Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Snc2ZNvAZP.pdf

Overview

General Information

Sample name:Snc2ZNvAZP.pdf
renamed because original name is a hash value
Original sample name:6a638569f831990df48669ca81fec37c6da380dbaaa6432d4407985e809810da.pdf
Analysis ID:1522685
MD5:0618acfa112b625533434c552da4789f
SHA1:936549949236c17330009a1a2490274fcb836a98
SHA256:6a638569f831990df48669ca81fec37c6da380dbaaa6432d4407985e809810da
Tags:pdfUAC-0099user-JAMESWT_MHT
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 1548 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Snc2ZNvAZP.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 940 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5168 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1508,i,13964882230613793224,8197444070815095348,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Snc2ZNvAZP.pdfReversingLabs: Detection: 26%
Source: Snc2ZNvAZP.pdfVirustotal: Detection: 18%Perma Link
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: 18.31.95.13.in-addr.arpa
Source: global trafficDNS query: name: 50.23.12.20.in-addr.arpa
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49720
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49720
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49720
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49720
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49720
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49720
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49720
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49720
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49720
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 192.168.2.5:49720 -> 23.56.162.185:443
Source: global trafficTCP traffic: 23.56.162.185:443 -> 192.168.2.5:49720
Source: Joe Sandbox ViewIP Address: 23.56.162.185 23.56.162.185
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.56.162.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa
Source: global trafficDNS traffic detected: DNS query: 50.23.12.20.in-addr.arpa
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: classification engineClassification label: mal48.winPDF@15/27@4/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-30 09-31-15-663.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: Snc2ZNvAZP.pdfReversingLabs: Detection: 26%
Source: Snc2ZNvAZP.pdfVirustotal: Detection: 18%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Snc2ZNvAZP.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1508,i,13964882230613793224,8197444070815095348,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1508,i,13964882230613793224,8197444070815095348,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Snc2ZNvAZP.pdfInitial sample: PDF keyword /JS count = 0
Source: Snc2ZNvAZP.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Snc2ZNvAZP.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Snc2ZNvAZP.pdfInitial sample: PDF keyword obj count = 56
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1522685 Sample: Snc2ZNvAZP.pdf Startdate: 30/09/2024 Architecture: WINDOWS Score: 48 15 x1.i.lencr.org 2->15 17 50.23.12.20.in-addr.arpa 2->17 19 18.31.95.13.in-addr.arpa 2->19 23 Multi AV Scanner detection for submitted file 2->23 8 Acrobat.exe 20 56 2->8         started        signatures3 process4 process5 10 AcroCEF.exe 80 8->10         started        process6 12 AcroCEF.exe 2 10->12         started        dnsIp7 21 23.56.162.185, 443, 49720 AKAMAI-ASUS United States 12->21

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Snc2ZNvAZP.pdf26%ReversingLabsDocument-PDF.Exploit.CVE-2023-38831
Snc2ZNvAZP.pdf18%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
windowsupdatebg.s.llnwi.net1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
windowsupdatebg.s.llnwi.net
87.248.205.0
truefalseunknown
x1.i.lencr.org
unknown
unknownfalse
    		unknown
    18.31.95.13.in-addr.arpa
    		unknown
    		unknownfalse
      		unknown
      50.23.12.20.in-addr.arpa
      		unknown
      		unknownfalse
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
        • URL Reputation: safe
        		unknown

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        23.56.162.185
        		unknownUnited States
        		16625AKAMAI-ASUSfalse

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1522685
        Start date and time:2024-09-30 15:30:08 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 23s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:9
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:Snc2ZNvAZP.pdf
        renamed because original name is a hash value
        Original Sample Name:6a638569f831990df48669ca81fec37c6da380dbaaa6432d4407985e809810da.pdf
        Detection:MAL
        Classification:mal48.winPDF@15/27@4/1
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 107.22.247.231, 34.193.227.236, 18.207.85.246, 162.159.61.3, 172.64.41.3, 87.248.205.0, 2.23.197.184, 2.19.126.143, 2.19.126.149
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net

        Simulations

        Behavior and APIs

        TimeTypeDescription
        09:31:26API Interceptor3x Sleep call for process: AcroCEF.exe modified

