Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Inbreukalert 108853.pdf

Overview

General Information

Sample name:Inbreukalert 108853.pdf
Analysis ID:1531474
MD5:8502fcad5d4442b2b5d7a45d4b077674
SHA1:8a8fd3d77f0d765ce72ff3405fb6ed51c000f8e0
SHA256:75a5dbf11322e80312741c8b0ba8a5a4f0787d86103e09f45f6aaae379057ced
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 4268 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Inbreukalert 108853.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6764 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 1396 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1680,i,14188585612647693084,4468660862608693226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49814
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49814
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49814
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49814
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49814
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49814
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49814
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49814
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49814
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 192.168.2.5:49814 -> 23.47.168.24:443
Source: global trafficTCP traffic: 23.47.168.24:443 -> 192.168.2.5:49814
Source: Joe Sandbox ViewIP Address: 23.47.168.24 23.47.168.24
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownTCP traffic detected without corresponding DNS query: 23.47.168.24
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: Inbreukalert 108853.pdfString found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: classification engineClassification label: clean2.winPDF@14/25@2/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-11 03-35-59-594.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Inbreukalert 108853.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1680,i,14188585612647693084,4468660862608693226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1680,i,14188585612647693084,4468660862608693226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Inbreukalert 108853.pdfInitial sample: PDF keyword /JS count = 0
Source: Inbreukalert 108853.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Inbreukalert 108853.pdfInitial sample: PDF keyword stream count = 26
Source: Inbreukalert 108853.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Inbreukalert 108853.pdfInitial sample: PDF keyword obj count = 50
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1531474 Sample: Inbreukalert 108853.pdf Startdate: 11/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 20 57 2->7         started        process3 process4 9 AcroCEF.exe 106 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 16 23.47.168.24, 443, 49814 AKAMAI-ASUS United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Inbreukalert 108853.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
x1.i.lencr.org0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe
http://www.aiim.org/pdfa/ns/id/0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
  • URL Reputation: safe
unknown
http://www.aiim.org/pdfa/ns/id/Inbreukalert 108853.pdffalseunknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.47.168.24
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1531474
Start date and time:2024-10-11 09:34:46 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 32s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:8
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Inbreukalert 108853.pdf
Detection:CLEAN
Classification:clean2.winPDF@14/25@2/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 95.100.50.221, 18.207.85.246, 54.144.73.197, 34.193.227.236, 107.22.247.231, 172.64.41.3, 162.159.61.3, 23.3.109.48, 2.19.126.149, 2.19.126.142, 104.76.201.34
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net

Simulations

Behavior and APIs

TimeTypeDescription
03:36:10API Interceptor1x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

