Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fac_F00717187991.pdf

Overview

General Information

Sample name:Fac_F00717187991.pdf
Analysis ID:1528653
MD5:d73cc679616decb1c94f690d68abc7de
SHA1:ad41f6f90bca7f2354f9da5c2f866972acaff21c
SHA256:d1258a3a442848c6879f232022ef45baae8ee762865d6af00109d6bef12fc99c
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7036 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Fac_F00717187991.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5460 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5800 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1680,i,14465121669262946373,16136710372373622939,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.4:49743
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.4:49743 -> 23.47.168.24:443
Source: Joe Sandbox ViewIP Address: 23.47.168.24 23.47.168.24
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: classification engineClassification label: clean2.winPDF@14/29@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6300Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 01-40-51-039.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Fac_F00717187991.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1680,i,14465121669262946373,16136710372373622939,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1680,i,14465121669262946373,16136710372373622939,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528653 Sample: Fac_F00717187991.pdf Startdate: 08/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 16 bg.microsoft.map.fastly.net 2->16 7 Acrobat.exe 70 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 18 23.47.168.24, 443, 49743 AKAMAI-ASUS United States 11->18

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Fac_F00717187991.pdf0%ReversingLabs
Fac_F00717187991.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
bg.microsoft.map.fastly.net0%VirustotalBrowse
x1.i.lencr.org0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalseunknown
x1.i.lencr.org
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.47.168.24
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1528653
Start date and time:2024-10-08 07:39:55 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 59s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:11
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Fac_F00717187991.pdf
Detection:CLEAN
Classification:clean2.winPDF@14/29@1/1
Cookbook Comments:
  • Found application associated with file extension: .pdf

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 2.19.126.149, 2.19.126.143, 184.28.88.176, 18.207.85.246, 54.144.73.197, 107.22.247.231, 34.193.227.236, 162.159.61.3, 172.64.41.3, 2.23.197.184, 199.232.210.172, 2.22.242.11, 2.22.242.123
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.

Simulations

Behavior and APIs

TimeTypeDescription
01:41:01API Interceptor3x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.47.168.24copyright_infringement_evidence_1.exeGet hashmaliciousUnknownBrowse
    cleu.cmDGet hashmaliciousUnknownBrowse
      https://content.app-us1.com/5zbe53/2024/09/30/8d9df716-ca99-47ed-825e-d3a2a0e6cd9e.pdfGet hashmaliciousHTMLPhisherBrowse
        PDF...pdfGet hashmaliciousUnknownBrowse
          TM3utH2CsU.exeGet hashmaliciousPureLog Stealer, XWormBrowse
            8f40pUzDo8.exeGet hashmaliciousMetasploitBrowse
              johnny.guanCopy.pdfGet hashmaliciousUnknownBrowse
                Bonus_Payments_Health_Insurance_Vacation_Policy_Update_20243568Acer Liquid Z63568.pdfGet hashmaliciousUnknownBrowse
                  f_0000eb.pdfGet hashmaliciousUnknownBrowse
                    Giger & Partner Fall Nr. 893983 Gerichtsbescheid Vergleich Nr. 241624 GM.pdfGet hashmaliciousUnknownBrowse

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      bg.microsoft.map.fastly.nethttps://url.us.m.mimecastprotect.com/s/ilkSCZ6mm3hDOA2KCjhRFBSqQQ?domain=google.chGet hashmaliciousUnknownBrowse
                      • 199.232.210.172
                      lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                      • 199.232.214.172
                      Qi517dNlNe.exeGet hashmaliciousStealcBrowse
                      • 199.232.210.172
                      SteamCleanz Marlborough Limited.xlsxGet hashmaliciousUnknownBrowse
                      • 199.232.210.172
                      SKGOzZRZGX.exeGet hashmaliciousStealcBrowse
                      • 199.232.214.172
                      MmcJhaiYNh.exeGet hashmaliciousStealcBrowse
                      • 199.232.214.172
                      ctMI3TYXpX.exeGet hashmaliciousSmokeLoaderBrowse
                      • 199.232.214.172
                      https://starylasfe.com.de/6SZZr/Get hashmaliciousHTMLPhisherBrowse
                      • 199.232.214.172
                      T2bmenoX1o.exeGet hashmaliciousLummaC, VidarBrowse
                      • 199.232.210.172
                      SecuriteInfo.com.Trojan.DownLoader47.43340.9153.30810.exeGet hashmaliciousLummaCBrowse
                      • 199.232.210.172