        LLM Input / Output

        InputOutput
        URL: PDF document Model: jbxai
        Joe Sandbox View / Context
        IPs
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        23.56.162.185Purchase Order IBT LPO-2320.emlGet hashmaliciousUnknownBrowse
          Final_Contract_Copy-532392974.pdfGet hashmaliciousUnknownBrowse
            Cbequipment-Voice Audio Interface.pdfGet hashmaliciousHTMLPhisherBrowse
              Runbook - Carolinas Animal Hospital - 2022-05-25 11.28 UTC -04.00.pdfGet hashmaliciousUnknownBrowse
                Hajj_Advisory pdf lnk.lnkGet hashmaliciousUnknownBrowse
                  blockchair_statement.pdf.lnkGet hashmaliciousUnknownBrowse
                    Signed_Revised_Contract_See also 19_Lgunning_Carisls_Required_Signature.pdfGet hashmaliciousUnknownBrowse
                      Fatura.pdfGet hashmaliciousUnknownBrowse
                        pdf.batGet hashmaliciousUnknownBrowse
                          LrIGsrMRHo.batGet hashmaliciousUnknownBrowse
                            Domains
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            windowsupdatebg.s.llnwi.nethttps://cpanel.whitewestinghouse.com.py/Get hashmaliciousUnknownBrowse
                            • 87.248.204.0
                            https://www.givingday.communityschoolnaples.org/Get hashmaliciousUnknownBrowse
                            • 46.228.146.128
                            https://metaamaassilogg.gitbook.io/Get hashmaliciousUnknownBrowse
                            • 87.248.204.0
                            https://krakennylog.gitbook.io/us/Get hashmaliciousHTMLPhisherBrowse
                            • 87.248.205.0
                            https://metasdask-login.gitbook.io/usGet hashmaliciousHTMLPhisherBrowse
                            • 87.248.205.0
                            https://att-100184.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                            • 87.248.204.0
                            https://b12thgst9.weeblysite.com/Get hashmaliciousUnknownBrowse
                            • 87.248.205.0
                            http://nftpack4.vercel.app/Get hashmaliciousHTMLPhisherBrowse
                            • 87.248.205.0
                            http://pub-0cc0980a246e413285127dab939f7379.r2.dev/index.htmlGet hashmaliciousHTMLPhisherBrowse
                            • 87.248.205.0
                            https://inc-108749.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                            • 87.248.205.0
                            ASNs
                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                            AKAMAI-ASUSPurchase Order IBT LPO-2320.emlGet hashmaliciousUnknownBrowse
                            • 23.56.162.185
                            SCAN_Client_No_XP9739270128398468932393.pdfGet hashmaliciousHTMLPhisherBrowse
                            • 96.17.64.189
                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 104.102.49.254
                            file.exeGet hashmaliciousLummaCBrowse
                            • 104.102.49.254
                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 104.102.49.254
                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 104.102.49.254
                            https://content.app-us1.com/5zbe53/2024/09/30/8d9df716-ca99-47ed-825e-d3a2a0e6cd9e.pdfGet hashmaliciousHTMLPhisherBrowse
                            • 23.47.168.24
                            Tonincasa Updated Employee sheet .pdfGet hashmaliciousHTMLPhisherBrowse
                            • 104.77.220.172
                            MagicUtilities-Setup-3.1.4.5-Win10.exeGet hashmaliciousUnknownBrowse
                            • 184.28.90.27
                            file.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                            • 104.102.49.254
                            JA3 Fingerprints
                            No context
                            Dropped Files
                            No context
                            Created / dropped Files
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.201227800768069
                            Encrypted:false
                            SSDEEP:6:PIuYQDB+q2P92nKuAl9OmbnIFUt82IuYQ5Zmw+2IuYQtVkwO92nKuAl9OmbjLJ:Pi4Mv4HAahFUt82iK/+2i25LHAaSJ
                            MD5:EB6124A28368DF7B3C141F1B93ECD40C
                            SHA1:0162D8842ED8F31BF3EB1D9F93D330895C5B26BE
                            SHA-256:4B8DD6CF3045C1D05EDD9A5CBA3966E6796ADB9BE02A0BA9C9178D3B7D90E7F9
                            SHA-512:F873EBDBEFFE15D8D7EE82980CEF1098DA9BEF29EB4CA49A5EFF7B744ECDB3EA1EDAC36E83266483B94E9C8C81258C7444D8567E1D98EB0CBC5F54D263563FBC
                            Malicious:false
                            Reputation:low
                            Preview:2024/09/30-09:31:15.100 c68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/30-09:31:15.108 c68 Recovering log #3.2024/09/30-09:31:15.108 c68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.201227800768069
                            Encrypted:false
                            SSDEEP:6:PIuYQDB+q2P92nKuAl9OmbnIFUt82IuYQ5Zmw+2IuYQtVkwO92nKuAl9OmbjLJ:Pi4Mv4HAahFUt82iK/+2i25LHAaSJ
                            MD5:EB6124A28368DF7B3C141F1B93ECD40C
                            SHA1:0162D8842ED8F31BF3EB1D9F93D330895C5B26BE
                            SHA-256:4B8DD6CF3045C1D05EDD9A5CBA3966E6796ADB9BE02A0BA9C9178D3B7D90E7F9
                            SHA-512:F873EBDBEFFE15D8D7EE82980CEF1098DA9BEF29EB4CA49A5EFF7B744ECDB3EA1EDAC36E83266483B94E9C8C81258C7444D8567E1D98EB0CBC5F54D263563FBC
