Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDF

Overview

General Information

Sample name:Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDF
Analysis ID:1532976
MD5:94fed46fd43f848e39f51962eb66f36a
SHA1:cd9668e67db6a84583694cc33bfedab32b535f24
SHA256:e4eb20c6e661409e26e2f51a0f82777b771191229e51e283cc4a462fff34268d
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6540 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 2148 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6584 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1640,i,9707924894947965681,5943374216949905986,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 104.77.220.172:443 -> 192.168.2.4:49744
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: global trafficTCP traffic: 192.168.2.4:49744 -> 104.77.220.172:443
Source: Joe Sandbox ViewIP Address: 104.77.220.172 104.77.220.172
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: classification engineClassification label: clean2.winPDF@14/31@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3368Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-14 02-52-33-964.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1640,i,9707924894947965681,5943374216949905986,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1640,i,9707924894947965681,5943374216949905986,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDFInitial sample: PDF keyword /JS count = 0
Source: Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDFInitial sample: PDF keyword /JavaScript count = 0
Source: Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDFInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532976 Sample: Muffenrohr Tiefbauh., Zahl.... Startdate: 14/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 7 Acrobat.exe 20 69 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 16 104.77.220.172, 443, 49744 AKAMAI-ASUS United States 11->16

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
x1.i.lencr.org0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
  • URL Reputation: safe
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
104.77.220.172
unknownUnited States
16625AKAMAI-ASUSfalse

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1532976
Start date and time:2024-10-14 08:51:33 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 7s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDF
Detection:CLEAN
Classification:clean2.winPDF@14/31@1/1
Cookbook Comments:
  • Found application associated with file extension: .PDF
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197, 2.19.126.143, 2.19.126.149, 162.159.61.3, 172.64.41.3, 2.23.197.184, 93.184.221.240
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

TimeTypeDescription
02:52:44API Interceptor3x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
104.77.220.172Fact-2024-10.pdfGet hashmaliciousUnknownBrowse
    Farahexperiences.com_Report_87018.pdfGet hashmaliciousUnknownBrowse
      Farahexperiences.com_Report_52288.pdfGet hashmaliciousUnknownBrowse
        Tonincasa Updated Employee sheet .pdfGet hashmaliciousHTMLPhisherBrowse
          Contract_Agreement_Wednesday September 2024.pdfGet hashmaliciousUnknownBrowse
            Contract_Agreement_Tuesday September 2024.pdfGet hashmaliciousUnknownBrowse
              c1.pdfGet hashmaliciousHTMLPhisherBrowse
                https://dl.dropboxusercontent.com/scl/fi/0cbpht7ar66yi7ybardu3/Satander_Zahlungsbest-tigung-von-19092024.zip?rlkey=pq1myegofnqggcdva93jeac5a&st=nce3sth9&dl=0Get hashmaliciousUnknownBrowse
                  Inv_Doc_18#908.pdfGet hashmaliciousUnknownBrowse
                    WOT0089836_Electrical_Single_Line_diagram%2C_lighting__RR_docx_3461849704.pdfGet hashmaliciousUnknownBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      Solara.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      file.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      arm5.nn-20241014-0317.elfGet hashmaliciousMirai, OkiruBrowse
                      • 104.117.28.226