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      lHHfXU6Y37.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      7AeSqNv1rC.exeGet hashmaliciousMicroClip, VidarBrowse
                      • 104.102.49.254
                      j8zJ5Jwja4.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      SecuriteInfo.com.Trojan.DownLoader47.43340.27469.30352.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      T2bmenoX1o.exeGet hashmaliciousLummaC, VidarBrowse
                      • 104.102.49.254

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.180394344693242
                      Encrypted:false
                      SSDEEP:6:cOH3AQL+q2Pwkn2nKuAl9OmbnIFUt8LiGwG1Zmw+LiGwQLVkwOwkn2nKuAl9Omb5:c1QyvYfHAahFUt8LiGwg/+LiGwQR5JfC
                      MD5:0727034F010AC7F100FC0918CA993AD2
                      SHA1:4D2053930E04443A07773A8201406689FB712394
                      SHA-256:29615743537266746599DC64F8F2AD7EAA044F61ACB3EED32E2E21EDC67735A4
                      SHA-512:FAC88ED28FBE9B62623C9B8A14D00F1D0D65DCAA72287B2B2D9CE7200C3BA9D474721C59E6D03F983DF9B857DD4C5AFBE2375E7F568CC4BBBA7EECF023DBD52E
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/08-01:40:51.149 898 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/08-01:40:51.151 898 Recovering log #3.2024/10/08-01:40:51.151 898 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.180394344693242
                      Encrypted:false
                      SSDEEP:6:cOH3AQL+q2Pwkn2nKuAl9OmbnIFUt8LiGwG1Zmw+LiGwQLVkwOwkn2nKuAl9Omb5:c1QyvYfHAahFUt8LiGwg/+LiGwQR5JfC
                      MD5:0727034F010AC7F100FC0918CA993AD2
                      SHA1:4D2053930E04443A07773A8201406689FB712394
                      SHA-256:29615743537266746599DC64F8F2AD7EAA044F61ACB3EED32E2E21EDC67735A4
                      SHA-512:FAC88ED28FBE9B62623C9B8A14D00F1D0D65DCAA72287B2B2D9CE7200C3BA9D474721C59E6D03F983DF9B857DD4C5AFBE2375E7F568CC4BBBA7EECF023DBD52E
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/08-01:40:51.149 898 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/08-01:40:51.151 898 Recovering log #3.2024/10/08-01:40:51.151 898 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.116344558932278
                      Encrypted:false
                      SSDEEP:6:czvN4q2Pwkn2nKuAl9Ombzo2jMGIFUt8Lz0AvJZmw+LkdF3DkwOwkn2nKuAl9OmT:czvN4vYfHAa8uFUt8Lz0AvJ/+LqF3D56
                      MD5:DE9A6E3E59949BD73D1D1C69B41A24A6
                      SHA1:D2A8480420C7C1887FB57A776D8264CEECCABB01
                      SHA-256:246FC5796CDFAD396B7642E8502A0351478D364BAC3CE972BA318474257114DD
                      SHA-512:AB588FE5217402E98C1325150CEDF6451923DF8EA423B8A30B2E906A99FDCF9229989DF6CB0D661AF40A438B6755FA00953130B4E4A561ADDB4DDB02812385A2
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/08-01:40:51.226 1c20 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/08-01:40:51.228 1c20 Recovering log #3.2024/10/08-01:40:51.250 1c20 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.116344558932278
                      Encrypted:false
                      SSDEEP:6:czvN4q2Pwkn2nKuAl9Ombzo2jMGIFUt8Lz0AvJZmw+LkdF3DkwOwkn2nKuAl9OmT:czvN4vYfHAa8uFUt8Lz0AvJ/+LqF3D56
                      MD5:DE9A6E3E59949BD73D1D1C69B41A24A6
                      SHA1:D2A8480420C7C1887FB57A776D8264CEECCABB01
                      SHA-256:246FC5796CDFAD396B7642E8502A0351478D364BAC3CE972BA318474257114DD
                      SHA-512:AB588FE5217402E98C1325150CEDF6451923DF8EA423B8A30B2E906A99FDCF9229989DF6CB0D661AF40A438B6755FA00953130B4E4A561ADDB4DDB02812385A2
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/08-01:40:51.226 1c20 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/08-01:40:51.228 1c20 Recovering log #3.2024/10/08-01:40:51.250 1c20 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4b7490e6-b65a-4c89-b169-695cc523283d.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):475