                            Malicious:false
                            Reputation:low
                            Preview:2024/09/30-09:31:15.100 c68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/30-09:31:15.108 c68 Recovering log #3.2024/09/30-09:31:15.108 c68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):338
                            Entropy (8bit):5.168531686287561
                            Encrypted:false
                            SSDEEP:6:PIuYQLRFUSFIq2P92nKuAl9Ombzo2jMGIFUt82IuYQLTFpZZmw+2IuYQLTFpzkwc:PiSFIv4HAa8uFUt82iEFpZ/+2iEFpz5c
                            MD5:1649FEE822B27573FFDD30BB77DC125F
                            SHA1:DAB1710DC6043D87BCB43E59166484FC0BC595BE
                            SHA-256:612B02832B03D4A9841CB000A4F86BD41B200F76A59BAD4FDA2BE744BB5C98D8
                            SHA-512:5E80F2BC164CE715C8D09885F35D1AF12CCD37111440B519E822772079FD1BD18F74062824020389C62C729D0678CDC3DE080F10BAB26CB3B457D518CEFE175E
                            Malicious:false
                            Reputation:low
                            Preview:2024/09/30-09:31:15.084 1c04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/30-09:31:15.086 1c04 Recovering log #3.2024/09/30-09:31:15.086 1c04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):338
                            Entropy (8bit):5.168531686287561
                            Encrypted:false
                            SSDEEP:6:PIuYQLRFUSFIq2P92nKuAl9Ombzo2jMGIFUt82IuYQLTFpZZmw+2IuYQLTFpzkwc:PiSFIv4HAa8uFUt82iEFpZ/+2iEFpz5c
                            MD5:1649FEE822B27573FFDD30BB77DC125F
                            SHA1:DAB1710DC6043D87BCB43E59166484FC0BC595BE
                            SHA-256:612B02832B03D4A9841CB000A4F86BD41B200F76A59BAD4FDA2BE744BB5C98D8
                            SHA-512:5E80F2BC164CE715C8D09885F35D1AF12CCD37111440B519E822772079FD1BD18F74062824020389C62C729D0678CDC3DE080F10BAB26CB3B457D518CEFE175E
                            Malicious:false
                            Reputation:low
                            Preview:2024/09/30-09:31:15.084 1c04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/30-09:31:15.086 1c04 Recovering log #3.2024/09/30-09:31:15.086 1c04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8eab5d25-df59-4b22-87c2-2763ecafac4b.tmp
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:modified
                            Size (bytes):508
                            Entropy (8bit):5.049709465655062
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sq2sBdOg2HFgcaq3QYiubxnP7E4T3OF+:Y2sRdsydMHFL3QYhbxP7nbI+
                            MD5:22A70DD1593FEE263DC175ABC61D2706
                            SHA1:F6C9ED97E5721D5DF98D083905FE300209D51737
                            SHA-256:832C21D9DBCD77BA3B7E52ED7742A7EAF45AF1A5252B23DF006924DCBB2F23AA
                            SHA-512:EEDA2D95F9E77C316F4EE2C312D073DF0794F375D5B5FE8FE90A8C07AAE0A42F4C1494E70C86BFFCB9017F719D6FDDE4EB8F170F80D125B663D2FFD470E15B2B
                            Malicious:false
                            Reputation:low
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372263085921312","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":148188},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):508
                            Entropy (8bit):5.049709465655062
                            Encrypted:false
                            SSDEEP:12:YH/um3RA8sq2sBdOg2HFgcaq3QYiubxnP7E4T3OF+:Y2sRdsydMHFL3QYhbxP7nbI+
                            MD5:22A70DD1593FEE263DC175ABC61D2706
                            SHA1:F6C9ED97E5721D5DF98D083905FE300209D51737
                            SHA-256:832C21D9DBCD77BA3B7E52ED7742A7EAF45AF1A5252B23DF006924DCBB2F23AA
                            SHA-512:EEDA2D95F9E77C316F4EE2C312D073DF0794F375D5B5FE8FE90A8C07AAE0A42F4C1494E70C86BFFCB9017F719D6FDDE4EB8F170F80D125B663D2FFD470E15B2B
                            Malicious:false
                            Reputation:low
                            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372263085921312","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":148188},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4509
                            Entropy (8bit):5.2358717977233775
                            Encrypted:false
                            SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLULqV+E8KIeqVI8Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLO
                            MD5:427771239E05B9EC7FF5594E11956A4E
                            SHA1:B52A32A969CCECCB47D6FA28891AC8B621EE58CA
                            SHA-256:505FE0B468C07A2BBCBA51AED9DE303FDC2D6FDFAE3A31584FB4877D2A762793
                            SHA-512:8B9C22332A3E3DF4292CF6DE9594435AD44430FE07D99CD9D99BAA9B860B2376275A90167AD580F6FB9DF4E8C470715A4CD1B9FDE4077AC075936027A1596820
                            Malicious:false
                            Reputation:low
                            Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):326
                            Entropy (8bit):5.203600592439998
                            Encrypted:false
                            SSDEEP:6:PIuYQ72Iq2P92nKuAl9OmbzNMxIFUt82IuYQ3BZZmw+2IuYQ7HUCPkwO92nKuAlG:Pi82Iv4HAa8jFUt82iOBZ/+2iWP5LHAo
                            MD5:A87C4ABB76BEA10886E5F8B2752C91C4
                            SHA1:FAE56B3F7BA608389A5391A789DD42B7EB2F916C
                            SHA-256:69BC13E06294DC88F215D7DBD336F41AE4B15F0EB159E43AEC7C3FDC8A6E9695
