@62/46@5/4
Source: DTG.pdfInitial sample: https://aniffs.com/o/?c3y9bzm2nv8xx29uzszyyw5kpvvuslfpvvu9jnvpzd1vu0vsmjywmjiwmjvvmzmwmji2nte=n0123n[email]
Source: DTG.pdfInitial sample: https://aniffs.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPVVuSlFPVVU9JnVpZD1VU0VSMjYwMjIwMjVVMzMwMjI2NTE=N0123N[EMAIL]
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-18 13-37-37-273.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DTG.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1588,i,15125319213121887021,13897611138504499756,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://aniffs.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPVVuSlFPVVU9JnVpZD1VU0VSMjYwMjIwMjVVMzMwMjI2NTE=N0123N[EMAIL]"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,2675019861959795683,16659478769108317773,262144 --variations-seed-version --mojo-platform-channel-handle=1932 /prefetch:3
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1588,i,15125319213121887021,13897611138504499756,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,2675019861959795683,16659478769108317773,262144 --variations-seed-version --mojo-platform-channel-handle=1932 /prefetch:3Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: DTG.pdfInitial sample: PDF keyword /JS count = 0
Source: DTG.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A91nyfy3g_110m3vr_ow.tmp.1.drInitial sample: PDF keyword /JS count = 0
Source: A91nyfy3g_110m3vr_ow.tmp.1.drInitial sample: PDF keyword /JavaScript count = 0
Source: DTG.pdfInitial sample: PDF keyword stream count = 26
Source: DTG.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: DTG.pdfInitial sample: PDF keyword /ObjStm count = 7
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link
Windows Management Instrumentation1
Browser Extensions
1
Process Injection
11
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1642017 Sample: DTG.pdf Startdate: 18/03/2025 Architecture: WINDOWS Score: 52 20 x1.i.lencr.org 2->20 22 edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com 2->22 24 3 other IPs or domains 2->24 34 Antivirus detection for URL or domain 2->34 36 AI detected landing page (webpage, office document or email) 2->36 8 chrome.exe 2 2->8         started        11 Acrobat.exe 20 71 2->11         started        signatures3 process4 dnsIp5 26 192.168.2.6, 138, 443, 49424 unknown unknown 8->26 13 chrome.exe 8->13         started        16 AcroCEF.exe 106 11->16         started        process6 dnsIp7 28 aniffs.com 162.214.69.41, 443, 49710 UNIFIEDLAYER-AS-1US United States 13->28 30 www.google.com 142.250.185.132, 443, 49717, 49736 GOOGLEUS United States 13->30 32 e8652.dscx.akamaiedge.net 72.246.169.163, 49702, 80 AKAMAI-ASUS United States 16->32 18 AcroCEF.exe 2 16->18         started        process8

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://aniffs.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPVVuSlFPVVU9JnVpZD1VU0VSMjYwMjIwMjVVMzMwMjI2NTE=N0123N100%Avira URL Cloudphishing
http://www.pdf-tools.com)0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    high
    aniffs.com
    162.214.69.41
    truefalse
      unknown
      e8652.dscx.akamaiedge.net
      72.246.169.163
      truefalse
        high
        edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
        84.201.210.39
        truefalse
          high
          www.google.com
          142.250.185.132
          truefalse
            high
            x1.i.lencr.org
            unknown
            unknownfalse
              high
              NameSourceMaliciousAntivirus DetectionReputation
              http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.3.drfalse
                high
                https://aniffs.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPVVuSlFPVVU9JnVpZD1VU0VSMjYwMjIwMjVVMzMwMjI2NTE=N0123NDTG.pdffalse
                • Avira URL Cloud: phishing
                unknown
                http://www.pdf-tools.com)DTG.pdffalse
                • Avira URL Cloud: safe
                unknown
                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs
                IPDomainCountryFlagASNASN NameMalicious
                142.250.185.132
                www.google.comUnited States
                15169GOOGLEUSfalse
                72.246.169.163
                e8652.dscx.akamaiedge.netUnited States
                16625AKAMAI-ASUSfalse
                162.214.69.41
                aniffs.comUnited States
                46606UNIFIEDLAYER-AS-1USfalse
                IP
                192.168.2.6
                Joe Sandbox version:42.0.0 Malachite
                Analysis ID:1642017
                Start date and time:2025-03-18 18:36:39 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 5m 23s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowspdfcookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:20
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:DTG.pdf
                Detection:MAL
                Classification:mal52.winPDF@62/46@5/4
                Cookbook Comments:
                • Found application associated with file extension: .pdf
                • Found PDF document
                • Close Viewer
                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 2.18.96.131, 52.6.155.20, 3.233.129.217, 52.22.41.97, 3.219.243.226, 172.64.41.3, 162.159.61.3, 2.22.242.123, 2.22.242.11, 199.232.210.172, 216.58.206.67, 142.250.185.238, 172.217.18.14, 142.250.110.84, 142.250.184.238, 216.58.212.142, 142.250.186.46, 216.58.206.42, 142.250.185.202, 142.250.186.106, 142.250.186.42, 142.250.186.74, 142.250.186.138, 142.250.185.234, 172.217.23.106, 142.250.186.170, 172.217.16.138, 172.217.16.202, 172.217.18.10, 142.250.184.234, 216.58.206.74, 142.250.184.202, 142.250.181.234, 142.250.186.142, 142.250.186.174, 172.217.16.142, 2.16.100.168, 142.250.185.110, 216.58.206.46, 199.232.214.172, 142.250.184.195, 142.250.185.195, 142.250.186.110, 142.250.185.78, 216.58.206.78, 88.221.110.91, 23.60.203.209, 172.202.163.200, 23.56.162.204
                • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, a767.dspw65.akamai.net, acroipm2.adobe.com, clients2.google.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtOpenFile calls found.
                TimeTypeDescription
                13:37:47API Interceptor2x Sleep call for process: AcroCEF.exe modified
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                72.246.169.163TOUR PACKAGE 022.vbeGet hashmaliciousUnknownBrowse
                • x1.i.lencr.org/
                Letter Forward to Cabinet Division.pdf .exeGet hashmaliciousUnknownBrowse
                • x1.i.lencr.org/
                HAL-PRIVATBANK Opening Quarter Wage - 1502769396.pdfGet hashmaliciousHTMLPhisher, Invisible JSBrowse
                • x1.i.lencr.org/
                Monday+February+17+2025.pdfGet hashmaliciousUnknownBrowse
                • x1.i.lencr.org/
                S-1-5-21-2450103661-3784623554-249139738-1001.tarGet hashmaliciousUnknownBrowse
                • x1.i.lencr.org/
                Michael.langedijk Vacations and salaries.pdfGet hashmaliciousHTMLPhisherBrowse
                • x1.i.lencr.org/
                http://www.medici.co.za/import-assistance.htmlGet hashmaliciousUnknownBrowse
                • x1.i.lencr.org/
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                e8652.dscx.akamaiedge.netMunsch-Employee-Handbook.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                • 23.209.209.135
                doc Pg 2A gmt_5057363908.pdfGet hashmaliciousHTMLPhisherBrowse
                • 23.192.153.142
                Yasmine Hilal W2, 401(k).pdfGet hashmaliciousUnknownBrowse
                • 23.192.153.142
                virus.pdfGet hashmaliciousHTMLPhisherBrowse
                • 92.123.21.129
                Emarine System Contact Update.pdfGet hashmaliciousHTMLPhisherBrowse
                • 2.19.105.127
                1099-NEC.pdfGet hashmaliciousRHADAMANTHYSBrowse