                      Entropy (8bit):4.96775079901533
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqi2WsBdOg2HIwfcaq3QYiubInP7E4T3y:Y2sRdsJSdMHIwu3QYhbG7nby
                      MD5:924CC7B579CC9B974427813902D49B85
                      SHA1:422CEF5282C3E3B9D6936E7215D30BBD254628FB
                      SHA-256:7ED55E3EAEFB7A41F666298B95C53A86CC0AFBEF62F7A61660E19D198CD13C9C
                      SHA-512:D7569F499262F7BE5901321AFD58516E576AC8D03CED8856A02F95A2DC1D946F8F106551900371883179EB945EF6D67EA2BCD5CE7912B07E6E5BBAC3A1707975
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372926061358569","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":133543},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):475
                      Entropy (8bit):4.96775079901533
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqi2WsBdOg2HIwfcaq3QYiubInP7E4T3y:Y2sRdsJSdMHIwu3QYhbG7nby
                      MD5:924CC7B579CC9B974427813902D49B85
                      SHA1:422CEF5282C3E3B9D6936E7215D30BBD254628FB
                      SHA-256:7ED55E3EAEFB7A41F666298B95C53A86CC0AFBEF62F7A61660E19D198CD13C9C
                      SHA-512:D7569F499262F7BE5901321AFD58516E576AC8D03CED8856A02F95A2DC1D946F8F106551900371883179EB945EF6D67EA2BCD5CE7912B07E6E5BBAC3A1707975
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372926061358569","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":133543},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4320
                      Entropy (8bit):5.257989437584272
                      Encrypted:false
                      SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7o76TTl:etJCV4FiN/jTN/2r8Mta02fEhgO73goX
                      MD5:D1049E6AF8DB72E8644E34B644DE955E
                      SHA1:4877590D53D9BA2015EE288A263DF822BB2ACB0E
                      SHA-256:35D2CBCFE1AA21BAA4D59915C9622F4DB85373C642967B28524DDBC0D1B825C4
                      SHA-512:4EC26C6759691520577B8CFD3C15983FF886543C033749D924DCBEEC013E3CD476B5448812F67F5365A093583DE881E7D7A4992F03CECF315FB6223EA04A5126
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.145551777765844
                      Encrypted:false
                      SSDEEP:6:cA4q2Pwkn2nKuAl9OmbzNMxIFUt8L83JZmw+L+Av3DkwOwkn2nKuAl9OmbzNMFLJ:cA4vYfHAa8jFUt8LmJ/+L+AvD5JfHAab
                      MD5:21CE082AA595CD03D5D062C853412383
                      SHA1:D600A58468EDA654C05DA41695D47BA7EC025751
                      SHA-256:F00F7560AD4EE80018D671FF6E3AFF375B3490D4325A01BB874FDC19B1083AF9
                      SHA-512:BFE01D78C40A1E0A075A1C2CDFA26246B765D7C31209253C35BB0C56D66E74A947265317A6063581C08CD97CAA8234DF0B69B1E804F0892DBC57D86C228AAED7
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/08-01:40:51.531 1c20 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/08-01:40:51.537 1c20 Recovering log #3.2024/10/08-01:40:51.547 1c20 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.145551777765844
                      Encrypted:false
                      SSDEEP:6:cA4q2Pwkn2nKuAl9OmbzNMxIFUt8L83JZmw+L+Av3DkwOwkn2nKuAl9OmbzNMFLJ:cA4vYfHAa8jFUt8LmJ/+L+AvD5JfHAab
                      MD5:21CE082AA595CD03D5D062C853412383
                      SHA1:D600A58468EDA654C05DA41695D47BA7EC025751
                      SHA-256:F00F7560AD4EE80018D671FF6E3AFF375B3490D4325A01BB874FDC19B1083AF9
                      SHA-512:BFE01D78C40A1E0A075A1C2CDFA26246B765D7C31209253C35BB0C56D66E74A947265317A6063581C08CD97CAA8234DF0B69B1E804F0892DBC57D86C228AAED7
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/08-01:40:51.531 1c20 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/08-01:40:51.537 1c20 Recovering log #3.2024/10/08-01:40:51.547 1c20 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                      Category:dropped