                            SHA-512:03E9DD15960CC034FEADF3D59ACAB9D3C1225EA0D72FF3AF3A44B3AB6C6526065EF07811B6269F054DE68A36BCAE8C6FE4DF65A7009DFE7EF13975962E641F0B
                            Malicious:false
                            Reputation:low
                            Preview:2024/09/30-09:31:15.766 1c04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/30-09:31:15.794 1c04 Recovering log #3.2024/09/30-09:31:15.808 1c04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:ASCII text
                            Category:dropped
                            Size (bytes):326
                            Entropy (8bit):5.203600592439998
                            Encrypted:false
                            SSDEEP:6:PIuYQ72Iq2P92nKuAl9OmbzNMxIFUt82IuYQ3BZZmw+2IuYQ7HUCPkwO92nKuAlG:Pi82Iv4HAa8jFUt82iOBZ/+2iWP5LHAo
                            MD5:A87C4ABB76BEA10886E5F8B2752C91C4
                            SHA1:FAE56B3F7BA608389A5391A789DD42B7EB2F916C
                            SHA-256:69BC13E06294DC88F215D7DBD336F41AE4B15F0EB159E43AEC7C3FDC8A6E9695
                            SHA-512:03E9DD15960CC034FEADF3D59ACAB9D3C1225EA0D72FF3AF3A44B3AB6C6526065EF07811B6269F054DE68A36BCAE8C6FE4DF65A7009DFE7EF13975962E641F0B
                            Malicious:false
                            Preview:2024/09/30-09:31:15.766 1c04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/30-09:31:15.794 1c04 Recovering log #3.2024/09/30-09:31:15.808 1c04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240930133117Z-162.bmp
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                            Category:dropped
                            Size (bytes):71190
                            Entropy (8bit):1.0789035995639276
                            Encrypted:false
                            SSDEEP:96:PWBMM1MMWMWMMEMM9WMI0CuMaMMMQ4MM4iMOMMMMLMsMMMMMMMMM8MMMMM9M9Mny:Upmy1oeQN
                            MD5:E317AB21DF717AA81B96FAF5DC1B7B17
                            SHA1:951088DF72E8217EA0DFA82C62623153F86D7267
                            SHA-256:C029EED18F5827062A659CD0CB2EF65BDB97918638DE86E8B4496C1C8CE626E5
                            SHA-512:86AE91395D3DEDA6160DF16E73E2EE44018C877305408603436024980C8C1AE656771F54A081D25011A3D0351B355A73F0431613B9BF12A2342DF02D6CF241AD
                            Malicious:false
                            Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Certificate, Version=3
                            Category:dropped
                            Size (bytes):1391
                            Entropy (8bit):7.705940075877404
                            Encrypted:false
                            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                            Malicious:false
                            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                            Category:dropped
                            Size (bytes):71954
                            Entropy (8bit):7.996617769952133
                            Encrypted:true
                            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                            Malicious:false
                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):192
                            Entropy (8bit):2.7386214950254373
                            Encrypted:false
                            SSDEEP:3:kkFklHcsY2+M1fllXlE/HT8k7vJtNNX8RolJuRdxLlGB9lQRYwpDdt:kKDsb+9T8yvRNMa8RdWBwRd
                            MD5:4C70BD37AE8467597F8ABA4D7B8B50F9
                            SHA1:7E49697C710C07D85C7F06049B96A04E5A165425
                            SHA-256:D168CE96C1773A9740370B947768A8B3FB8030CC7A4B48DC7C031E913C8AE8A5
                            SHA-512:11B257DF45D8ADBC9A16603C7B6987A83903F47C6C065FCF10C41FCB1EC577A840B3A0095B78718732AA2B429804BF7C79420D4A39F1BC24BB279B0F85F621BC
                            Malicious:false
                            Preview:p...... ........t9..=...(....................................................... ..........W.....r..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:modified
                            Size (bytes):290
                            Entropy (8bit):2.9844219596585932
                            Encrypted:false
                            SSDEEP:6:kKcN9Usw9L+N+SkQlPlEGYRMY9z+4KlDA3RUe/:E0D9LNkPlE99SNxAhUe/
                            MD5:7EE0A696A2196781FEA88DB74D7A4C75
                            SHA1:19B5CB23BCABEFD9630E3DAD798A18D76F6BED37
                            SHA-256:F2709A9A07E5DE6F8FBA023BC56F8AF50A728108B74B7F2A47BA5314C0F3EC23
                            SHA-512:CE38B60E22AD19239D2B980E36DF541F8A9713212D3EB49DAD3B6B4655196E212AD821BFD99D55D032B54FE50F92F98F67B11069F2C020E9164EA80E6E6FA39A
                            Malicious:false
                            Preview:p...... ...........0=...(....................................................... ........G..@.......................h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...
                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):227002
                            Entropy (8bit):3.392780893644728
                            Encrypted:false
                            SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
                            MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
                            SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
                            SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
                            SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