                      arm7.nn-20241014-0317.elfGet hashmaliciousMirai, OkiruBrowse
                      • 104.124.6.21
                      SoftWare.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      SoftWare.exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      SoftWare(2).exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254
                      SoftWare(1).exeGet hashmaliciousLummaCBrowse
                      • 104.102.49.254

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.1473298526180455
                      Encrypted:false
                      SSDEEP:6:Wy3yq2Pwkn2nKuAl9OmbnIFUt87er1Zmw+711RkwOwkn2nKuAl9OmbjLJ:0vYfHAahFUt8Kr1/+J5JfHAaSJ
                      MD5:A7A02CC9CBE80926350500BCE28B5E93
                      SHA1:421A97207414AF4628D4A67A20A117397CDE4EBE
                      SHA-256:A4C2D95B70DA29ADBFAFF6C5775A03A35A93575CCE08B1F5C7A151E5AA414953
                      SHA-512:59943870E99C7AED5FC743244B85C3C3D62196CFDD3AD804AECE9A69090A3372F570BBB78DC128526DE5F93A72D28BC61BF197C4F37E907E1768BEE451C7856F
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/14-02:52:31.549 ae0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/14-02:52:31.554 ae0 Recovering log #3.2024/10/14-02:52:31.555 ae0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.1473298526180455
                      Encrypted:false
                      SSDEEP:6:Wy3yq2Pwkn2nKuAl9OmbnIFUt87er1Zmw+711RkwOwkn2nKuAl9OmbjLJ:0vYfHAahFUt8Kr1/+J5JfHAaSJ
                      MD5:A7A02CC9CBE80926350500BCE28B5E93
                      SHA1:421A97207414AF4628D4A67A20A117397CDE4EBE
                      SHA-256:A4C2D95B70DA29ADBFAFF6C5775A03A35A93575CCE08B1F5C7A151E5AA414953
                      SHA-512:59943870E99C7AED5FC743244B85C3C3D62196CFDD3AD804AECE9A69090A3372F570BBB78DC128526DE5F93A72D28BC61BF197C4F37E907E1768BEE451C7856F
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/14-02:52:31.549 ae0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/14-02:52:31.554 ae0 Recovering log #3.2024/10/14-02:52:31.555 ae0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.173888156079382
                      Encrypted:false
                      SSDEEP:6:WRq9+q2Pwkn2nKuAl9Ombzo2jMGIFUt873qJZmw+7D9VkwOwkn2nKuAl9Ombzo23:X9+vYfHAa8uFUt8DqJ/+X9V5JfHAa8RJ
                      MD5:B699D63306110A6574F897D0069E07E4
                      SHA1:C69C634F4953EBF88B992588FB11C8F3B8C5463F
                      SHA-256:28E760E5F9237EE775BABCCF32562FB8948F3A5480D544404302269AF2902DB6
                      SHA-512:E5A3FD7FF48FC07FD1EE2434335AF1C80727BACF1027CE7E8221C7893341F670A1B008CCB0CF52FF99B95D7320FA7461931A628B911F6AEF1C68BAAFED59C120
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/14-02:52:31.593 1c4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/14-02:52:31.595 1c4c Recovering log #3.2024/10/14-02:52:31.596 1c4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):336
                      Entropy (8bit):5.173888156079382
                      Encrypted:false
                      SSDEEP:6:WRq9+q2Pwkn2nKuAl9Ombzo2jMGIFUt873qJZmw+7D9VkwOwkn2nKuAl9Ombzo23:X9+vYfHAa8uFUt8DqJ/+X9V5JfHAa8RJ
                      MD5:B699D63306110A6574F897D0069E07E4
                      SHA1:C69C634F4953EBF88B992588FB11C8F3B8C5463F
                      SHA-256:28E760E5F9237EE775BABCCF32562FB8948F3A5480D544404302269AF2902DB6
                      SHA-512:E5A3FD7FF48FC07FD1EE2434335AF1C80727BACF1027CE7E8221C7893341F670A1B008CCB0CF52FF99B95D7320FA7461931A628B911F6AEF1C68BAAFED59C120
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/14-02:52:31.593 1c4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/14-02:52:31.595 1c4c Recovering log #3.2024/10/14-02:52:31.596 1c4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5d0bfcf0-e98c-422a-a70e-151bf0d353c8.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:modified
                      Size (bytes):475
                      Entropy (8bit):4.97196132533112
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqyRsBdOg2HK3caq3QYiubInP7E4T3y:Y2sRds4dMHK23QYhbG7nby