                      Size (bytes):86016
                      Entropy (8bit):4.444355862196458
                      Encrypted:false
                      SSDEEP:384:yezci5tDiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rQs3OazzU89UTTgUL
                      MD5:D626978EC00AAE6B454A5AB20C2AB979
                      SHA1:B93915762A99598B9B20E517EB28DD8D9608AD4A
                      SHA-256:D15358B05765FF050A15A0876B53C962E331F3DBFE75547FA5C995EB8AC71D9E
                      SHA-512:1FF9D349E3B213A6BBD0077A9359A30091A25CD7EDA0697910E80894D3B4EB793C30A97B687C9D51FCA10C7FA0FD2C1289ABCF56249B6A7BAC1D2D81330F4408
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):3.770735873145962
                      Encrypted:false
                      SSDEEP:48:7MpqXpA2ioyV6sioyOAoWoy1Cwoy1FfKOioy1noy1AYoy1Wioy11ioyeioyBoy1e:7qupfudD0X2jiIb9IVXEBodRBkvx
                      MD5:84491174894F443A042D6433D006B6C0
                      SHA1:9EFCFC39239B85E7DB700A962740B605D4D8E8C2
                      SHA-256:3017283F8527F046A9784FA57E835620991343A7BCA9FD4E343587E1342A2D82
                      SHA-512:7092DF1CD991D50FD6C4BA702E289C6BE2C52225A79AF3BC95655F23305BB6F0B5CF943BC8F047F12DAC6EEDC9E8F4CF607322113C922D5848DAF559E88E6292
                      Malicious:false
                      Preview:.... .c........N...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Certificate, Version=3
                      Category:dropped
                      Size (bytes):1391
                      Entropy (8bit):7.705940075877404
                      Encrypted:false
                      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                      Malicious:false
                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                      Category:dropped
                      Size (bytes):71954
                      Entropy (8bit):7.996617769952133
                      Encrypted:true
                      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                      Malicious:false
                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):192
                      Entropy (8bit):2.7673182398396405
                      Encrypted:false
                      SSDEEP:3:kkFklwmvh8+k31fllXlE/HT8kzwNNX8RolJuRdxLlGB9lQRYwpDdt:kKpWhvM2T86INMa8RdWBwRd
                      MD5:E85FD208CF354F62051B996BA71BC9A7
                      SHA1:91678038FCDC0D6A2ABE39BE656D7549A980D946
                      SHA-256:2CA17F4D05462E2C46292A881150D67F982B862D14B1254D7E2479D1AD7AA22F
                      SHA-512:56D1982AD56873AB84421A2C0861A312F7819E03A2C24FD667E44772459CE046FFCA4A708140B2C1CE34C9C3C539AD632D723CBAD3F2686C6AFA9DDEDA2BF7E3
                      Malicious:false
                      Preview:p...... ........C..D...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:modified
                      Size (bytes):328
                      Entropy (8bit):3.245596380966818
                      Encrypted:false
                      SSDEEP:6:kKzbplD9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:bbLaDImsLNkPlE99SNxAhUe/3
                      MD5:B8E6A419774B82B22CD740A106BC3BDC
                      SHA1:ACA3FABD016B350F4C19E1841950D7770F467ABB
                      SHA-256:57324F7975AB3824614A904C807A654217ECC09893075360BEBB8260748B2194
                      SHA-512:41787FB3EE65A08E03FF2966616A561167A0A3BE5B316AE23A4B43980E3237853FA9FF2173316550D65648C2EDE268A73BB7CE6BCAD739E72DC4DA494B848B6F
                      Malicious:false
                      Preview:p...... ........|Q..D...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6300