                            Malicious:false
                            Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK
                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):0.8112781244591328
                            Encrypted:false
                            SSDEEP:3:e:e
                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                            Malicious:false
                            Preview:....
                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):2145
                            Entropy (8bit):5.069944314470619
                            Encrypted:false
                            SSDEEP:24:YFudlY3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCD/:YvAwmWXZYEtoitbRCwu20wD+JliWxao
                            MD5:5C430AFE953D7A85E7F0EA9E1E820238
                            SHA1:E3B17FBE108694B1A17FC005F16D1D69DA8B79DD
                            SHA-256:9F234B8D3C9FD47E01F5F22F5F013F656E0E1F62BBF17A5173CE2A9E57E79AA5
                            SHA-512:4C94521482522B56FCA8A8D3B0120EC6CAD637B30D7C9DBD2CC2F5D37748F0207C66D11C87F391A71CD0BAA208F128DDE0471150A50FB3E1E90D415A5AA6135D
                            Malicious:false
                            Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1727703076000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d550de899f04b5f1cb01c3a7438d5d96","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696428962000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cfa45c7829b86b94abc8cd788add6752","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696428962000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"2dd86d6e5f99203c47dd099f6b5e82b8","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696428955000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"3ef850c86adcfefa30feaf6c5c1404b1","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1696426848000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"955b63af1bb125ce44faeb9a35adb91d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696426848000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg"
                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                            Category:dropped
                            Size (bytes):12288
                            Entropy (8bit):0.9845526902019429
                            Encrypted:false
                            SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Spm04zJwtNBwtNbRZ6bRZ4Z0F:TVl2GL7ms6ggOVpUzutYtp6P/
                            MD5:4DF389B122A052A825F279EF63DDC8DF
                            SHA1:66907CD7EB7DD45E778600E9EB4AC911FC8F5D29
                            SHA-256:8752D670BC7C5E04AD56E94F04BE50C25255905F3F433E50506C7928F484A94C
                            SHA-512:DB5178426AFBF4AD7401FC43ACF69A7355FCCE629FA3CABA6764EB7D4651E44DD163D600F876E465A66A128DD520FF0C641591C9EA189110DC4D9DCA5844C818
                            Malicious:false
                            Preview:SQLite format 3......@  ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):8720
                            Entropy (8bit):1.3386742118875912
                            Encrypted:false
                            SSDEEP:24:7+t+AD1RZKHs/Ds/Spm0PzJwtNBwtNbRZ6bRZWf1RZKgqLBx/XYKQvGJF7ursp:7M+GgOVprzutYtp6PMBqll2GL7msp
                            MD5:5A52F665304F291E7C63363B47235AB7
                            SHA1:0B7F67FF861DC32BECBCE7C9461A34612EEF60D8
                            SHA-256:7A0318F0BC1E91D6613DD26BAA1BFD3AFF97F6095399D871FC14998391918C2C
                            SHA-512:21B1E022CACE5A28C70947B5A28FB3F044A3D7A10E4772D1EA064DFFB33490D3F0B2380518DABF0B0166CD8A0689A2F31B019235CFD928533544130F5181AC33
                            Malicious:false
                            Preview:.... .c......7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                            C:\Users\user\AppData\Local\Temp\MSI3125d.LOG
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):246
                            Entropy (8bit):3.5309417490522437
                            Encrypted:false
                            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K87eEle:Qw946cPbiOxDlbYnuRKIO
                            MD5:81F3067F72FA97A080A9DA4DCC2BE235
                            SHA1:474AF4F8C75D4C44618B481EF72022C64DE76D19
                            SHA-256:DF6947CEAF54B53A0137A93BF6F13655BFF58DECFB3B8D7C8BA0C2EB8D19D9F0
                            SHA-512:156AD9A03B6D463146BB94660EE04BD7119EF55A093A523F1BF65CE7ED53E073F585467D37F7F5BE43FABCFF9589265E6878F83C95E2580FABDEFEE4FCE667E4
                            Malicious:false
                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.0./.0.9./.2.0.2.4. . .0.9.:.3.1.:.2.6. .=.=.=.....
                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-30 09-31-15-663.log
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393)
                            Category:dropped
                            Size (bytes):16525
                            Entropy (8bit):5.376360055978702
                            Encrypted:false
                            SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                            MD5:1336667A75083BF81E2632FABAA88B67
                            SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                            SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                            SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                            Malicious:false