                      MD5:1F5096F101C8662E87E0457E6B65C1AC
                      SHA1:3F6B0A654C067AEEB4A24D5E4198322FBBA2C082
                      SHA-256:16ACA6143A2B43CF7EED76EA292DF4F02061150B0F2A74BAB967C5A9B4977D17
                      SHA-512:8A72D9137C42CC742220ABB5048F3A24C7E622A547552270A2BEF0FCC2AFFA5F31DEC9434E62CD169089CCEA45DBCA068C580A06F54DD5DA4FE34C425A5EEA0F
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373448764175478","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":298900},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):475
                      Entropy (8bit):4.97196132533112
                      Encrypted:false
                      SSDEEP:12:YH/um3RA8sqyRsBdOg2HK3caq3QYiubInP7E4T3y:Y2sRds4dMHK23QYhbG7nby
                      MD5:1F5096F101C8662E87E0457E6B65C1AC
                      SHA1:3F6B0A654C067AEEB4A24D5E4198322FBBA2C082
                      SHA-256:16ACA6143A2B43CF7EED76EA292DF4F02061150B0F2A74BAB967C5A9B4977D17
                      SHA-512:8A72D9137C42CC742220ABB5048F3A24C7E622A547552270A2BEF0FCC2AFFA5F31DEC9434E62CD169089CCEA45DBCA068C580A06F54DD5DA4FE34C425A5EEA0F
                      Malicious:false
                      Reputation:low
                      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13373448764175478","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":298900},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4730
                      Entropy (8bit):5.25439244744464
                      Encrypted:false
                      SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7TgEnnxZ:etJCV4FiN/jTN/2r8Mta02fEhgO73go/
                      MD5:FCEC14B275A65A2A8DB94F77E84FFD44
                      SHA1:A054A56FC9EC430BD4437C287F86D5E642F4A75F
                      SHA-256:95A0C9ED4942B83C08942F2AB9C0A87F1712BD9B5387C682545BC714F1BAD32C
                      SHA-512:CF9892284F29C00341B1446F90C622AFF6EBD6C9BE3DC7CA6D50ADB156DA7AE6574FD4188A886ED0F5841A6490A743D3198964D3563FA493783A87B25ECC7AB8
                      Malicious:false
                      Reputation:low
                      Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.147227031546178
                      Encrypted:false
                      SSDEEP:6:WL9+q2Pwkn2nKuAl9OmbzNMxIFUt87VJZmw+7zuL9VkwOwkn2nKuAl9OmbzNMFLJ:s9+vYfHAa8jFUt8ZJ/+U9V5JfHAa84J
                      MD5:583A91130FDA0DC99AF4D2ECA829BE6C
                      SHA1:85BE13264721C7A57F4A6E9DCC2019A53161B054
                      SHA-256:96EE5FC02BCC4CEF04757F11E7E3BB7E979108AF45F933D8657496079F1B62C7
                      SHA-512:9081C55757AFA31B92DE6ABF26641E4CA217ADAEBC6ED9BB517C9786A39D41F86776A5A3FA530F5AA7BD7DDA700090E76E4F32E6D0C7758A7F9DC0CFC1323D31
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/14-02:52:31.923 1c4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/14-02:52:31.932 1c4c Recovering log #3.2024/10/14-02:52:31.940 1c4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):324
                      Entropy (8bit):5.147227031546178
                      Encrypted:false
                      SSDEEP:6:WL9+q2Pwkn2nKuAl9OmbzNMxIFUt87VJZmw+7zuL9VkwOwkn2nKuAl9OmbzNMFLJ:s9+vYfHAa8jFUt8ZJ/+U9V5JfHAa84J
                      MD5:583A91130FDA0DC99AF4D2ECA829BE6C
                      SHA1:85BE13264721C7A57F4A6E9DCC2019A53161B054
                      SHA-256:96EE5FC02BCC4CEF04757F11E7E3BB7E979108AF45F933D8657496079F1B62C7
                      SHA-512:9081C55757AFA31B92DE6ABF26641E4CA217ADAEBC6ED9BB517C9786A39D41F86776A5A3FA530F5AA7BD7DDA700090E76E4F32E6D0C7758A7F9DC0CFC1323D31
                      Malicious:false
                      Reputation:low
                      Preview:2024/10/14-02:52:31.923 1c4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/14-02:52:31.932 1c4c Recovering log #3.2024/10/14-02:52:31.940 1c4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241014065236Z-160.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                      Category:dropped