                • 23.209.213.129
                1099-NEC.pdfGet hashmaliciousUnknownBrowse
                • 23.209.209.135
                resume.pdfGet hashmaliciousUnknownBrowse
                • 23.209.213.129
                f64da42c-e9a8-a0ac-437d-d14377da4643.emlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                • 23.209.213.129
                attach.pdfGet hashmaliciousUnknownBrowse
                • 23.209.213.129
                edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comDarkStreamCloner.exeGet hashmaliciousUnknownBrowse
                • 217.20.57.19
                MT103__8954724926#U00e2__.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                • 84.201.210.23
                C2wQQgyr6v.exeGet hashmaliciousLummaC StealerBrowse
                • 217.20.57.35
                https://auth-ca--ndax--console.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                • 217.20.57.34
                qdS0ohqZBN.exeGet hashmaliciousVidarBrowse
                • 84.201.210.39
                Sipari#U015f Onay#U0131.xlam.xlsxGet hashmaliciousUnknownBrowse
                • 217.20.57.20
                virus.pdfGet hashmaliciousHTMLPhisherBrowse
                • 217.20.57.20
                Emarine System Contact Update.pdfGet hashmaliciousHTMLPhisherBrowse
                • 195.33.199.28
                v4mNsTzbsL.exeGet hashmaliciousXWormBrowse
                • 217.20.57.19
                92.255.85.2.ps1Get hashmaliciousXWormBrowse
                • 84.201.210.39
                bg.microsoft.map.fastly.netMunsch-Employee-Handbook.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                • 199.232.214.172
                39h66rab6ub.ps1v.ps1Get hashmaliciousXWormBrowse
                • 199.232.210.172
                AgnotSecurity.exeGet hashmaliciousUnknownBrowse
                • 199.232.214.172
                CompiledProject.exe.bin.exeGet hashmaliciousLummaC StealerBrowse
                • 199.232.210.172
                lnstaII.exe.bin.exeGet hashmaliciousLummaC StealerBrowse
                • 199.232.210.172
                NWpNjnx.exe1.exeGet hashmaliciousVidarBrowse
                • 199.232.210.172
                lnstaII.exe.bin.exeGet hashmaliciousLummaC StealerBrowse
                • 199.232.214.172
                89.23.107.240.msiGet hashmaliciousDanaBotBrowse
                • 199.232.210.172
                https://www.qc8btr.com/erk88azt/Get hashmaliciousUnknownBrowse
                • 199.232.210.172
                http://172.67.215.43Get hashmaliciousUnknownBrowse
                • 199.232.210.172
                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                UNIFIEDLAYER-AS-1UShttps://gqp37f3i3u.us-east-1.awsapprunner.com/#nik@karash.bizGet hashmaliciousHTMLPhisherBrowse
                • 173.254.28.213
                http://ajrdn.qqmasonry.com/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                • 192.185.198.213
                hgfs.mpsl.elfGet hashmaliciousUnknownBrowse
                • 198.1.102.65
                virus.pdfGet hashmaliciousHTMLPhisherBrowse
                • 192.185.25.215
                https://docs.faxcloudstorage.de/uTN1QGet hashmaliciousHTMLPhisherBrowse
                • 69.49.230.198
                https://docs.faxcloudstorage.de/uTN1QGet hashmaliciousHTMLPhisherBrowse
                • 69.49.230.198
                Sat#U0131nalma Sipari#U015fi Q4-2025-V5560001.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                • 192.254.225.136
                K9PwdfoVnG.exeGet hashmaliciousAgentTeslaBrowse
                • 192.185.13.234
                hgfs.arm.elfGet hashmaliciousUnknownBrowse
                • 162.144.96.69
                sora.mips.elfGet hashmaliciousMiraiBrowse
                • 142.5.110.20
                AKAMAI-ASUShttps://crazy-moments.com/Get hashmaliciousUnknownBrowse
                • 2.19.244.157
                https://mab.to/t/ZuukBeOHjSQ/eu1Get hashmaliciousHTMLPhisherBrowse
                • 92.123.12.181
                Play Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisherBrowse
                • 184.31.53.25
                7T7bCyA.exe1.exeGet hashmaliciousLummaC StealerBrowse
                • 104.73.234.102
                https://acrobat.adobe.com/id/urn:aaid:sc:EU:cef22cee-e97f-4efd-9256-9a2eaeaf8ce5Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                • 2.19.105.89
                NWpNjnx.exe1.exeGet hashmaliciousVidarBrowse
                • 2.16.202.85
                https://mcas-proxyweb.mcas.ms/certificate-checker?login=false&originalUrl=https%3A%2F%2Fuser.mxhemlock.com.mcas.ms%2F67cf5cc2c98f50010c977283%2Fl%2FHv7qKvsUB0cRchSlE%3Frn%3D%26re%3DgIt92YuwWah12ZARjMn5WarRWYlxWZoRnI%26sc%3Dfalse%26McasTsid%3D20596%23user_email%3Dcassandra.calpe%40cfainstitute.org%26fname%3DCassandra%26lname%3DBecerra&McasCSRF=57c9b97c65d2c90c6a2c27b6584a511a97f57752289aca897fe7252a6b88ff8fGet hashmaliciousHTMLPhisherBrowse
                • 2.19.106.98
                MT103__8954724926#U00e2__.svgGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                • 2.19.198.217
                pM3C52Iz80.exeGet hashmaliciousUnknownBrowse
                • 23.60.203.209
                build22.exeGet hashmaliciousStealeriumBrowse
                • 23.40.179.44
                No context
                No context
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):298
                Entropy (8bit):5.259723390614795
                Encrypted:false
                SSDEEP:6:iOGotBVq2PN72nKuAl9OmbnIFUtooKlgZmwCoKlIkwON72nKuAl9OmbjLJ:7GobVvVaHAahFUtooKlg/CoKlI5OaHAR
                MD5:ED70EACEDDFB4B8B3E809692195DEF50
                SHA1:EB2204F78D94576E870C15F02A730A68B681BA2A
                SHA-256:332253A9E2CF64DF55D1DA2FDA2E1A9716C95AAE8ACD93D6E2C859410BDEB49F
                SHA-512:9D7B3D6AAE1ED42944B63096990DE2FA104740A102A0406B560C704CFE25EC838CB8B17DB62019A3D9564BC9E8B3A8BFEA6A40CB93E2C03E30EFA8445DED9AB2
                Malicious:false
                Reputation:low
                Preview:2025/03/18-13:37:35.469 1674 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/18-13:37:35.583 1674 Recovering log #3.2025/03/18-13:37:35.583 1674 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):298
                Entropy (8bit):5.259723390614795
                Encrypted:false
                SSDEEP:6:iOGotBVq2PN72nKuAl9OmbnIFUtooKlgZmwCoKlIkwON72nKuAl9OmbjLJ:7GobVvVaHAahFUtooKlg/CoKlI5OaHAR
                MD5:ED70EACEDDFB4B8B3E809692195DEF50
                SHA1:EB2204F78D94576E870C15F02A730A68B681BA2A
                SHA-256:332253A9E2CF64DF55D1DA2FDA2E1A9716C95AAE8ACD93D6E2C859410BDEB49F
                SHA-512:9D7B3D6AAE1ED42944B63096990DE2FA104740A102A0406B560C704CFE25EC838CB8B17DB62019A3D9564BC9E8B3A8BFEA6A40CB93E2C03E30EFA8445DED9AB2
                Malicious:false
                Reputation:low
                Preview:2025/03/18-13:37:35.469 1674 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/18-13:37:35.583 1674 Recovering log #3.2025/03/18-13:37:35.583 1674 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):342
                Entropy (8bit):5.151671405304191
                Encrypted:false
                SSDEEP:6:iOG8BGkQ+q2PN72nKuAl9Ombzo2jMGIFUtoopdWZmwCopQVkwON72nKuAl9Ombzz:7G8Bc+vVaHAa8uFUto8W/CbV5OaHAa8z
                MD5:BD80C7EA28A2B9F5D2DF3D5BDE2B210D
                SHA1:05678C0DB814C73F8AAF76424F51E71AAC96656F
                SHA-256:685A34255483F26D8A7786E23578288C9DF497858C1963BD0554681C145353F3
                SHA-512:F409B6C981F03C71D06D4B03A126EE7C94C0898F56AB9D4C03020166EE3C9C245051A5F0D6923463658BCBC01F48140F1F25BB7CB3C6412F17BDB75656B8BDD6
                Malicious:false
                Reputation:low
                Preview:2025/03/18-13:37:35.285 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/18-13:37:35.290 1c3c Recovering log #3.2025/03/18-13:37:35.290 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):342