                            Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: 
                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (392), with CRLF line terminators
                            Category:dropped
                            Size (bytes):16575
                            Entropy (8bit):5.326428343566159
                            Encrypted:false
                            SSDEEP:384:lUgVIERmNFGmtjLCO2FyciRAwc3+NqSJGZYUyqaG2I1Pl0m1NC9Uq1q/mkmPS77f:aZkj
                            MD5:38E3CDAD7029B838EA0DE6E255E7CD0B
                            SHA1:D669AE00A83C15FB4745AD33B7ED1023BAE7D3FD
                            SHA-256:F5F8319CED0C0AE0793D8C7360A1A15BA369159C53F4CF8F712683797A455105
                            SHA-512:CFDF48C0C987AD6A89CB353FE5C12141E0932C037DEE83C4D193F14FD91A201B106A019485A98AD4D2C097B05B77D8B7659B084B761465D10F9E58530224768B
                            Malicious:false
                            Preview:SessionID=001d05c6-8417-4583-beae-a4a4bc611ac3.1727703075722 Timestamp=2024-09-30T09:31:15:722-0400 ThreadID=7116 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=001d05c6-8417-4583-beae-a4a4bc611ac3.1727703075722 Timestamp=2024-09-30T09:31:15:723-0400 ThreadID=7116 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=001d05c6-8417-4583-beae-a4a4bc611ac3.1727703075722 Timestamp=2024-09-30T09:31:15:723-0400 ThreadID=7116 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=001d05c6-8417-4583-beae-a4a4bc611ac3.1727703075722 Timestamp=2024-09-30T09:31:15:723-0400 ThreadID=7116 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=001d05c6-8417-4583-beae-a4a4bc611ac3.1727703075722 Timestamp=2024-09-30T09:31:15:723-0400 ThreadID=7116 Component=ngl-lib_NglAppLib Description="SetConf
                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):29752
                            Entropy (8bit):5.4025884601004
                            Encrypted:false
                            SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbU:Q
                            MD5:D197165179B0F4BC8CB8774E56D9F47A
                            SHA1:CA5DE3BDCD5C86F2B030CCBCD1B4658C080D0C08
                            SHA-256:D5B44E3C6BB5C300FF089A85577AB7E2AC6FC63B8EECC741DBDCF62E4796A6BE
                            SHA-512:07D8C2E56A137031CD4659B093D8996191A536E02CABF84FA20F64436247206F6BF4E3128BA4B74D88548BA6E7972C934C51E1B17B8985D66292B2708930E677
                            Malicious:false
                            Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ********  Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 :::::    Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-
                            C:\Users\user\AppData\Local\Temp\acrocef_low\1101007e-d489-4d11-9e0e-39a85598d9ee.tmp
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
                            Category:dropped
                            Size (bytes):1407294
                            Entropy (8bit):7.97605879016224
                            Encrypted:false
                            SSDEEP:24576:/xTKdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07VYIGNPpeWL07oYGZd:JTa3mlind9i4ufFXpAXkrfUs05ZGeWLH
                            MD5:9118F75A14E6F0569B9E0A0575A1F536
                            SHA1:39B4826A013612F9DB0F09C64FD3A392E74DA113
                            SHA-256:92D79BD93488EBA7061D7839078DCBE5BF331287B696703DAF1A4D7586D486B0
                            SHA-512:7C81536196CE424F9B99AD108CFA5C28552ED56E449DF90C2A8AE754AE746BFAF1EDF98BE41641725A3F8F677CD910786BDA6FE8A39CB574CDA9BEACDB5D5D0F
                            Malicious:false
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                            C:\Users\user\AppData\Local\Temp\acrocef_low\4679fbcc-5058-48db-8c02-c7b604a088a6.tmp
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1111944
                            Category:dropped
                            Size (bytes):758601
                            Entropy (8bit):7.98639316555857
                            Encrypted:false
                            SSDEEP:12288:ONh3P65+Tegs6121D1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9UZ2BYCERDSWB4:O3Pjegf121DMNB1DofjgJJJJm942uS84
                            MD5:07C722EDEB2A1639D380711F2FB4E022
                            SHA1:5F1C4C0EF8B9C061212335F860020218A8E4C2E4
                            SHA-256:BD873E5A50392F405BDD0C7B8C74BD0E75D90A16378C40CF356AD2C672C1C1A1
                            SHA-512:BD1C1F7AFCF82535F6E48595665C629E9C313B54BF7ACB31D1E80D4F5B50DEBDD922409DD38D954A0173E65CC6FCBDF4364E29B2DDCB29476050576EBBB0091C
                            Malicious:false
                            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
                            C:\Users\user\AppData\Local\Temp\acrocef_low\b56f9557-28e8-472a-b747-8abbd32010f1.tmp
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                            Category:dropped
                            Size (bytes):386528
                            Entropy (8bit):7.9736851559892425
                            Encrypted:false
                            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                            MD5:5C48B0AD2FEF800949466AE872E1F1E2
                            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                            Malicious:false
                            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                            C:\Users\user\AppData\Local\Temp\acrocef_low\f76ac5ea-696f-4c6b-b31e-b92b80e376f2.tmp
                            Download File
      