InputOutput
URL: PDF document Model: jbxai
{
"brands":["KNIJFF"],
"text":"Stichting Envida T.a.v. mevrouw S. Houtappel Postbus 241 6200 AE MAASTRICHT Weesp,
 8 oktober 2024 Onze ref. : ERS/W34469BX00/I08853 Geachte mevrouw Houtappel,
 Jullie ontvangen dit bericht omdat jullie een bewakingsabonnement bij ons hebben. Wij signaleerden het onderstaande merk. Willen jullie alstublieft contact met ons opnemen over deze mogelijkke merkinbreuk? INBREUKALERT Gegevens van uw merk Gevonden merk EVIDA Bewaking type Klasse(n) Woord Benelux 35,
 37,
 39,
 43,
 44,
 45 Register Klasse(n) Internationaal 42,
 44 Depot nr. 1813144 Depotdatum 28 maart 2024 Publicatiedatum 3 oktober 2024 Hoogstwaarschijnlijk inbreuk Mogelijk inbreuk Ter kennisgeving Merkenbureau Knijff & Partners B.V. Leeuwenveldseweg 12 1382 LX Weesp | The Netherlands +31 (0)294 490 900 info@knijff.com www.knijff.com btw/vat NL007 033 199 B01 kvk 320 485 61 iban NL58 ABNA 0564 530 786 bic ABNA AN L2A",
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.47.168.24copyright_infringement_evidence_1.exeGet hashmaliciousUnknownBrowse
    cleu.cmDGet hashmaliciousUnknownBrowse
      https://content.app-us1.com/5zbe53/2024/09/30/8d9df716-ca99-47ed-825e-d3a2a0e6cd9e.pdfGet hashmaliciousHTMLPhisherBrowse
        PDF...pdfGet hashmaliciousUnknownBrowse
          TM3utH2CsU.exeGet hashmaliciousPureLog Stealer, XWormBrowse
            8f40pUzDo8.exeGet hashmaliciousMetasploitBrowse
              johnny.guanCopy.pdfGet hashmaliciousUnknownBrowse
                Bonus_Payments_Health_Insurance_Vacation_Policy_Update_20243568Acer Liquid Z63568.pdfGet hashmaliciousUnknownBrowse
                  f_0000eb.pdfGet hashmaliciousUnknownBrowse
                    Giger & Partner Fall Nr. 893983 Gerichtsbescheid Vergleich Nr. 241624 GM.pdfGet hashmaliciousUnknownBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AKAMAI-ASUSl0T55kCdTI.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      file.exeGet hashmaliciousLummaCBrowse
                      • 23.199.218.33
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      6DroQ0jTFY.elfGet hashmaliciousMiraiBrowse
                      • 95.101.248.58
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      cqdEWgq9fW.elfGet hashmaliciousMiraiBrowse
                      • 95.101.248.12
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      View and Print Online.pdfGet hashmaliciousUnknownBrowse
                      • 96.16.24.189
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.18237584095907
                      Encrypted:false
                      SSDEEP:6:gMFIq2P92nKuAl9OmbnIFUt818BZZmw+18BzkwO92nKuAl9OmbjLJ:g9v4HAahFUt818r/+18h5LHAaSJ
                      MD5:DF815D450617DAF3927EA6BCF459C66A
                      SHA1:C355B0FED0ABF2C72BBBA9DBFE8A810A8AE623B2
                      SHA-256:B7F5A80CE9D88DC245850FE48E1B2B2D0DA825BF07C26D8EB3D2E5D97BBE690A
                      SHA-512:B81905120C041EEE7F90B23E76B7F7AE141E7595EC11ECCF74E578D7FC593404601D9FDE56EB2277C60D57883CA3A9686DEB71049D652633A7CA05AEC2D23A8D
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/11-03:35:57.745 15e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/11-03:35:57.747 15e4 Recovering log #3.2024/10/11-03:35:57.747 15e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.18237584095907
                      Encrypted:false
                      SSDEEP:6:gMFIq2P92nKuAl9OmbnIFUt818BZZmw+18BzkwO92nKuAl9OmbjLJ:g9v4HAahFUt818r/+18h5LHAaSJ
                      MD5:DF815D450617DAF3927EA6BCF459C66A
                      SHA1:C355B0FED0ABF2C72BBBA9DBFE8A810A8AE623B2
                      SHA-256:B7F5A80CE9D88DC245850FE48E1B2B2D0DA825BF07C26D8EB3D2E5D97BBE690A
                      SHA-512:B81905120C041EEE7F90B23E76B7F7AE141E7595EC11ECCF74E578D7FC593404601D9FDE56EB2277C60D57883CA3A9686DEB71049D652633A7CA05AEC2D23A8D
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/11-03:35:57.745 15e4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/11-03:35:57.747 15e4 Recovering log #3.2024/10/11-03:35:57.747 15e4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):338
                      Entropy (8bit):5.252019854221623
                      Encrypted:false
                      SSDEEP:6:g9MujL+q2P92nKuAl9Ombzo2jMGIFUt819JK1Zmw+19zTlLVkwO92nKuAl9Ombzz:gmGyv4HAa8uFUt81Q/+1PR5LHAa8RJ
                      MD5:4951DB94357D3503E2F36BD5F1067B70
                      SHA1:7217F3A1876700E9B27681E143A8297E9F34D59C
                      SHA-256:91C37C740DC6B75699C925B2A16807A55AB9EB807123BC598F982EF88A51B275