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1969
                      Entropy (8bit):5.046172171862392
                      Encrypted:false
                      SSDEEP:48:Yr2sSbMSlMtCM5mMOpiMAW0MretMSMmkaMY:jtYtt55V6AWLre6JmkhY
                      MD5:7C78DCF5B92C071F1E0DD22D2B4FB395
                      SHA1:0D08BD77982CCE13CE10454437D2B89CBB8F3D61
                      SHA-256:77BFEC391C6D8AD2E7479717355490B7E75600FFD4E86B76F640EFA877BC367D
                      SHA-512:5389672BD9C02E7337EE88463AE2815605A0A2F441D53418375A0D77841783A0539B4AA65C9855AE787D95080C8F845B012C70235BDD3197D39107FBA88957DE
                      Malicious:false
                      Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1728366051000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"23c88c8acf166d9fda5ae4d83df3db72","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696420889000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d5fa85f4cf271b5fa75367efd1b392fa","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696420884000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c3af48ba3dee086edbbf20dff46c7ee0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696333862000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"7101e009d8bf8920d0a3dd3f5dc75ebc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696333862000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"8558394a527c224775253e57d0e3596a","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1230,"ts":1696333862000},{"id":"DC_Reader_RHP_Banner","info":{"dg":

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):1.1888580212018212
                      Encrypted:false
                      SSDEEP:48:TGufl2GL7msEHUUUUUUUUshSvR9H9vxFGiDIAEkGVvp4F:lNVmswUUUUUUUUsh+FGSItsF
                      MD5:A3D1E6A986AE230B2DB1F2D9840221C7
                      SHA1:7BE5092B22F77DAA20F59BA11B5154F0BE7EEF59
                      SHA-256:00E97D042B171DB787B477F295562CFCFCA5DBDE36C1A36C69643BE7E0B4284D
                      SHA-512:5374F73AFB2B37C95AB7783B157B69BE09AB40AC8F9EC01FC9B430F3F4693AB78F8A7F3A95B854684471DD3728DD52EC4C9016DDD83E4E3351BFD273D9236ADF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.609199122921051
                      Encrypted:false
                      SSDEEP:48:7MXKUUUUUUUUUUspvR9H9vxFGiDIAEkGVviqFl2GL7msT:7lUUUUUUUUUUsNFGSIt8KVmsT
                      MD5:B6944A64DF942EA5EEAE9905F7D02877
                      SHA1:E0D5E74454A4860EBBD9485B22AB51257C7971F4
                      SHA-256:1EB26DFFBE85B135D08075EDD59E1DD49E68923A8B97E20AC67BB370F2E3249C
                      SHA-512:477D0A0F00E6CA7E2F7C9A1125E5C85A4D49B38FBAD8C8D414C20885AD8B22EA6801497949939D3F8AAAECA1BC895BA57EDA5FE314A5816833EDBD3B0602CA07
                      Malicious:false
                      Preview:.... .c........|......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSI1170a.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.524398495091119
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8ejSPe:Qw946cPbiOxDlbYnuRKf
                      MD5:2680F0E9282712DE1FE86172F351A061
                      SHA1:C749F0F01FC51CF10776342CB44C43B7390A251F
                      SHA-256:B1EBE9BB3461C1BC45B2C616D4A040151E311E3CFEEB0F5DD95E46AD477E9DBA
                      SHA-512:E1C7578BC5ACAAFB1213D9D6653F1DC3135A0C2D8F096D31DD38679DDD19FA99326BFEFDCF04173D2370963C3169610C11DF54048A2A7C2B58ACA501981ED146
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.8./.1.0./.2.0.2.4. . .0.1.:.4.0.:.5.6. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-08 01-40-51-039.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.345946398610936
                      Encrypted:false