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                            Category:dropped
                            Size (bytes):1419751
                            Entropy (8bit):7.976496077007677
                            Encrypted:false
                            SSDEEP:24576:/VRaWL07oXGZ4YIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:tRaWLxXGZ4ZGh3mlind9i4ufFXpAXkru
                            MD5:41034A6B023B6BB9C723DA146E190954
                            SHA1:22C95166FF8A1C4D2AAC25B75D804CEBAAA6ACF2
                            SHA-256:52BB8B0CA62248721986D650004C11ACCB0C988B6FBA645D9B4E3557CA87A15D
                            SHA-512:6F8CD54BBB750E32FEBD78895F433CCF0C553C56E6B7DDEA03E3EA36ED283084CF6EA6FA8999162999D184B0F04B6E6DAB7F6FC27648EE517F744D7E8DBC8AAD
                            Malicious:false
                            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                            Static File Info
                            General
                            File type:PDF document, version 1.5, 2 pages
                            Entropy (8bit):7.993181922357384
                            TrID:
                            • Adobe Portable Document Format (5005/1) 100.00%
                            File name:Snc2ZNvAZP.pdf
                            File size:478'602 bytes
                            MD5:0618acfa112b625533434c552da4789f
                            SHA1:936549949236c17330009a1a2490274fcb836a98
                            SHA256:6a638569f831990df48669ca81fec37c6da380dbaaa6432d4407985e809810da
                            SHA512:84d7f7dea8d5024b0d3a3122929a214714c6f39d385e02dba6f1b1cb809ae7758057d58573db943fda5f4d5cb59da923a96e3ac9bfd9d190a7faba5fd1916fd8
                            SSDEEP:12288:Ni6pVq/1b87VQSRyECTR0dmvUStTx5agyHxMuyLctd8t:U6ytSROTGVuTx+LPe
                            TLSH:A2A4222402C95DFDFA654B62CB2B7D3E652CFAD82DC9E99103B9C71B4040A1FC1B9993
                            File Content Preview:%PDF-1.5..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en-US) /StructTreeRoot 38 0 R/MarkInfo<</Marked true>>>>..endobj..2 0 obj..<</Type/Pages/Count 2/Kids[ 3 0 R 35 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 1
                            File Icon
                            Icon Hash:62cc8caeb29e8ae0
                            Static PDF Info
                            General
                            Header:%PDF-1.5
                            Total Entropy:7.993182
                            Total Bytes:478602
                            Stream Entropy:7.995290
                            Stream Bytes:467751
                            Entropy outside Streams:5.133733
                            Bytes outside Streams:10851
                            Number of EOF found:2
                            Bytes after EOF:
                            Keywords Statistics
                            NameCount
                            obj56
                            endobj56
                            stream13
                            endstream13
                            xref2
                            trailer2
                            startxref2
                            /Page2
                            /Encrypt0
                            /ObjStm1
                            /URI0
                            /JS0
                            /JavaScript0
                            /AA0
                            /OpenAction0
                            /AcroForm0
                            /JBIG2Decode0
                            /RichMedia0
                            /Launch0
                            /EmbeddedFile0
                            Network Behavior
                            Network Port Distribution
                            TCP Packets
                            TimestampSource PortDest PortSource IPDest IP
                            Sep 30, 2024 15:31:26.338023901 CEST49720443192.168.2.523.56.162.185
                            