                      SHA-512:35EAC14F95FF20B84850802674863BF96BB9580FD0D6C2DA58DD49B973F3AC00AF026CE602AD6E9DAF1A8492F6DB8539B9D89D0F411DE00B200AD9DB9F3FCFE8
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/11-03:35:57.863 1978 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/11-03:35:57.866 1978 Recovering log #3.2024/10/11-03:35:57.867 1978 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):338
                      Entropy (8bit):5.252019854221623
                      Encrypted:false
                      SSDEEP:6:g9MujL+q2P92nKuAl9Ombzo2jMGIFUt819JK1Zmw+19zTlLVkwO92nKuAl9Ombzz:gmGyv4HAa8uFUt81Q/+1PR5LHAa8RJ
                      MD5:4951DB94357D3503E2F36BD5F1067B70
                      SHA1:7217F3A1876700E9B27681E143A8297E9F34D59C
                      SHA-256:91C37C740DC6B75699C925B2A16807A55AB9EB807123BC598F982EF88A51B275
                      SHA-512:35EAC14F95FF20B84850802674863BF96BB9580FD0D6C2DA58DD49B973F3AC00AF026CE602AD6E9DAF1A8492F6DB8539B9D89D0F411DE00B200AD9DB9F3FCFE8
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/11-03:35:57.863 1978 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/11-03:35:57.866 1978 Recovering log #3.2024/10/11-03:35:57.867 1978 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):508
                      Entropy (8bit):5.052567248163298
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqyssBdOg2HHJgcaq3QYiubxnP7E4T3OF+:Y2sRdsDdMHp3QYhbxP7nbI+
                      MD5:8846EAFEEC0A14768711C3A6B7661524
                      SHA1:0376538DD9A00E3414066943ECB8B97A6EAC15A9
                      SHA-256:48A6FF91C90D0DC58534103A50FB729BB75FB4547D99E1DA6B4F308D63D6BFB1
                      SHA-512:F6C44E0F15CFDE5418FC4E9F343B5FFAE27E95094F31E0A61ADEAEA8A6E69152E442189F6080EDD09AA98839176001D08D6F1115B5DABF9D6A6F227DA78D7198
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373192169988120","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":130312},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a1acbc5c-db7a-4188-b3e0-c533993ce49a.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):508
                      Entropy (8bit):5.052567248163298
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqyssBdOg2HHJgcaq3QYiubxnP7E4T3OF+:Y2sRdsDdMHp3QYhbxP7nbI+
                      MD5:8846EAFEEC0A14768711C3A6B7661524
                      SHA1:0376538DD9A00E3414066943ECB8B97A6EAC15A9
                      SHA-256:48A6FF91C90D0DC58534103A50FB729BB75FB4547D99E1DA6B4F308D63D6BFB1
                      SHA-512:F6C44E0F15CFDE5418FC4E9F343B5FFAE27E95094F31E0A61ADEAEA8A6E69152E442189F6080EDD09AA98839176001D08D6F1115B5DABF9D6A6F227DA78D7198
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373192169988120","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":130312},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4509
                      Entropy (8bit):5.237114327912973
                      Encrypted:false
                      SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUruWdjEIW7Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLv
                      MD5:71B9497D5D595E60A70F1E4E94A1A486
                      SHA1:1B5A9D6AB37B5F44606B12EA5739A65D625882E6
                      SHA-256:3F22BB6DDB5C481FD093E961F87504F02EC7FAE4C7ADD9FD1478CFCB156613F3
                      SHA-512:C2DEA5DCB4CC36091B511082CD05A5C8B22D4D1A1EB4E5ED12817DC57A4DFC2BB6D773669E925D92806B0FCD9982AC8E1C00808540320E0A67ED2E3250921ECC
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):5.248744715022967
                      Encrypted:false
                      SSDEEP:6:gqL+q2P92nKuAl9OmbzNMxIFUt81mFgz1Zmw+1NGLVkwO92nKuAl9OmbzNMFLJ:gqyv4HAa8jFUt81mi/+10R5LHAa84J
                      MD5:4197B0C50B41B1EB7CB383FD222728D0
                      SHA1:B6FE0CBC8DD0B0300D3F7326CDB5F635983A35C4
                      SHA-256:0B8EEE5C4F3A9C4682BE33A7C67A1E6B9D72DB308388E4AA52F5A5B7E371C62D
                      SHA-512:2230DD4608A05B455D4942A1F0AFE8E972448CF0A46515711CCAEB4DB7C8ADDA8F49699F5567FB465FA5E29BE5DC270DA1ECBC1B5DB5BC70731D9081636E7C65
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/11-03:35:57.994 1978 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/11-03:35:57.995 1978 Recovering log #3.2024/10/11-03:35:57.996 1978 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):326
                      Entropy (8bit):5.248744715022967
                      Encrypted:false
                      SSDEEP:6:gqL+q2P92nKuAl9OmbzNMxIFUt81mFgz1Zmw+1NGLVkwO92nKuAl9OmbzNMFLJ:gqyv4HAa8jFUt81mi/+10R5LHAa84J
                      MD5:4197B0C50B41B1EB7CB383FD222728D0
                      SHA1:B6FE0CBC8DD0B0300D3F7326CDB5F635983A35C4