                      Size (bytes):65110
                      Entropy (8bit):1.2241971647215868
                      Encrypted:false
                      SSDEEP:96:sH3JwH/bHSHVDP++sR0rMbmMMSMM/RhCfJQyDMRMPgq7Rtn7ccwOHDzD:+wHzHSHhw4D
                      MD5:46F3784BA9C276586BD4195D79DDC161
                      SHA1:463C5D6A3C9C5C04262259D4C0AFA17B46627964
                      SHA-256:8A50A4D0E7ADBB81F6F43DD1BE8538F4C32A399FA9B4E7E2739D0E519D8E079A
                      SHA-512:B2193AA628793927EA91C00DB5B264CED7F049A608C52D311A74B8D0F449EF8A9106D1EACF5B1BE413FA8DF8452AD84347DACFD468DA367A974F24A4C3A2D204
                      Malicious:false
                      Preview:BMV.......6...(...k...h..... .............................................................zzz.....zzz.................................999.............SSS.................................................................................................................zzz.................................zzz.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                      Category:dropped
                      Size (bytes):86016
                      Entropy (8bit):4.445101858553872
                      Encrypted:false
                      SSDEEP:384:yezci5tciBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:r7s3OazzU89UTTgUL
                      MD5:AFB393010F2B70B68A4DC4959B9C88DA
                      SHA1:AB5B6E91AA575582367C4DC59A93C9B64D4A220C
                      SHA-256:AF20F15FCEC3E14CEB69A7A8CDE25BF1166EDDEC03328B4249742773F9C3E920
                      SHA-512:70D03E2C484D47ECAFA88E0B1B54FF20ED938D33C234C4F412D4FF6EB244AC180CF3E4866FDB40EB600612D5330FA88EE98A9CF3C038375E26E9ABE2637EDFD8
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):3.7743778982303717
                      Encrypted:false
                      SSDEEP:48:7M7p/E2ioyVEioy9oWoy1Cwoy1EKOioy1noy1AYoy1Wioy1hioybioy2oy1noy1I:7IpjuEFfXKQPVb9IVXEBodRBkm
                      MD5:7DC78BBF022C522F238F7894D38A2918
                      SHA1:F48AF3E8A3A98F07E10CC80D4D00C668EB6F559C
                      SHA-256:CCFDD6E7E911B967378B5083FAF781B44D4E661319AA8BA7319FB1DC92815835
                      SHA-512:B4AC401DF9AF4DE0BC37656972F885B9EFF53DB93511C59AB76D349C5A297639E0BF2FB61DF4058029DF12530AA7D15E77CAC425D26E81CAAA27C4EDE4CB3ACC
                      Malicious:false
                      Preview:.... .c........R...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Certificate, Version=3
                      Category:dropped
                      Size (bytes):1391
                      Entropy (8bit):7.705940075877404
                      Encrypted:false
                      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                      Malicious:false
                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                      Category:dropped
                      Size (bytes):71954
                      Entropy (8bit):7.996617769952133
                      Encrypted:true
                      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                      Malicious:false
                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):192
                      Entropy (8bit):2.7464849065063075
                      Encrypted:false
                      SSDEEP:3:kkFklMzDg7+EvfllXlE/HT8k/C1NNX8RolJuRdxLlGB9lQRYwpDdt:kKVzD+6T82uNMa8RdWBwRd
                      MD5:30CA5E60DBAE5F6F9C2F5586CFC5F5F7
                      SHA1:935E0136D745B734AFD58151B01EDE770D5DF157
                      SHA-256:F7D9D4ACD7A09BB2304ADE2724A3ECA07293F8EEBD56D696C4B83A3DA2BB0A0B
                      SHA-512:F69AB9C6F383DBC56A0210A27E55D8F13330024197C2E37380EBD27656E0542F4FE83CF8A9AEC75B9C095946C15EA3B62DAFC8584F49294DB9C9F17FF40D48FF
                      Malicious:false
                      Preview:p...... ........?......(....................................................... ..........W.....]..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:modified