                            Sep 30, 2024 15:31:26.338068962 CEST4434972023.56.162.185192.168.2.5
                            

                            Sep 30, 2024 15:31:26.338128090 CEST49720443192.168.2.523.56.162.185
                            

                            Sep 30, 2024 15:31:26.338591099 CEST49720443192.168.2.523.56.162.185
                            

                            Sep 30, 2024 15:31:26.338604927 CEST4434972023.56.162.185192.168.2.5
                            

                            Sep 30, 2024 15:31:26.887036085 CEST4434972023.56.162.185192.168.2.5
                            

                            Sep 30, 2024 15:31:26.887527943 CEST49720443192.168.2.523.56.162.185
                            

                            Sep 30, 2024 15:31:26.887557030 CEST4434972023.56.162.185192.168.2.5
                            

                            Sep 30, 2024 15:31:26.889075994 CEST4434972023.56.162.185192.168.2.5
                            

                            Sep 30, 2024 15:31:26.889141083 CEST49720443192.168.2.523.56.162.185
                            

                            Sep 30, 2024 15:31:26.920437098 CEST49720443192.168.2.523.56.162.185
                            

                            Sep 30, 2024 15:31:26.920589924 CEST4434972023.56.162.185192.168.2.5
                            

                            Sep 30, 2024 15:31:26.921030045 CEST49720443192.168.2.523.56.162.185
                            

                            Sep 30, 2024 15:31:26.921047926 CEST4434972023.56.162.185192.168.2.5
                            

                            Sep 30, 2024 15:31:26.971039057 CEST49720443192.168.2.523.56.162.185
                            

                            Sep 30, 2024 15:31:27.050411940 CEST4434972023.56.162.185192.168.2.5
                            

                            Sep 30, 2024 15:31:27.050492048 CEST4434972023.56.162.185192.168.2.5
                            

                            Sep 30, 2024 15:31:27.050554991 CEST49720443192.168.2.523.56.162.185
                            

                            Sep 30, 2024 15:31:27.050996065 CEST49720443192.168.2.523.56.162.185
                            

                            Sep 30, 2024 15:31:27.051018953 CEST4434972023.56.162.185192.168.2.5
                            

                            UDP Packets
                            TimestampSource PortDest PortSource IPDest IP
                            Sep 30, 2024 15:31:25.927217960 CEST5555253192.168.2.51.1.1.1
                            

                            Sep 30, 2024 15:31:40.940746069 CEST6071153192.168.2.51.1.1.1
                            

                            Sep 30, 2024 15:31:41.959541082 CEST5352323162.159.36.2192.168.2.5
                            

                            Sep 30, 2024 15:31:42.548789024 CEST5658753192.168.2.51.1.1.1
                            

                            Sep 30, 2024 15:31:42.556227922 CEST53565871.1.1.1192.168.2.5
                            

                            Sep 30, 2024 15:31:44.223201036 CEST5883853192.168.2.51.1.1.1
                            

                            Sep 30, 2024 15:31:44.231276989 CEST53588381.1.1.1192.168.2.5
                            

                            DNS Queries
                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                            Sep 30, 2024 15:31:25.927217960 CEST192.168.2.51.1.1.10x95d7Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                            

                            Sep 30, 2024 15:31:40.940746069 CEST192.168.2.51.1.1.10x2e23Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                            

                            Sep 30, 2024 15:31:42.548789024 CEST192.168.2.51.1.1.10xc60dStandard query (0)18.31.95.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                            

                            Sep 30, 2024 15:31:44.223201036 CEST192.168.2.51.1.1.10xa272Standard query (0)50.23.12.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                            

                            DNS Answers
                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                            Sep 30, 2024 15:31:25.032047987 CEST1.1.1.1192.168.2.50xc50eNo error (0)windowsupdatebg.s.llnwi.net87.248.205.0A (IP address)IN (0x0001)false
                            

                            Sep 30, 2024 15:31:25.934405088 CEST1.1.1.1192.168.2.50x95d7No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                            

                            Sep 30, 2024 15:31:40.949193954 CEST1.1.1.1192.168.2.50x2e23No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                            

                            Sep 30, 2024 15:31:42.556227922 CEST1.1.1.1192.168.2.50xc60dName error (3)18.31.95.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                            

                            Sep 30, 2024 15:31:44.231276989 CEST1.1.1.1192.168.2.50xa272Name error (3)50.23.12.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                            

                            HTTP Request Dependency Graph
                            • armmf.adobe.com
                            HTTPS Proxied Packets
                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                            0192.168.2.54972023.56.162.1854435168C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            TimestampBytes transferredDirectionData
                            2024-09-30 13:31:26 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                            Host: armmf.adobe.com
                            Connection: keep-alive
                            Accept-Language: en-US,en;q=0.9
                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                            Sec-Fetch-Site: same-origin
                            Sec-Fetch-Mode: no-cors
                            Sec-Fetch-Dest: empty
                            Accept-Encoding: gzip, deflate, br
                            If-None-Match: "78-5faa31cce96da"
                            If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                            2024-09-30 13:31:27 UTC198INHTTP/1.1 304 Not Modified
                            Content-Type: text/plain; charset=UTF-8
                            Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                            ETag: "78-5faa31cce96da"
                            Date: Mon, 30 Sep 2024 13:31:27 GMT
                            Connection: close


                            Statistics
                            CPU Usage
                            Click to jump to process
                            Memory Usage
                            Click to jump to process
                            High Level Behavior Distribution
                            Click to dive into process behavior distribution
                            Behavior
                            Click to jump to process
                            System Behavior
                            General
                            Target ID:0
                            Start time:09:31:12
                            Start date:30/09/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Snc2ZNvAZP.pdf"
                            Imagebase:0x7ff686a00000
                            File size:5'641'176 bytes

                            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General
                            Target ID:2
                            Start time:09:31:13
                            Start date:30/09/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                            Imagebase:0x7ff6413e0000
                            File size:3'581'912 bytes

                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            General
                            Target ID:4
                            Start time:09:31:15
                            Start date:30/09/2024
                            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            Wow64 process (32bit):false
                            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1508,i,13964882230613793224,8197444070815095348,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                            Imagebase:0x7ff6413e0000
                            File size:3'581'912 bytes

                            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language
                            Reputation:high
                            Has exited:true

                            Disassembly
                            No disassembly