                      SHA-256:0B8EEE5C4F3A9C4682BE33A7C67A1E6B9D72DB308388E4AA52F5A5B7E371C62D
                      SHA-512:2230DD4608A05B455D4942A1F0AFE8E972448CF0A46515711CCAEB4DB7C8ADDA8F49699F5567FB465FA5E29BE5DC270DA1ECBC1B5DB5BC70731D9081636E7C65
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/11-03:35:57.994 1978 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/11-03:35:57.995 1978 Recovering log #3.2024/10/11-03:35:57.996 1978 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241011073602Z-186.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                      Category:dropped
                      Size (bytes):65110
                      Entropy (8bit):1.000876578769695
                      Encrypted:false
                      SSDEEP:96:x998qDMXMLJrvMMRB4KfQ3s+MKFMl4MjMhVKTTGavpIfqJto5hkPs2Pm/eS8QE18:n98sB49KTGaRIfvrt2npQE1f8KTA
                      MD5:D283228F68BEB826E6402B3E2AFEC7AE
                      SHA1:9C3CCFE4918DEE2B3DCFB76C4035F5ABED2D882C
                      SHA-256:EFE9EF8DBB8B555FD54FB884D77E38721D6D22C3CBA3D2F5DD1AE94830C9A6EE
                      SHA-512:6E49B245820B894737D36093C635035C170E354819203AC36BC17DE9051D8674D846F572FCB3D507BE739DC8E2664D3A14A9F71EC61C6AF27503DFCC47C17B8F
                      Malicious:false
                      Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Certificate, Version=3
                      Category:dropped
                      Size (bytes):1391
                      Entropy (8bit):7.705940075877404
                      Encrypted:false
                      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                      Malicious:false
                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):192
                      Entropy (8bit):2.779094196322516
                      Encrypted:false
                      SSDEEP:3:kkFkl26M/tfllXlE/HT8kglzltNNX8RolJuRdxLlGB9lQRYwpDdt:kKv6M/eT8HzlTNMa8RdWBwRd
                      MD5:EE11D9C30A37E3F56175F3EE0543FAC5
                      SHA1:E365E611D28E48163A03387A01DA4514D511EFEC
                      SHA-256:06C77E7A32BF02CF515275133B442345621FE04B2F37FCC0197DE0FDA6D35C0F
                      SHA-512:1AD60E2C7477F17C40FEF90FB25883726B9AC6BB3D1391EA336ADD49BD63EED1AF6FFD3086737343DE82DCAD8BB339112722BE5473A9C87CDA2AD677A02215F0
                      Malicious:false
                      Preview:p...... ...........=....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):227002
                      Entropy (8bit):3.392780893644728
                      Encrypted:false
                      SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
                      MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
                      SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
                      SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
                      SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
                      Malicious:false
                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2145
                      Entropy (8bit):5.068522786432734
                      Encrypted:false
                      SSDEEP:24:YFuQ3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCDxiW:Y7AwmWXZYEtoitbRCwu20wD+JliWxao
                      MD5:792B4777E5D2ADFD12829915B5B2BDC9
                      SHA1:86FBFF6786718A6878F6337DE67F4A479CC6E5BB
                      SHA-256:C7B205E4A7C8C308422164FFE1FDEB123AC0F71A5A0CF0C4873C7D4F550DAC7F
                      SHA-512:096DEBE4550C81256C4DAFFE322A71A6546637890C47C849ED0AFA21BD00DE4DEB831C0C22BBFD1E0AEDCA63815A9A083F71D6FEAD46447B661EF7F0ABA0F3CF
                      Malicious:false
                      Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1728632160000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d550de899f04b5f1cb01c3a7438d5d96","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696428962000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cfa45c7829b86b94abc8cd788add6752","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696428962000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"2dd86d6e5f99203c47dd099f6b5e82b8","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696428955000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"3ef850c86adcfefa30feaf6c5c1404b1","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1696426848000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"955b63af1bb125ce44faeb9a35adb91d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696426848000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg"