                      Size (bytes):328
                      Entropy (8bit):3.141785112603811
                      Encrypted:false
                      SSDEEP:6:kKgPT9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:fDnLNkPlE99SNxAhUe/3
                      MD5:A955FE65E52681BFF61C4CD1D1BB688C
                      SHA1:E76F9022DFDA01A47DCFA7FD24C1E6851C239517
                      SHA-256:E90157EB9F1B1A4A7B5265553AF1AF8892B20C1B6FCEE812FA6567C6B3337447
                      SHA-512:2AB8B9525683A9D8B07F2BFB650F56EA173FAED6393AC83FDF0FB1D57CAC4E77054448570EC2D6EFA86B04C7577062BCAC6FDBE5AF30FC47E6BBD09F49909303
                      Malicious:false
                      Preview:p...... .........,:.....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3368

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):185099
                      Entropy (8bit):5.182478651346149
                      Encrypted:false
                      SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                      MD5:94185C5850C26B3C6FC24ABC385CDA58
                      SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                      SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                      SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                      Malicious:false
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):243196
                      Entropy (8bit):3.3450692389394283
                      Encrypted:false
                      SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                      MD5:F5567C4FF4AB049B696D3BE0DD72A793
                      SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                      SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                      SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                      Malicious:false
                      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:3:e:e
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2145
                      Entropy (8bit):5.067215929339103
                      Encrypted:false
                      SSDEEP:48:Ya2sL0/EY0bMSlMtCM5mMOpiMAW0MretMSMmkaMY:Yv/SYtt55V6AWLre6JmkhY
                      MD5:C5747BA5E7269965659DC98A7C2CE9E2
                      SHA1:E61BB863CCA9DF0FF40F22D561055C9FC70C2DE9
                      SHA-256:CE311B0D077000F1E9010EDF8A76599BC32F7DBA03C6F70DAB1CAC84F73629E1
                      SHA-512:7E7D01E1FDF3EDB51726C962A86953C319AEE14CD478F197417484C4F40B6322624A6EA9A6ECA7C5E61933AD744C5CC331B32F1DBFFE2DD1951F865D68DFDBA1
                      Malicious:false
                      Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1728888754000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"23c88c8acf166d9fda5ae4d83df3db72","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696420889000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d5fa85f4cf271b5fa75367efd1b392fa","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696420884000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"7c2ad79e375e3ea39f82a389e8a5841f","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696420882000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c3af48ba3dee086edbbf20dff46c7ee0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696333862000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"7101e009d8bf8920d0a3dd3f5dc75ebc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696333862000},{"id":"DC_Reader_Edit_LHP_Banner"

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):1.1882901034903208
                      Encrypted:false
                      SSDEEP:48:TGufl2GL7msEHUUUUUUUUFSvR9H9vxFGiDIAEkGVvpC:lNVmswUUUUUUUUF+FGSIt2
                      MD5:372338DD79A1C8623FE13BAB1F4BFA56
                      SHA1:120A0FC05D53C4F351C193A39480EFD99202C0DB
                      SHA-256:847B8D5C02EAC146D1008F7E41C34AA069C4DF45B71AB9D551C2BCBE75730B7D