                      SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                      MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                      SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                      SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                      SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                      Malicious:false
                      Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):15112
                      Entropy (8bit):5.314053841388999
                      Encrypted:false
                      SSDEEP:384:lMi1qEflCnmFCK5JC3X2a0OXrclpQIk2HMOoa+I6zlbjdOZQQTZlmVm7KBTE4LbL:7n+j
                      MD5:46BF59B2272F5BADBA5024877A70318A
                      SHA1:AD6775A7FE3CB0C7A5393A753568B30DF10F9025
                      SHA-256:002AC30EA7FF3126D1DB6D5BE44CA3127613A003CCCF698CEFDCAABD9DEA60F8
                      SHA-512:03DAE90CD5B21EBFDAC0C4ED6F4DBC7E3432872E44CD06417689D8D4AE78F1A8EEF02A98BB9F440433C4E2ECCD7E1D0BDA0FE6EA517FD6A3FB63D86415F999BD
                      Malicious:false
                      Preview:SessionID=ed6b4185-6a52-4c00-b524-f68817b21508.1728366051059 Timestamp=2024-10-08T01:40:51:059-0400 ThreadID=4600 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=ed6b4185-6a52-4c00-b524-f68817b21508.1728366051059 Timestamp=2024-10-08T01:40:51:066-0400 ThreadID=4600 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=ed6b4185-6a52-4c00-b524-f68817b21508.1728366051059 Timestamp=2024-10-08T01:40:51:066-0400 ThreadID=4600 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=ed6b4185-6a52-4c00-b524-f68817b21508.1728366051059 Timestamp=2024-10-08T01:40:51:066-0400 ThreadID=4600 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=ed6b4185-6a52-4c00-b524-f68817b21508.1728366051059 Timestamp=2024-10-08T01:40:51:066-0400 ThreadID=4600 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.38283613348002
                      Encrypted:false
                      SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rz:Eb2
                      MD5:1FBAA1795E5DAC326AC51012696C3145
                      SHA1:38B90F1B5197BC9CFFC10D676F76F595C017AE50
                      SHA-256:ADF5577C353718CB7D46CC2F0C1D365994A663C22A7CE3C2FB108F91F97DB4B9
                      SHA-512:DB19ADBD62A0C9A424319503717F2A562736D968DF8CC62AA6F5496AC491F0F713CB30404D046E744F6F9E96AFA2C24BE7462F2B481CF005ADA93242C588F604
                      Malicious:false
                      Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\1cf2525e-8c23-4248-b038-1a37687853f5.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Local\Temp\acrocef_low\30691f3c-e705-4e37-9b5c-f2e1768b085a.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                      MD5:18E3D04537AF72FDBEB3760B2D10C80E
                      SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                      SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                      SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\5272485f-52bc-42a7-a18e-5dddf99e3e59.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 416226
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9Uo:O3Pjegf121YS8lkipdjMMNB1DofjgJJ0
                      MD5:12DDE6151F5E778520B3C8434B61AD0C
                      SHA1:2D3EA4300ED7D77866B96F7BE2BD8FA4F03D2081
                      SHA-256:4EDFCFF1CCA3192ECCBA77FFB1572D1C544566CFC73749F0FAC5DD0BF0C73C76
                      SHA-512:3DE45A91E3D8A7EF05C37CC274ECD8BD8BCB99A1AAD7A4252AC6714B57AFC281D3BB6926CE2910F7BC366F1595B27EC89D96158D94E2ABEE7B7567ACEA861F93
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\a275b0d1-ddb8-42cd-bcaf-1186727c7690.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      Static File Info