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):0.9840130996586833
                      Encrypted:false
                      SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpqZ4zJwtNBwtNbRZ6bRZ4vZF:TVl2GL7ms6ggOVpq6zutYtp6Pw7
                      MD5:756BF7CCFC3A898373BEF00E8F330608
                      SHA1:9201A2DA4180537E72756CDE0874F98DA5FAF747
                      SHA-256:F01A77269CD8C06D22FFD3A15F9E9A1B45BB54ECF1E31928E377B56E95900CE4
                      SHA-512:E3740FDBE151DE6A518110E28A2472FDE31F990FE8E3BE69089425825E9C08EB76D61D77DA68489FE46881166CA4F23E50E770070FBC082AFA44CD11C6989557
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.3370517210411974
                      Encrypted:false
                      SSDEEP:24:7+tgEAD1RZKHs/Ds/SpqZPzJwtNBwtNbRZ6bRZWf1RZK5qLBx/XYKQvGJF7urs9l:7MFGgOVpqhzutYtp6PMUqll2GL7ms9l
                      MD5:87CA819294C6A2D44C4DEC859C839E2F
                      SHA1:522EAF2D5A0FF5E89B6B2F70340B71C7F2915A82
                      SHA-256:C194A952E412AF750299D575D73FA30DB66D647971BC7B1B550E925F8A4D93A9
                      SHA-512:26A1B89EAEE5FA647ADA519BD903ABF16BFC047141880C8E802AC608E13CD2AA20F9B440CFB72246BACBDE4F5F9B5576DC105946C96AB3AEF696E75812C12A04
                      Malicious:false
                      Preview:.... .c..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSI87e0d.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.5162684137903053
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8SQID:Qw946cPbiOxDlbYnuRKiID
                      MD5:69BA06AC54862ABC1EB9341CD785DDFE
                      SHA1:5D746EAEDF2737DB6D075D4A433CA8F836E75232
                      SHA-256:C2A4A27A5874AC62106E21A5ED9C207BDC1B8CF1C5C4E2B3EF99342D1C58C3F3
                      SHA-512:5E657201068DA846BEA3B91C2CAC2500CB82087C9E28AA861F69F6779DF7F6618ECF499A4AD4280DAC590791C9F0FFB87E0C599EAC3DCFF83FC83D9F6325BF80
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.1./.1.0./.2.0.2.4. . .0.3.:.3.6.:.0.4. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-11 03-35-59-594.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.376360055978702
                      Encrypted:false
                      SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                      MD5:1336667A75083BF81E2632FABAA88B67
                      SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                      SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                      SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                      Malicious:false
                      Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):15114
                      Entropy (8bit):5.3782113984848365
                      Encrypted:false
                      SSDEEP:384:1MqByEffAXqIf9M7ypHzHoAJdmnLdNRbal8GAsWXCaVkse7V1Oh9GlGTikt6OZZD:FXb
                      MD5:511A480A5656B8F4C10B562419DF5691
                      SHA1:6E9A1067A897D09064EE625465D7ED8350A9576B
                      SHA-256:535797EA7E132F0DB02D0E987237E8F12E8FFBCAFCEA182A0427B75C715321B2
                      SHA-512:D3C7FD115212B8EA97E4AD1B5A5D2AAFBD911814832B49FD0233CA4F74419D9D8B432183C57C3D54209438E97C55CA068F6B13BC819DC1397875BF4A04204B1C
                      Malicious:false
                      Preview:SessionID=642f6823-cc70-48ac-9b20-d2f28b5ad085.1728632159619 Timestamp=2024-10-11T03:35:59:619-0400 ThreadID=5292 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=642f6823-cc70-48ac-9b20-d2f28b5ad085.1728632159619 Timestamp=2024-10-11T03:35:59:619-0400 ThreadID=5292 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=642f6823-cc70-48ac-9b20-d2f28b5ad085.1728632159619 Timestamp=2024-10-11T03:35:59:619-0400 ThreadID=5292 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=642f6823-cc70-48ac-9b20-d2f28b5ad085.1728632159619 Timestamp=2024-10-11T03:35:59:620-0400 ThreadID=5292 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=642f6823-cc70-48ac-9b20-d2f28b5ad085.1728632159619 Timestamp=2024-10-11T03:35:59:620-0400 ThreadID=5292 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.400638284431066
                      Encrypted:false
                      SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbk:w
                      MD5:5EA9AB16B7DB8A3A40DEDF21596C5888
                      SHA1:D6140FC99F713590A14C2D6303C8627277A03B9F
                      SHA-256:CFC8CFE75239F9D084FCC06A178A4BCA9DCE9CC77BA414EC8A4144B8F40F838F
                      SHA-512:728E31725883A156119F1229998FFE1F81FEC8B90A059C5271CE78B833CDF93182B89E2D177712653210F59098177A89B8947AA3C035AA6A5B7E569D54FD6E05
                      Malicious:false
                      Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\3b30d150-14c9-49f6-aa11-530af16489d1.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                      MD5:18E3D04537AF72FDBEB3760B2D10C80E
                      SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                      SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                      SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\4477f52f-acbd-43b0-8cbf-2af092e52719.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Local\Temp\acrocef_low\9c690918-c3b8-4d22-806a-5b203a2149dc.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\e999c698-ac7d-4a41-973f-ead9b66e25ef.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      Static File Info