                Entropy (8bit):5.151671405304191
                Encrypted:false
                SSDEEP:6:iOG8BGkQ+q2PN72nKuAl9Ombzo2jMGIFUtoopdWZmwCopQVkwON72nKuAl9Ombzz:7G8Bc+vVaHAa8uFUto8W/CbV5OaHAa8z
                MD5:BD80C7EA28A2B9F5D2DF3D5BDE2B210D
                SHA1:05678C0DB814C73F8AAF76424F51E71AAC96656F
                SHA-256:685A34255483F26D8A7786E23578288C9DF497858C1963BD0554681C145353F3
                SHA-512:F409B6C981F03C71D06D4B03A126EE7C94C0898F56AB9D4C03020166EE3C9C245051A5F0D6923463658BCBC01F48140F1F25BB7CB3C6412F17BDB75656B8BDD6
                Malicious:false
                Reputation:low
                Preview:2025/03/18-13:37:35.285 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/18-13:37:35.290 1c3c Recovering log #3.2025/03/18-13:37:35.290 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:JSON data
                Category:modified
                Size (bytes):475
                Entropy (8bit):4.972225950634431
                Encrypted:false
                SSDEEP:12:YH/um3RA8sqmRasBdOg2HNcaq3QYiubcP7E4T3y:Y2sRds3VdMH83QYhbA7nby
                MD5:DFC54A53E0A65A1802A10F2C246DBCD4
                SHA1:AA8129DD56E3D7406AC025EBE0275CFEFA20D270
                SHA-256:089BAC3679E8614473C13A9AEF50BD20FF5069B857A563A281B5C9DDAE0B25D1
                SHA-512:49BC893FA0AB06DAF38BE9B835AF59CFA2FA8FC2F62200FDAABACD8A35A5E720EA06B51B9231B92A5C4BC71006E8985245666B27D720CC9436A8BAE60451212D
                Malicious:false
                Reputation:low
                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386879467006582","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":114836},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):475
                Entropy (8bit):4.972225950634431
                Encrypted:false
                SSDEEP:12:YH/um3RA8sqmRasBdOg2HNcaq3QYiubcP7E4T3y:Y2sRds3VdMH83QYhbA7nby
                MD5:DFC54A53E0A65A1802A10F2C246DBCD4
                SHA1:AA8129DD56E3D7406AC025EBE0275CFEFA20D270
                SHA-256:089BAC3679E8614473C13A9AEF50BD20FF5069B857A563A281B5C9DDAE0B25D1
                SHA-512:49BC893FA0AB06DAF38BE9B835AF59CFA2FA8FC2F62200FDAABACD8A35A5E720EA06B51B9231B92A5C4BC71006E8985245666B27D720CC9436A8BAE60451212D
                Malicious:false
                Reputation:low
                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386879467006582","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":114836},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:data
                Category:dropped
                Size (bytes):5859
                Entropy (8bit):5.250205025075013
                Encrypted:false
                SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE73C5TZ:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzhY
                MD5:9A2361B27925237230CACD52724473AD
                SHA1:28E9AD37F1842CC6C4E06D5E4D118B15D262C8BE
                SHA-256:279CC88733F9A2722D437A18A1F7E2AA9DD894E31CDBD0C706279EEE0DBC1B3F
                SHA-512:AD78A2AE6E329E304308EDDC44DBD3A3BA91AAF80E28F3153C21F24F3F910C0E22DFD895980794E45C3E8D81595010559554C6D664B21CD075400D60F46BD78B
                Malicious:false
                Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):330
                Entropy (8bit):5.159528211638248
                Encrypted:false
                SSDEEP:6:iOGKpQ+q2PN72nKuAl9OmbzNMxIFUtoKVMdWZmwCKNQVkwON72nKuAl9OmbzNMFd:7Gz+vVaHAa8jFUtofW/CnV5OaHAa84J
                MD5:F77FAD8A1332535A33A8FB3CD4EBECB5
                SHA1:6183D8C34054D852DC751DCB3E69D738AE554D18
                SHA-256:5055CD21F1AB85ABFD974804A5EAD882379755F60A24D3A19A17AE211A237CF5
                SHA-512:E7EF0B11BC14011E1ED604AE9ED1EE623C98BBFAF032C4540C05D332A968B1124C9286DE56415A61778108D5A7CCE986BD469E0055BF94E23B0EF634DDA71D10
                Malicious:false
                Preview:2025/03/18-13:37:35.621 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/18-13:37:35.622 1c3c Recovering log #3.2025/03/18-13:37:35.625 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:ASCII text
                Category:dropped
                Size (bytes):330
                Entropy (8bit):5.159528211638248
                Encrypted:false
                SSDEEP:6:iOGKpQ+q2PN72nKuAl9OmbzNMxIFUtoKVMdWZmwCKNQVkwON72nKuAl9OmbzNMFd:7Gz+vVaHAa8jFUtofW/CnV5OaHAa84J
                MD5:F77FAD8A1332535A33A8FB3CD4EBECB5
                SHA1:6183D8C34054D852DC751DCB3E69D738AE554D18
                SHA-256:5055CD21F1AB85ABFD974804A5EAD882379755F60A24D3A19A17AE211A237CF5
                SHA-512:E7EF0B11BC14011E1ED604AE9ED1EE623C98BBFAF032C4540C05D332A968B1124C9286DE56415A61778108D5A7CCE986BD469E0055BF94E23B0EF634DDA71D10
                Malicious:false
                Preview:2025/03/18-13:37:35.621 1c3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/18-13:37:35.622 1c3c Recovering log #3.2025/03/18-13:37:35.625 1c3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:PC bitmap, Windows 3.x format, 164 x -92 x 32, cbSize 60406, bits offset 54
                Category:dropped
                Size (bytes):60406
                Entropy (8bit):1.8641571686893625
                Encrypted:false
                SSDEEP:192:4BNnXaToOdPsc1jQA58dJQmRkwbYjcYxTygRPQ0xP8+b0buCwX3OiIaQuE:47nXalsoN8vkY2R4SLCs3t9Qt
                MD5:DDB9DD33A3AA0256C96E83DF0A2032E8
                SHA1:8BC8FD7B3C9CDAE90B20E90855DAF00F6E9CEFBF
                SHA-256:26FF0CF0661D7B863A92DDA0EEA901B7D66E20C865493D2269503751BCE60D40
                SHA-512:24B1E614C750A2E57F4F6ECEB505788480B1FD37B980A1852A500612DDFBC12660CF00FC84FBB6D61E514AA399CAA6241A21DB638141111A25DDB6761FB06234
                Malicious:false
                Preview:BM........6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                Category:dropped
                Size (bytes):86016
                Entropy (8bit):4.445177150093161
                Encrypted:false
                SSDEEP:384:ye6ci5tpiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mKs3OazzU89UTTgUL
                MD5:336703201A40243D68CAFAE6A056F5E4
                SHA1:0834DC09C3B8CD1DAE39C0302A74653E7A982DFD
                SHA-256:5E2DF8419A685A8FFEFE28CAEE2D84461D73665C0EF21A8B2E4689D2F8FE659F
                SHA-512:B020680D6A1FCCAB2749E719BD925EFA1573547B0A174D731532661B95D9D680C995CF697897FB26141396EA47508E03D02D23F8DBACDF611E5174EF0C3998E6
                Malicious:false
                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite Rollback Journal
                Category:dropped
                Size (bytes):8720
                Entropy (8bit):3.77092263201687
                Encrypted:false
                SSDEEP:48:7MDJioyVrioyXoy1C7oy16oy19KOioy1noy1AYoy1Wioy1oioykioyBoy1noy1Of:7IJurZQXjBi2b9IVXEBodRBkD
                MD5:E9B00311198A72DF04641BA84CA7B135
                SHA1:D60D1F133D9664FA3DF957017B54410DD7075939
                SHA-256:AFB030919145294D03F32F02E81C6FEF2259CF91612BC8A1BA66EB3F0DDEE20C
                SHA-512:C94C59597FDC9D67E337CAA33ABE9D192AC11ECCEF01A2558175E7C5F1225C064F49BF7A6E5E9E0735547B32BE2FEE67E0DA3D2B9F9005953A24FA2D286C931C
                Malicious:false
                Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:Certificate, Version=3
                Category:dropped
                Size (bytes):1391
                Entropy (8bit):7.705940075877404
                Encrypted:false
                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                Malicious:false
                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                Category:dropped
                Size (bytes):73305
                Entropy (8bit):7.996028107841645
                Encrypted:true
                SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
                MD5:83142242E97B8953C386F988AA694E4A
                SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                Malicious:false
                Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:data
                Category:dropped
                Size (bytes):192
                Entropy (8bit):2.7673182398396405
                Encrypted:false
                SSDEEP:3:kkFkl5ZTd/XfllXlE/HT8kio/jNNX8RolJuRdxLlGB9lQRYwpDdt:kK4d/IT88pNMa8RdWBwRd
                MD5:C2AB131EDCACEE5E0189536B8FB7D1B8
                SHA1:3D0825BFA606B526AC5386F8CC498B2C4AE7B974
                SHA-256:BABD5DE2051F1B1BD309291B4C8C5787227DE613BB8EB2AE3F026FD8E54C4112
                SHA-512:9F0C17F9728B5643C0060BC2DA090AA0464ACAD2E1D393938DACABF47B5C602437164EBC7DDC19DC37987960CC0D9F37BC2FCA586DE21248A948271E38A2DA9C
                Malicious:false
                Preview:p...... ..........v,...(....................................................... ..........W....G...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:data
                Category:modified
                Size (bytes):330
                Entropy (8bit):3.287136292755414
                Encrypted:false
                SSDEEP:6:kKPkLlemcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:nbmfZkPlE99SNxAhUeq8S
                MD5:F0B9FDA3FEB70D5A7A33817BFED71BE0
                SHA1:F516BD643F7102B052A84650C953022551967A6C
                SHA-256:67D87BAF04BF80519E3178600EA62A31DB41DCA05892EA074F51BB4ED3504B0F
                SHA-512:D38C35C6D8CE6AAF8F44322629930830EDA848E2C3E73E29777BE9D78069FDC0CC0F65ED6B8867AC2F39776C10A642E9B50BD381F791BB723D9670520B11E799
                Malicious:false
                Preview:p...... ........Xy.,...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:data
                Category:dropped
                Size (bytes):229689
                Entropy (8bit):3.3860380622488884
                Encrypted:false
                SSDEEP:1536:qKPCWiyzDtrh1cK3XEivK7VK/3AYvYwgf/rRoL+sn:XPCwJ/3AYvYwgXFoL+sn
                MD5:E9535180F83BA631DBD0AF1B32094DA4
                SHA1:B51C45130BCBBA85C39333B86AE2F9AEF1FB5430
                SHA-256:2D5C6A18C2CADB9324162240AE8845318D2E8565C2E4B1A1CF3A22B72ACAD9BC
                SHA-512:B4B57C412BD30E1322316EB4AA8693DEDB7AE5B5600EC8A0B134BCB12FA598EB50269A542454C227EA1E7462F06484652A219A5E11A05FF1902D16B10ECC6EC5
                Malicious:false
                Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):295
                Entropy (8bit):5.345547487864174
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJM3g98kUwPeUkwRe9:YvXKXSLf0cDsGMbLUkee9
                MD5:BBCEB4E058558B88D8E56D1F832943D6
                SHA1:AAEB12558D8BE95361843C2742B0536051821B0E
                SHA-256:67E89F512CA1A26F73D874ABF4DE46C18EE31D4E983FC36F2D430129D21F790C
                SHA-512:6DAF2FCB14225BDB06461AC483E187AC69F5D1FB539C671F2A8F6892A57BC3E292CB3B6D4625E2F387F5B080FF0F838DA454AB620FA9054AF93EC9DE365488A1
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):294
                Entropy (8bit):5.296765910238248
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfBoTfXpnrPeUkwRe9:YvXKXSLf0cDsGWTfXcUkee9
                MD5:953C34329FDDB72B359EFDC8304F92B5
                SHA1:DD6B5D9FE32BF17E0413EBA2616BFE747BCE27A6
                SHA-256:C8DBAD5E52FFF62A671BC60E82E6841AEA185369B57CB3DD16F163DFC5513855
                SHA-512:17E8417DB7B8ADB637C0F9A34D2D11443F020CA2F00CC9C1D8975DD9564721E8690D2AF19858E4B577D7AEF9922383558F0F38EA1EE7BBDA1B8099C1F75A3DD2
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):294
                Entropy (8bit):5.274238159441876
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfBD2G6UpnrPeUkwRe9:YvXKXSLf0cDsGR22cUkee9
                MD5:FDDD164813D5529A8CDBADB2EC68164A
                SHA1:63E60119636F6E9E4BC35248553CB9763027EB01
                SHA-256:907683CF3A9A782B2ACEDD75C2D968D65B2AC45988FF5357FF43659D794DD14D
                SHA-512:12BC4DFB79A796B0378723AEA72DDCB8A13D713354E3192AF7D2BD8E6613BB111D5F1955D3657ACB31F473687EDB3FA331B7C584380C48301215C79B03CFEE25
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):285
                Entropy (8bit):5.3249449442841446
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfPmwrPeUkwRe9:YvXKXSLf0cDsGH56Ukee9
                MD5:AF32B0F8B545E6195DAA30F74B104237
                SHA1:891DD7DB79E9CF16B197D80BFAEB08907CDF37B3
                SHA-256:46A2B9685E43E14EF3858A6D640F5BCCF09FF8CE6373B54723CB36DE81B6C88D
                SHA-512:4C17D3379E4E87FC0159799FC1FA9D11451EBA8CD59C649E1155DC46C3602E1098F0FDFAD1F6E0BA32F6F6EA375EC531B88726C36B63E8526DF6ACFF6F69DB90
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2113
                Entropy (8bit):5.838067496150041
                Encrypted:false
                SSDEEP:24:Yv6XSLfZDJpLgEGycjycR84bNerISIedJGWQxiE5iODneLKnlYMfNcQbpEsrAr3a:YvvLdJhgly48Y/TWCjiOumNcvKOrkUm1
                MD5:46C3751E50EA79456A46D88E8617FD96
                SHA1:7BAE9CD16C74826F5E60F45BEFE4E852548A9B8B
                SHA-256:006FB7956F1CB25B861994268A705D1D8699912E5684FE2EA6C3522CD55311EE
                SHA-512:9B3B2ECB2B588169E77A3705F8CFC81A78072E7F953AAC640FA91957CFBB288AF905E5BFEAB93186B6FAA965B764A2E4BEC48341D4BA4649E21ACA1EEE28625A
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):289
                Entropy (8bit):5.2726109143406825
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJf8dPeUkwRe9:YvXKXSLf0cDsGU8Ukee9
                MD5:CFC9109C64E38BB88DBECEA4832CD84A
                SHA1:11C74B221939641ACAA87DC6E09EE04B71539067
                SHA-256:5A96B0C8421585A06629600508907C8F001B4D4A05F753844137FBBA9E04C40F
                SHA-512:C3B15022603007A076BA3F5D2D6DC029067EB88744927F3CE4ACFA1D1A09F3834262A0A557CCC364A838DB453593473F7AEAF8917BEEF146A36B684BA4ECE158
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):292
                Entropy (8bit):5.2766609456667
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfQ1rPeUkwRe9:YvXKXSLf0cDsGY16Ukee9
                MD5:7D21954CA837DCA2D5E46D0FE15A0E7F
                SHA1:81D363FC1605A09342909519C460481B4014FAFF
                SHA-256:842F5258BB5BD6F578DDDC7A5E54E6BBFF79E47BEB63B977488ECB64B89CC4E5
                SHA-512:0CF30ADFE7BFA1898A08FEE0EA90F99817DB5BACA2AB8A20FD9710D8FBDBED8D4487C38F3A3451DC78C27482A7F533D18B2EC4C637A92B735246FE4D8CB1A328
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2064
                Entropy (8bit):5.819479880844224
                Encrypted:false
                SSDEEP:48:YvvLdEogbN48l/GiyLVzyODRHKOkQDcSmjWAm1:Gjdjg54Y/IVO4QOkQoSmu1
                MD5:3D888F758DFD190AE2C3C4DA0073A60D
                SHA1:62489A3E54C6B14BA7AAF87990EE5084BB97A21D
                SHA-256:B2EA1B533BF8827090E38E503DA7FB4C2144B7E644AA8A5D008CBD15D3160A81
                SHA-512:4EB5E496A15CEEE316890259FCE55769D231FD3E6DBA1DF2022FA989022DFD633F31D863790B764A6F7E61C2918EE75579C3D30F1AB8D3302A63A3ABDEB2D9E4
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):295
                Entropy (8bit):5.300211634270544
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfzdPeUkwRe9:YvXKXSLf0cDsGb8Ukee9
                MD5:37E195E46B9AFC59931CFD46946000A7
                SHA1:3623D50B719C968BAACE037A75DEDF02FD1CF538
                SHA-256:56C66DA2D598C3CE5A0ECB3B907FD649E8F8B2A565CC0AE8F323C029CE192A8B
                SHA-512:8C03DDF838FF6FBA376140ED0FA884D2E1761A720FE5417C64390E0F955184D021DCECA0475C6845841961DA45AC86D8DB77F8D1DB22ECB8B206F4DA22B5AD9D
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):289
                Entropy (8bit):5.281247800352233
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfYdPeUkwRe9:YvXKXSLf0cDsGg8Ukee9
                MD5:AD8581A4E38D00EB3BCC8BD5EF72EB45
                SHA1:73483AA25A8824EB7B6E4886917D99B5B8ADB1BB
                SHA-256:35949B44931B6C9545A126EDF37F507624B64A12F1B9A65B2AD460BAC420F07E
                SHA-512:52F82587D6FEB9EB3C89CF522D3DDF70E676BDBAD7279BB977CA8B0AC70E80561B6040E473ACE4B96E0A39872837F8669604A0A7D0B4741B947109A2E656703A