                      General

                      File type:data
                      Entropy (8bit):7.512896844277699
                      TrID:
                        File name:Fac_F00717187991.pdf
                        File size:536 bytes
                        MD5:d73cc679616decb1c94f690d68abc7de
                        SHA1:ad41f6f90bca7f2354f9da5c2f866972acaff21c
                        SHA256:d1258a3a442848c6879f232022ef45baae8ee762865d6af00109d6bef12fc99c
                        SHA512:a9159534cea496a3270d18a42c945b23be3a79fd6b359627dd4e8e3b17a7ba62b79594dde2c959fad7bf7f9a02ef3c9d592ee9d07c20f36a3ee2883d3e88a08a
                        SSDEEP:12:/Alt5XYMJ9zx0Mtsc0KeY1UzP9d1rL6lvUwjICHr6uzswTn:IltJnJXwc0KeYmFjr9wjIiWu5Tn
                        TLSH:8DF096C430468CB82D0C197EEF6249C4F65F85D8882242052008E4F58D2D09218D030B
                        File Content Preview:.........Pf..l4...P..../.Q..]P.2.<....0...,^..K.i.A..f.6..n9._9.......N...v..5.n..]..]y....Nx.~}.Mw..u.o7.O{.M....)......A`.....N...A.I..Y..R.N'k;B.e.++..7..jP...5....f]..4..PUTas.- QP..=v...AA...A.(4H.4.Y0. ..,..I%H$#J.Q.a...".....E.\+..M.....j!.......J.

                        File Icon

                        Icon Hash:62cc8caeb29e8ae0

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 8, 2024 07:41:02.271253109 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.271281004 CEST4434974323.47.168.24192.168.2.4
                        Oct 8, 2024 07:41:02.271337986 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.271513939 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.271521091 CEST4434974323.47.168.24192.168.2.4
                        Oct 8, 2024 07:41:02.822287083 CEST4434974323.47.168.24192.168.2.4
                        Oct 8, 2024 07:41:02.822608948 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.822622061 CEST4434974323.47.168.24192.168.2.4
                        Oct 8, 2024 07:41:02.824076891 CEST4434974323.47.168.24192.168.2.4
                        Oct 8, 2024 07:41:02.824129105 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.826160908 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.826235056 CEST4434974323.47.168.24192.168.2.4
                        Oct 8, 2024 07:41:02.826463938 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.826468945 CEST4434974323.47.168.24192.168.2.4
                        Oct 8, 2024 07:41:02.871896029 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.930187941 CEST4434974323.47.168.24192.168.2.4
                        Oct 8, 2024 07:41:02.930440903 CEST4434974323.47.168.24192.168.2.4
                        Oct 8, 2024 07:41:02.930485964 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.930716038 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.930732965 CEST4434974323.47.168.24192.168.2.4
                        Oct 8, 2024 07:41:02.930741072 CEST49743443192.168.2.423.47.168.24
                        Oct 8, 2024 07:41:02.930793047 CEST49743443192.168.2.423.47.168.24

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Oct 8, 2024 07:41:01.846985102 CEST5987053192.168.2.41.1.1.1

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Oct 8, 2024 07:41:01.846985102 CEST192.168.2.41.1.1.10x26daStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Oct 8, 2024 07:41:02.085514069 CEST1.1.1.1192.168.2.40x26daNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                        Oct 8, 2024 07:41:02.822397947 CEST1.1.1.1192.168.2.40xd88cNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                        Oct 8, 2024 07:41:02.822397947 CEST1.1.1.1192.168.2.40xd88cNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • armmf.adobe.com

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.44974323.47.168.244435800C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        TimestampBytes transferredDirectionData
                        2024-10-08 05:41:02 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                        Host: armmf.adobe.com
                        Connection: keep-alive
                        Accept-Language: en-US,en;q=0.9
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                        Sec-Fetch-Site: same-origin
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        Accept-Encoding: gzip, deflate, br
                        If-None-Match: "78-5faa31cce96da"
                        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                        2024-10-08 05:41:02 UTC198INHTTP/1.1 304 Not Modified
                        Content-Type: text/plain; charset=UTF-8
                        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                        ETag: "78-5faa31cce96da"
                        Date: Tue, 08 Oct 2024 05:41:02 GMT
                        Connection: close


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:01:40:47
                        Start date:08/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Fac_F00717187991.pdf"
                        Imagebase:0x7ff6bc1b0000
                        File size:5'641'176 bytes
                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:1
                        Start time:01:40:50
                        Start date:08/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                        Imagebase:0x7ff74bb60000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        General

                        Target ID:3
                        Start time:01:40:51
                        Start date:08/10/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2088 --field-trial-handle=1680,i,14465121669262946373,16136710372373622939,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                        Imagebase:0x7ff74bb60000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:false

                        Disassembly

                        No disassembly