                      General

                      File type:PDF document, version 1.4
                      Entropy (8bit):7.030700484907539
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:Inbreukalert 108853.pdf
                      File size:1'736'018 bytes
                      MD5:8502fcad5d4442b2b5d7a45d4b077674
                      SHA1:8a8fd3d77f0d765ce72ff3405fb6ed51c000f8e0
                      SHA256:75a5dbf11322e80312741c8b0ba8a5a4f0787d86103e09f45f6aaae379057ced
                      SHA512:71542bc0be23fca03ecaa30fe783438fcb621e3b633c515bcb33eb10095fa784149d772a87b1fe3a457309243c60bad00f3cea536e4c7acd300f15f3ac1d590a
                      SSDEEP:24576:hSNOPeT+99KHMkt1dFaBiSNzjB6cSbt1dFaBiPO8tz+Qp1n4:hCT+94skxe9zlSbxeWOoz+Qp14
                      TLSH:75859E03CD194B97A51C43FCAE070EB82F0D1A5CE9C62BEB01726E977A656360C5F16E
                      File Content Preview:%PDF-1.4..%......4 0 obj..<</Type /XObject /Subtype /Image /Width 4960 /Height 7015 /ColorSpace /DeviceGray /BitsPerComponent 8 /Decode [0 1] /Interpolate false /Filter /FlateDecode /DecodeParms <</Predictor 12 /Columns 4960 >>.. /Length 68386 >>..stream.