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):284
                Entropy (8bit):5.266968028815111
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJf+dPeUkwRe9:YvXKXSLf0cDsG28Ukee9
                MD5:4177E00F235530D49D0C8475A91A5B31
                SHA1:08C5750D06190884D06E406D03466F3AACC5D745
                SHA-256:51EA2486DB1B397892AC10B0C0B632E31B5ED98C06546E09E84C81CBBF242D74
                SHA-512:8DB66626FEFE69E732783FB09972018ACBD4C35860D264DA4CBE23D8CBCA3A930F4EF081F2A1838F4EDAA694AB3626ECCC0A8E7B8CD75CBD6AA584768B1F43D9
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):291
                Entropy (8bit):5.264923779123332
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfbPtdPeUkwRe9:YvXKXSLf0cDsGDV8Ukee9
                MD5:4AA75B1CAF5A00B15E3D00F6F2DED76F
                SHA1:4F07B3860A075D18B610CDA66EFF8D42C8DD904D
                SHA-256:2366AD668797DB657B2942D4369848F90C1CFBA68D2F209F4E44A3EE800D3C91
                SHA-512:9BDA2A35CDAD391254186AF3468256335C2B124E9DD64DF067639F3F9906C6E441B42C71449C79498AF508A051DC10D460472DE08194F08C5173EA959A4C3F88
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):287
                Entropy (8bit):5.268885509077539
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJf21rPeUkwRe9:YvXKXSLf0cDsG+16Ukee9
                MD5:B723D068E6587D6EC4DEE5744014C725
                SHA1:B869B31BA4B2F5AC376FFF0F1B8D8CC0DE395B3F
                SHA-256:62E8D2956C35622D6FA1C0F196CC47B94E6B9060BB7431759EA7E137F6B44866
                SHA-512:47009F378051951EC1C44A4BA2F29A2E812EDC05E9E578E61A59005E5AE79A2E8E20814208220BD41CC3346ACF484093D15984A5E187C8E7B20E82D9A9BCC771
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2012
                Entropy (8bit):5.834356865553892
                Encrypted:false
                SSDEEP:24:Yv6XSLfZD5amXayLgEdycgNaLcR84bqerISIQ1iyLPZYMWD8W3V1LFnU6QHlOBIM:YvvLdFBgBG48j/SiyLVWOAI13kUm1
                MD5:1230EA0A47492154D51C5F948BFE8C2E
                SHA1:EFCE9150BBDB792C5FEBC5169E32CB085F7C0143
                SHA-256:05BAD88171AD8764D49DFF4DBF2F8ECC5AFEAEDAA4E6A51E1F133A3B8DEE7FC8
                SHA-512:F76CD5A4004FB584A61A7A3009426748DDA2C8FBF029543FEE654B9AF6FDADDDEF816CFAB87F46D363E0EFA65ACE601DE25573A87A8278536AF1037DDFE86989
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):286
                Entropy (8bit):5.244594095165946
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJfshHHrPeUkwRe9:YvXKXSLf0cDsGUUUkee9
                MD5:AB1D9856A680E381A69679B71A921CAB
                SHA1:CDF3BE7BD4BC7B09AE1E91433F1B23E422A8AE64
                SHA-256:834B5B53D163BBDEF4CA0FB8FD98E1693029583F759DC634B3B0A9A4A96041FC
                SHA-512:9E4CC0A5403F64BAFE820314599B102B01D7881A7D591525FF3145D774A2EEFB96488398E7DB7ABE0E8BB0C4A541CD8FF79F7F08E3879F6C0F6E7C7138B92228
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):282
                Entropy (8bit):5.249790177636265
                Encrypted:false
                SSDEEP:6:YEQXJ2HXHye6vn0nZiQ0YWH82DoAvJTqgFCrPeUkwRe9:YvXKXSLf0cDsGTq16Ukee9
                MD5:48E81EF9CD262521447E9FDB616D0117
                SHA1:C998F4D48CB7CE24CEDAF53DA1E13202E45EF632
                SHA-256:ABB6E792DF8A55E0CB2188467169553F3D436677CADFAC43FF48B49FD9A79EBE
                SHA-512:7988DB248D23D4C37A3E86105FE5DF15B87A03BBCBA929EC3E899468395EA52F715090FD04078FE77F6A79E5E3DEE66F398266AD8A7EEE65B12B412193C67D7C
                Malicious:false
                Preview:{"analyticsData":{"responseGUID":"0f2e8732-6af9-4c49-aad1-b15acccad356","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1742492366140,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:data
                Category:dropped
                Size (bytes):4
                Entropy (8bit):0.8112781244591328
                Encrypted:false
                SSDEEP:3:e:e
                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                Malicious:false
                Preview:....
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:JSON data
                Category:dropped
                Size (bytes):2815
                Entropy (8bit):5.122073106561737
                Encrypted:false
                SSDEEP:48:Ylc8IUI0PA0N3q+dKQqOlnjp0bOTi8mK5j4/709hJRl:qo0N6KBthOKdgKf
                MD5:34D7083349824504B37EC6D69AC22FA2
                SHA1:068D0E2E9D2247645EE8DB8ACC0CB73C1446E72F
                SHA-256:F8DC3D1319F1891904300E7FAF860EB7684FF5CF0F7E4EC998722F3C97D8D7D4
                SHA-512:5F12D0484E52D5598CE4FDE850E83CC2B26768CCC07065E15B0D789FBCEF98373F4123B9AF63B1E7114BFA12A7D379AF9CB3AA134505585A6ECF2F75DC4AC5C5
                Malicious:false
                Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"6db96bba05493607828b697010b1a403","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742319460000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"601598d37eb54b20dabc4ee038cad1b7","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2012,"ts":1742319460000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"85f09f0221db6066feda2d7def035632","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2113,"ts":1742319460000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"b618b99ce87223ba2cbc41170d096a72","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2064,"ts":1742319460000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"de426dffbc314ace190d469695585f04","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742319460000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"9ea4c9bf6f7e39ef43421982f2cfa0ad","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
                Category:dropped
                Size (bytes):12288
                Entropy (8bit):1.1448841687994387
                Encrypted:false
                SSDEEP:24:TLhx/XYKQvGJF7ursVfvxbRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUm:TFl2GL7msLXc+XcGNFlRYIX2v3ka
                MD5:00843D0EC9E1E70AE2FE4818F1B841BA
                SHA1:ACB07217957A27C15E70F18791D2EB61A063591F
                SHA-256:44787C629CA0C42263E226EF45B87CE277DB087E64DEEAC145D1D882161B3B41
                SHA-512:A6FD15B6BAF151C1A19C2370BC1058277B92095ADEF2A9D8D5F1ABD051136042E546EADAF206A50A9B091B116BD41A0CA934FAE2C79F0F6F303427974F08DE53
                Malicious:false
                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:SQLite Rollback Journal
                Category:dropped
                Size (bytes):8720
                Entropy (8bit):1.5504602361687334
                Encrypted:false
                SSDEEP:24:7+tw1fvxbUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLuxBqLxxs:7Mw8Xc+XcGNFlRYIX2vEqVl2GL7msun
                MD5:B20722EC68C343A308EC501BCAAE9A9E
                SHA1:93CA46CEB83BCC8B335B681D892566F53712AA9A
                SHA-256:F7FE9FF5066F2BD92B2C42B392B1386FF027AFEF85FBEB018A1092DF6425B577
                SHA-512:C1B765287347D696501AF7D757A301A2A22428B8901F435EF98DD26FAEE8C7E15851BD7E36DE089A53ED74F877CFD2AD27FF27AF41D88029BBC4A8FDBCCD268D
                Malicious:false
                Preview:.... .c.....7.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                Category:dropped
                Size (bytes):246
                Entropy (8bit):3.5309417490522437
                Encrypted:false
                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKUVlEKeCH:Qw946cPbiOxDlbYnuRKSUcKzH
                MD5:70E8B6DC01398AF45A324F0B75E7F7F2
                SHA1:407B4FF2B391B9035F42ECBC9549413A16CABA9B
                SHA-256:22E33B1ACA6376A8C13EEA1DFCCD3FFE3D743A444E44863E2F8B322C85671A8F
                SHA-512:2EA7944517A86EC2008EF6460932FA261FFB602244D4F09149444C4C3FEC440FBFFD143750C15A2B6522F308E128FA6EBFDE6A21E819403A19EB561981ED074A
                Malicious:false
                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.8./.0.3./.2.0.2.5. . .1.3.:.3.7.:.4.2. .=.=.=.....
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:PDF document, version 1.6, 0 pages
                Category:dropped
                Size (bytes):358
                Entropy (8bit):5.107170789398399
                Encrypted:false
                SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOtjBMTCSyAAO:IngVMre9T0HQIDmy9g06JXwTlX
                MD5:A1727E012D9B183ED21674BCF94A9C6D
                SHA1:D7CF63D31BA8ACFB827787D4181279E4E54B1151
                SHA-256:4E0D7FA4DC658186355E12F5D7643A26E40EDA6D877D0A8195262A52C61142C8
                SHA-512:B7D41F4E62753261A3EF881AB3017285854E61C4B4D7AA725DD17513D3EAF4D4732D572723DC27862719DB2598FB0AC3CBDB3B5B4EBF8979656AA93D01FB8FD8
                Malicious:false
                Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<8337D641AEBB4A49B1A7AA85C59D83C7><8337D641AEBB4A49B1A7AA85C59D83C7>]>>..startxref..127..%%EOF..
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:ASCII text, with very long lines (393)
                Category:dropped
                Size (bytes):16525
                Entropy (8bit):5.338264912747007
                Encrypted:false
                SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
                MD5:128A51060103D95314048C2F32A15C66
                SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
                SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
                SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
                Malicious:false
                Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                Category:dropped
                Size (bytes):15112
                Entropy (8bit):5.351719444954036
                Encrypted:false
                SSDEEP:384:Ci8jxDEXvc5PtA6U5drrACea+tkj2YNfgTHR7D0hogXEW6uxOxOxDxJxxgxRxgxQ:HiH
                MD5:AA24050EC4C44E3A5E5F608D11297B83
                SHA1:6ED262070BE171FB743B2896153EDFFE255810BE
                SHA-256:0AFF230A5CCCD6EE4F229ED5D654F03025B11631D6A2ACE12FB7393643133912
                SHA-512:A65CC3F91F0DD1233B2F02E9D9E46F340A5F110CC0B6AE0A9CEF0081FF4F45494D0639FDD9BAFA61643023F840DDF2BB28CB91BCC9D25440F94C3CA1A8650797
                Malicious:false
                Preview:SessionID=7d96d460-e7c4-441e-a652-abcee15da690.1742319457288 Timestamp=2025-03-18T13:37:37:288-0400 ThreadID=7720 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=7d96d460-e7c4-441e-a652-abcee15da690.1742319457288 Timestamp=2025-03-18T13:37:37:304-0400 ThreadID=7720 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=7d96d460-e7c4-441e-a652-abcee15da690.1742319457288 Timestamp=2025-03-18T13:37:37:304-0400 ThreadID=7720 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=7d96d460-e7c4-441e-a652-abcee15da690.1742319457288 Timestamp=2025-03-18T13:37:37:304-0400 ThreadID=7720 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=7d96d460-e7c4-441e-a652-abcee15da690.1742319457288 Timestamp=2025-03-18T13:37:37:305-0400 ThreadID=7720 Component=ngl-lib_NglAppLib Description="SetConf
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                File Type:ASCII text, with CRLF line terminators
                Category:dropped
                Size (bytes):29752
                Entropy (8bit):5.403280230923564
                Encrypted:false
                SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbrLDcbmIPrZcbd:V3fOCIdJDe6PO
                MD5:AB5E76E4E844BB4CF1B726382783363E
                SHA1:3B4C196BA5B5BCB9496E68D732ADCB4A6139C52B
                SHA-256:EF34E522A8A239D762C9937031F0B80D031DEFA2467A6D970DFC15AFB4C7835C
                SHA-512:436CEF45E8524EE5D26C468779AE4E05EBE613827A41A018B1B0E989AE43EF51C63DAB0483369C11F6AC0FA28F52094D3ABE2EF089AE8ED08DD361FBDB8D7DBC
                Malicious:false
                Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                Category:dropped
                Size (bytes):386528
                Entropy (8bit):7.9736851559892425
                Encrypted:false
                SSDEEP:6144:rBgI81ReWQ53+sQ3POSTJJJJEQ6T9UkRm1XX/FLYVbxrr/IxktOQZ1mau4yBwsOo:r+Tegs6lTJJJJv+9UZd1ybxrr/IxkB1m
                MD5:774036904FF86EB19FCE18B796528E1E
                SHA1:2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
                SHA-256:D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
                SHA-512:9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
                Malicious:false
                Preview:...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                Category:dropped
                Size (bytes):1407294
                Entropy (8bit):7.97605879016224
                Encrypted:false
                SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                Malicious:false
                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                Category:dropped
                Size (bytes):758601
                Entropy (8bit):7.98639316555857
                Encrypted:false
                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                MD5:3A49135134665364308390AC398006F1
                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                Malicious:false
                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                Category:dropped
                Size (bytes):1419751
                Entropy (8bit):7.976496077007677
                Encrypted:false
                SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                MD5:18E3D04537AF72FDBEB3760B2D10C80E
                SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                Malicious:false
                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                File type:PDF document, version 1.6 (zip deflate encoded)
                Entropy (8bit):7.952766882275829
                TrID:
                • Adobe Portable Document Format (5005/1) 100.00%
                File name:DTG.pdf
                File size:284'371 bytes
                MD5:7291c170fd32bab98a9305052c5d1207
                SHA1:6d9399ad467c9bde39eca88558c0b1b3226b7386
                SHA256:61455e571bd64004e29906022ef58547429cd182fd95468c307714d091ff09d4
                SHA512:af92779ba737da49db7707f1a9b6fd94d8f0a8de8d7095bea440f7233bdaceac1301ca5c1cd452bc5349b0c0a75b94630f4f3681a446087e3c59634fbc613932
                SSDEEP:6144:q92tFjwVXav0hyATNMPY+bVtDY5WD37O0akyzAxpfZ:qS92aKEf5tDW43naox/
                TLSH:295412749052C057CD3E18719B53694B86AF5981250B3C6E7E2C67C34B01D8BBE3AEDE
                File Content Preview:%PDF-1.6.%......186 0 obj.<</Filter/FlateDecode/First 5/Length 242/N 1/Type/ObjStm>>stream..h.DPMo.0..+.Y..o[......y0.@v..P.......7...-..s}.UJ.l......7..=... .`m*!..Ti..E.6Ib4.}...*../.m..c.zK...)......1.W..?.:.w...'uY..7........XW.0........D.:5.......9.R
                Icon Hash:62cc8caeb29e8ae0

                General

                Header:%PDF-1.6
                Total Entropy:7.952767
                Total Bytes:284371
                Stream Entropy:7.953243
                Stream Bytes:281226
                Entropy outside Streams:5.307766
                Bytes outside Streams:3145
                Number of EOF found:1
                Bytes after EOF:
                NameCount
                obj28
                endobj28
                stream26
                endstream26
                xref0
                trailer0
                startxref1
                /Page0
                /Encrypt0
                /ObjStm7
                /URI2
                /JS0
                /JavaScript0
                /AA0
                /OpenAction0
                /AcroForm0
                /JBIG2Decode0
                /RichMedia0
                /Launch0
                /EmbeddedFile0
                IDDHASHMD5Preview
                520000000000000000c80422cd288128bea9f0e36a979a1889
                530f1f33633363070f1b43e5d068dc28661442c5142138a6a9
                544cab4b5545290acd24d499ef8b3f1e6fdf53886146ab9ddb
                55706ccccc78b08e38aa07ad15419a33e8331c2b1c694392cd