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.4
                      Total Entropy:7.030700
                      Total Bytes:1736018
                      Stream Entropy:7.020694
                      Stream Bytes:1726009
                      Entropy outside Streams:5.222343
                      Bytes outside Streams:10009
                      Number of EOF found:1
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj50
                      endobj50
                      stream26
                      endstream26
                      xref1
                      trailer1
                      startxref1
                      /Page2
                      /Encrypt0
                      /ObjStm0
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm0
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0

                      Image Streams

                      IDDHASHMD5Preview
                      400000000000000207c062b4be63880ba14df21e74e5c0fa4
                      370700000000001596756c77997a9aaad7dab8e75b8a9fa11
                      86073b1d8282625885e6d0b79039b73c03571ddedaff5441e
                      71f0f07232b164d33cc1a155a2b48796d3fbd404e107699c4
                      127072e120282825884352ebef33df4849a462ee179270edb8

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 11, 2024 09:36:10.464848042 CEST49814443192.168.2.523.47.168.24
                      Oct 11, 2024 09:36:10.464878082 CEST4434981423.47.168.24192.168.2.5
                      Oct 11, 2024 09:36:10.464941025 CEST49814443192.168.2.523.47.168.24
                      Oct 11, 2024 09:36:10.465478897 CEST49814443192.168.2.523.47.168.24
                      Oct 11, 2024 09:36:10.465495110 CEST4434981423.47.168.24192.168.2.5
                      Oct 11, 2024 09:36:11.017419100 CEST4434981423.47.168.24192.168.2.5
                      Oct 11, 2024 09:36:11.017710924 CEST49814443192.168.2.523.47.168.24
                      Oct 11, 2024 09:36:11.017745018 CEST4434981423.47.168.24192.168.2.5
                      Oct 11, 2024 09:36:11.019195080 CEST4434981423.47.168.24192.168.2.5
                      Oct 11, 2024 09:36:11.019260883 CEST49814443192.168.2.523.47.168.24
                      Oct 11, 2024 09:36:11.027120113 CEST49814443192.168.2.523.47.168.24
                      Oct 11, 2024 09:36:11.027203083 CEST4434981423.47.168.24192.168.2.5
                      Oct 11, 2024 09:36:11.027316093 CEST49814443192.168.2.523.47.168.24
                      Oct 11, 2024 09:36:11.027329922 CEST4434981423.47.168.24192.168.2.5
                      Oct 11, 2024 09:36:11.075011969 CEST49814443192.168.2.523.47.168.24
                      Oct 11, 2024 09:36:11.123310089 CEST4434981423.47.168.24192.168.2.5
                      Oct 11, 2024 09:36:11.123415947 CEST4434981423.47.168.24192.168.2.5
                      Oct 11, 2024 09:36:11.123490095 CEST49814443192.168.2.523.47.168.24
                      Oct 11, 2024 09:36:11.124054909 CEST49814443192.168.2.523.47.168.24
                      Oct 11, 2024 09:36:11.124073029 CEST4434981423.47.168.24192.168.2.5

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 11, 2024 09:36:10.032247066 CEST5377253192.168.2.51.1.1.1
                      Oct 11, 2024 09:36:23.591558933 CEST6188253192.168.2.51.1.1.1

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Oct 11, 2024 09:36:10.032247066 CEST192.168.2.51.1.1.10x9eafStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                      Oct 11, 2024 09:36:23.591558933 CEST192.168.2.51.1.1.10x37ecStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Oct 11, 2024 09:36:10.042380095 CEST1.1.1.1192.168.2.50x9eafNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                      Oct 11, 2024 09:36:24.084239006 CEST1.1.1.1192.168.2.50x37ecNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.54981423.47.168.244431396C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-10-11 07:36:11 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-10-11 07:36:11 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Fri, 11 Oct 2024 07:36:11 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:03:35:55
                      Start date:11/10/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Inbreukalert 108853.pdf"
                      Imagebase:0x7ff686a00000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:1
                      Start time:03:35:57
                      Start date:11/10/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff6413e0000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:4
                      Start time:03:35:57
                      Start date:11/10/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1680,i,14188585612647693084,4468660862608693226,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff6413e0000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      No disassembly