                5678cccccc68b0abf90fcb5355b214d58de21ae7ee55ae0be9

                Download Network PCAP: filteredfull

                • Total Packets: 53
                • 443 (HTTPS)
                • 80 (HTTP)
                • 53 (DNS)
                TimestampSource PortDest PortSource IPDest IP
                Mar 18, 2025 18:37:31.427479029 CET49672443192.168.2.6204.79.197.203
                Mar 18, 2025 18:37:31.739224911 CET49672443192.168.2.6204.79.197.203
                Mar 18, 2025 18:37:32.348486900 CET49672443192.168.2.6204.79.197.203
                Mar 18, 2025 18:37:33.551640034 CET49672443192.168.2.6204.79.197.203
                Mar 18, 2025 18:37:35.957899094 CET49672443192.168.2.6204.79.197.203
                Mar 18, 2025 18:37:40.007447958 CET49678443192.168.2.620.42.65.91
                Mar 18, 2025 18:37:40.319545031 CET49678443192.168.2.620.42.65.91
                Mar 18, 2025 18:37:40.772643089 CET49672443192.168.2.6204.79.197.203
                Mar 18, 2025 18:37:40.941937923 CET49678443192.168.2.620.42.65.91
                Mar 18, 2025 18:37:42.144303083 CET49678443192.168.2.620.42.65.91
                Mar 18, 2025 18:37:44.559060097 CET49678443192.168.2.620.42.65.91
                Mar 18, 2025 18:37:47.498661041 CET4970280192.168.2.672.246.169.163
                Mar 18, 2025 18:37:47.503639936 CET804970272.246.169.163192.168.2.6
                Mar 18, 2025 18:37:47.503736973 CET4970280192.168.2.672.246.169.163
                Mar 18, 2025 18:37:47.503829002 CET4970280192.168.2.672.246.169.163
                Mar 18, 2025 18:37:47.508721113 CET804970272.246.169.163192.168.2.6
                Mar 18, 2025 18:37:48.140383959 CET804970272.246.169.163192.168.2.6
                Mar 18, 2025 18:37:48.140429020 CET804970272.246.169.163192.168.2.6
                Mar 18, 2025 18:37:48.140507936 CET4970280192.168.2.672.246.169.163
                Mar 18, 2025 18:37:49.367980957 CET49678443192.168.2.620.42.65.91
                Mar 18, 2025 18:37:50.383513927 CET49672443192.168.2.6204.79.197.203
                Mar 18, 2025 18:37:58.529719114 CET4970280192.168.2.672.246.169.163
                Mar 18, 2025 18:37:58.974015951 CET49678443192.168.2.620.42.65.91
                Mar 18, 2025 18:38:01.023816109 CET49710443192.168.2.6162.214.69.41
                Mar 18, 2025 18:38:01.023850918 CET44349710162.214.69.41192.168.2.6
                Mar 18, 2025 18:38:01.024024963 CET49710443192.168.2.6162.214.69.41
                Mar 18, 2025 18:38:01.024719954 CET49710443192.168.2.6162.214.69.41
                Mar 18, 2025 18:38:01.024734974 CET44349710162.214.69.41192.168.2.6
                Mar 18, 2025 18:38:01.464107037 CET49710443192.168.2.6162.214.69.41
                Mar 18, 2025 18:38:01.504328012 CET44349710162.214.69.41192.168.2.6
                Mar 18, 2025 18:38:01.884916067 CET44349710162.214.69.41192.168.2.6
                Mar 18, 2025 18:38:01.885008097 CET49710443192.168.2.6162.214.69.41
                Mar 18, 2025 18:38:01.885029078 CET49710443192.168.2.6162.214.69.41
                Mar 18, 2025 18:38:05.146306992 CET49717443192.168.2.6142.250.185.132
                Mar 18, 2025 18:38:05.146403074 CET44349717142.250.185.132192.168.2.6
                Mar 18, 2025 18:38:05.146564007 CET49717443192.168.2.6142.250.185.132
                Mar 18, 2025 18:38:05.146903992 CET49717443192.168.2.6142.250.185.132
                Mar 18, 2025 18:38:05.146938086 CET44349717142.250.185.132192.168.2.6
                Mar 18, 2025 18:38:05.791057110 CET44349717142.250.185.132192.168.2.6
                Mar 18, 2025 18:38:05.791131973 CET49717443192.168.2.6142.250.185.132
                Mar 18, 2025 18:38:05.792109013 CET49717443192.168.2.6142.250.185.132
                Mar 18, 2025 18:38:05.792123079 CET44349717142.250.185.132192.168.2.6
                Mar 18, 2025 18:38:05.792633057 CET44349717142.250.185.132192.168.2.6
                Mar 18, 2025 18:38:05.833122015 CET49717443192.168.2.6142.250.185.132
                Mar 18, 2025 18:38:15.672274113 CET44349717142.250.185.132192.168.2.6
                Mar 18, 2025 18:38:15.672461987 CET44349717142.250.185.132192.168.2.6
                Mar 18, 2025 18:38:15.672643900 CET49717443192.168.2.6142.250.185.132
                Mar 18, 2025 18:38:16.212575912 CET49717443192.168.2.6142.250.185.132
                Mar 18, 2025 18:38:16.212635994 CET44349717142.250.185.132192.168.2.6
                Mar 18, 2025 18:38:21.583373070 CET4968580192.168.2.6142.250.185.227
                Mar 18, 2025 18:38:21.588480949 CET8049685142.250.185.227192.168.2.6
                Mar 18, 2025 18:38:21.588597059 CET4968580192.168.2.6142.250.185.227
                Mar 18, 2025 18:38:22.790303946 CET49686443192.168.2.62.19.122.32
                Mar 18, 2025 18:38:22.790596008 CET4968980192.168.2.62.23.77.188
                Mar 18, 2025 18:38:50.640295029 CET443496812.23.227.215192.168.2.6
                Mar 18, 2025 18:38:50.640333891 CET443496812.23.227.215192.168.2.6
                Mar 18, 2025 18:38:50.640459061 CET49681443192.168.2.62.23.227.215
                Mar 18, 2025 18:39:05.131349087 CET49736443192.168.2.6142.250.185.132
                Mar 18, 2025 18:39:05.131391048 CET44349736142.250.185.132192.168.2.6
                Mar 18, 2025 18:39:05.135411024 CET49736443192.168.2.6142.250.185.132
                Mar 18, 2025 18:39:05.135641098 CET49736443192.168.2.6142.250.185.132
                Mar 18, 2025 18:39:05.135649920 CET44349736142.250.185.132192.168.2.6
                Mar 18, 2025 18:39:05.785361052 CET44349736142.250.185.132192.168.2.6
                Mar 18, 2025 18:39:05.785650015 CET49736443192.168.2.6142.250.185.132
                Mar 18, 2025 18:39:05.785712957 CET44349736142.250.185.132192.168.2.6
                Mar 18, 2025 18:39:07.161570072 CET49682443192.168.2.620.190.160.4
                Mar 18, 2025 18:39:07.161683083 CET4968480192.168.2.62.23.77.188
                Mar 18, 2025 18:39:07.168185949 CET4434968220.190.160.4192.168.2.6
                Mar 18, 2025 18:39:07.168224096 CET80496842.23.77.188192.168.2.6
                Mar 18, 2025 18:39:07.168256044 CET49682443192.168.2.620.190.160.4
                Mar 18, 2025 18:39:07.168318987 CET4968480192.168.2.62.23.77.188
                Mar 18, 2025 18:39:15.665606976 CET44349736142.250.185.132192.168.2.6
                Mar 18, 2025 18:39:15.665657997 CET44349736142.250.185.132192.168.2.6
                Mar 18, 2025 18:39:15.665808916 CET49736443192.168.2.6142.250.185.132
                Mar 18, 2025 18:39:17.600610018 CET49736443192.168.2.6142.250.185.132
                Mar 18, 2025 18:39:17.600684881 CET44349736142.250.185.132192.168.2.6
                TimestampSource PortDest PortSource IPDest IP
                Mar 18, 2025 18:37:47.487986088 CET5453453192.168.2.61.1.1.1
                Mar 18, 2025 18:37:47.495680094 CET53545341.1.1.1192.168.2.6
                Mar 18, 2025 18:38:00.673254013 CET5702253192.168.2.61.1.1.1
                Mar 18, 2025 18:38:00.673561096 CET6172253192.168.2.61.1.1.1
                Mar 18, 2025 18:38:00.683669090 CET53630271.1.1.1192.168.2.6
                Mar 18, 2025 18:38:00.951234102 CET53552381.1.1.1192.168.2.6
                Mar 18, 2025 18:38:00.975740910 CET53570221.1.1.1192.168.2.6
                Mar 18, 2025 18:38:00.978255987 CET53617221.1.1.1192.168.2.6
                Mar 18, 2025 18:38:01.695046902 CET53553761.1.1.1192.168.2.6
                Mar 18, 2025 18:38:01.833863974 CET53511221.1.1.1192.168.2.6
                Mar 18, 2025 18:38:04.467853069 CET53496581.1.1.1192.168.2.6
                Mar 18, 2025 18:38:05.068851948 CET5002753192.168.2.61.1.1.1
                Mar 18, 2025 18:38:05.068980932 CET5568153192.168.2.61.1.1.1
                Mar 18, 2025 18:38:05.144733906 CET53500271.1.1.1192.168.2.6
                Mar 18, 2025 18:38:05.144866943 CET53556811.1.1.1192.168.2.6
                Mar 18, 2025 18:38:18.842413902 CET53637971.1.1.1192.168.2.6
                Mar 18, 2025 18:38:37.602087975 CET53494241.1.1.1192.168.2.6
                Mar 18, 2025 18:38:38.088260889 CET138138192.168.2.6192.168.2.255
                Mar 18, 2025 18:39:00.391877890 CET53652111.1.1.1192.168.2.6
                Mar 18, 2025 18:39:00.561589003 CET53588031.1.1.1192.168.2.6
                Mar 18, 2025 18:39:03.903537035 CET53590991.1.1.1192.168.2.6
                Mar 18, 2025 18:39:30.405385017 CET53540501.1.1.1192.168.2.6
                Mar 18, 2025 18:40:15.732698917 CET53623331.1.1.1192.168.2.6
                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                Mar 18, 2025 18:37:47.487986088 CET192.168.2.61.1.1.10xac85Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:00.673254013 CET192.168.2.61.1.1.10x49f4Standard query (0)aniffs.comA (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:00.673561096 CET192.168.2.61.1.1.10x1709Standard query (0)aniffs.com65IN (0x0001)false
                Mar 18, 2025 18:38:05.068851948 CET192.168.2.61.1.1.10x5e85Standard query (0)www.google.comA (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:05.068980932 CET192.168.2.61.1.1.10x2b32Standard query (0)www.google.com65IN (0x0001)false
                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                Mar 18, 2025 18:37:47.495680094 CET1.1.1.1192.168.2.60xac85No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                Mar 18, 2025 18:37:47.495680094 CET1.1.1.1192.168.2.60xac85No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                Mar 18, 2025 18:37:47.495680094 CET1.1.1.1192.168.2.60xac85No error (0)e8652.dscx.akamaiedge.net72.246.169.163A (IP address)IN (0x0001)false
                Mar 18, 2025 18:37:48.181345940 CET1.1.1.1192.168.2.60xce21No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                Mar 18, 2025 18:37:48.181345940 CET1.1.1.1192.168.2.60xce21No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:00.975740910 CET1.1.1.1192.168.2.60x49f4No error (0)aniffs.com162.214.69.41A (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:01.302184105 CET1.1.1.1192.168.2.60x308aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.39A (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:01.302184105 CET1.1.1.1192.168.2.60x308aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:01.302184105 CET1.1.1.1192.168.2.60x308aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:01.302184105 CET1.1.1.1192.168.2.60x308aNo error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.35A (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:05.144733906 CET1.1.1.1192.168.2.60x5e85No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:05.144866943 CET1.1.1.1192.168.2.60x2b32No error (0)www.google.com65IN (0x0001)false
                Mar 18, 2025 18:38:16.936546087 CET1.1.1.1192.168.2.60x5318No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:16.936546087 CET1.1.1.1192.168.2.60x5318No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:48.679469109 CET1.1.1.1192.168.2.60xad3dNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                Mar 18, 2025 18:38:48.679469109 CET1.1.1.1192.168.2.60xad3dNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                Mar 18, 2025 18:39:13.451139927 CET1.1.1.1192.168.2.60x20beNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                Mar 18, 2025 18:39:13.451139927 CET1.1.1.1192.168.2.60x20beNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                Mar 18, 2025 18:39:45.499120951 CET1.1.1.1192.168.2.60xa2f2No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.19A (IP address)IN (0x0001)false
                Mar 18, 2025 18:39:45.499120951 CET1.1.1.1192.168.2.60xa2f2No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.18A (IP address)IN (0x0001)false
                Mar 18, 2025 18:39:45.499120951 CET1.1.1.1192.168.2.60xa2f2No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.35A (IP address)IN (0x0001)false
                Mar 18, 2025 18:39:45.499120951 CET1.1.1.1192.168.2.60xa2f2No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com84.201.210.39A (IP address)IN (0x0001)false
                Mar 18, 2025 18:39:45.499120951 CET1.1.1.1192.168.2.60xa2f2No error (0)edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com217.20.57.34A (IP address)IN (0x0001)false
                • x1.i.lencr.org
                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                0192.168.2.64970272.246.169.163804996C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                TimestampBytes transferredDirectionData
                Mar 18, 2025 18:37:47.503829002 CET115OUTGET / HTTP/1.1
                Connection: Keep-Alive
                Accept: */*
                User-Agent: Microsoft-CryptoAPI/10.0
                Host: x1.i.lencr.org
                Mar 18, 2025 18:37:48.140383959 CET1236INHTTP/1.1 200 OK
                Server: nginx
                Content-Type: application/pkix-cert
                Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
                ETag: "64cd6654-56f"
                Content-Disposition: attachment; filename="ISRG Root X1.der"
                Cache-Control: max-age=36167
                Expires: Wed, 19 Mar 2025 03:40:35 GMT
                Date: Tue, 18 Mar 2025 17:37:48 GMT
                Content-Length: 1391
                Connection: keep-alive
                Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUX
                Mar 18, 2025 18:37:48.140429020 CET509INData Raw: a9 bc b2 a8 50 d0 0c b1 d8 1a 69 20 27 29 08 ac 61 75 5c 8a 6e f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62
                Data Ascii: Pi ')au\ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj


                Click to jump to process

                Click to jump to process

                • File
                • Registry

                Click to dive into process behavior distribution

                Target ID:1
                Start time:13:37:32
                Start date:18/03/2025
                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\DTG.pdf"
                Imagebase:0x7ff667860000
                File size:5'641'176 bytes
                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                Target ID:3
                Start time:13:37:34
                Start date:18/03/2025
                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                Imagebase:0x7ff797640000
                File size:3'581'912 bytes
                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                Target ID:4
                Start time:13:37:35
                Start date:18/03/2025
                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1588,i,15125319213121887021,13897611138504499756,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                Imagebase:0x7ff797640000
                File size:3'581'912 bytes
                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:true

                Target ID:13
                Start time:13:37:58
                Start date:18/03/2025
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://aniffs.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPVVuSlFPVVU9JnVpZD1VU0VSMjYwMjIwMjVVMzMwMjI2NTE=N0123N[EMAIL]"
                Imagebase:0x7ff63b000000
                File size:3'388'000 bytes
                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:false

                Target ID:14
                Start time:13:37:59
                Start date:18/03/2025
                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                Wow64 process (32bit):false
                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1980,i,2675019861959795683,16659478769108317773,262144 --variations-seed-version --mojo-platform-channel-handle=1932 /prefetch:3
                Imagebase:0x7ff63b000000
                File size:3'388'000 bytes
                MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high
                Has exited:false

                No disassembly