                      SHA-512:58DB256DCD62AE8BBFDFF775CA934448055C2FCBE399DB11856615AE23D5517935D1B9B4449772ADDB67AFD9E8C245925E4770773C0A8E34F2645199392784F4
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.6084863735846189
                      Encrypted:false
                      SSDEEP:48:7MFKUUUUUUUUUUdvR9H9vxFGiDIAEkGVvVqFl2GL7ms90:7zUUUUUUUUUUZFGSItHKVms90
                      MD5:1A2B94D26E1B85F179A9819E25F288E7
                      SHA1:819CD354612E1203333B0A88568D201A28C3C90C
                      SHA-256:86252EED4EC1A60F1401E64635BC0E4C2565F5509E41D74879AC1E6CF566125C
                      SHA-512:2B74049FAEB62C8AC52D5F3796E3F762D4D355C1C372C3634DC1998AB78DF6F51CDFCE0A933A5FF285F3C37A0EBE84EB583C4D65D588403BE48EFC011A772BA3
                      Malicious:false
                      Preview:.... .c..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSIe8753.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.524398495091119
                      Encrypted:false
                      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84COlqnf9:Qw946cPbiOxDlbYnuRKbk
                      MD5:BE2BE852FF09E2F44B643D3888B4B290
                      SHA1:9AF11BEC9456348B362E689CF8EF7D982EFC59ED
                      SHA-256:DCAC8FC028AFBEC036117163F5F0296B23CF9345238EDAF943A24B1ABA3A660B
                      SHA-512:26D38C00681F2CECDFCB509F86E29767F2FC00AB76F13350FA5CFF85982F61BD7E57B7D6A769C5B1424E41E0F8D66AF6F671C39AA8C9900D3075614F96969770
                      Malicious:false
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.4./.1.0./.2.0.2.4. . .0.2.:.5.2.:.3.8. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-14 02-52-33-964.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.345946398610936
                      Encrypted:false
                      SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                      MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                      SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                      SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                      SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                      Malicious:false
                      Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):16603
                      Entropy (8bit):5.336515905870856
                      Encrypted:false
                      SSDEEP:384:YrN6+gD1GLe4TNMepwkDK0LGSNI5xFRLEf0q4EarGrPyUf38iLiK6/6PixnMpSav:FgZf
                      MD5:F905DF2E338C053F08900CC73F255F13
                      SHA1:607CCE17B0ABF08AEC7C08195B8D8ADA20F0E296
                      SHA-256:2154BC15A022FCFE5EFFE63B0691623E05C71201624592E2497242281E43D173
                      SHA-512:35244B55CCC43C076AD83D3AABAA6ECD9F6A60141179883DDB54EFFB48952A551A225BFE85FF2D32C409F3D97747C88814364865C20BB60955B7C4F05F3DE375
                      Malicious:false
                      Preview:SessionID=1cb10b7a-4432-40e8-a268-172eaed69f32.1728888753973 Timestamp=2024-10-14T02:52:33:973-0400 ThreadID=7696 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=1cb10b7a-4432-40e8-a268-172eaed69f32.1728888753973 Timestamp=2024-10-14T02:52:33:973-0400 ThreadID=7696 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=1cb10b7a-4432-40e8-a268-172eaed69f32.1728888753973 Timestamp=2024-10-14T02:52:33:973-0400 ThreadID=7696 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=1cb10b7a-4432-40e8-a268-172eaed69f32.1728888753973 Timestamp=2024-10-14T02:52:33:973-0400 ThreadID=7696 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=1cb10b7a-4432-40e8-a268-172eaed69f32.1728888753973 Timestamp=2024-10-14T02:52:33:974-0400 ThreadID=7696 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.384498351227067
                      Encrypted:false
                      SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rE:w
                      MD5:332EE1676369718505D2DF1404B00C49
                      SHA1:0F9D185FC44AE4857463D2171907DE9DF4C8595A
                      SHA-256:F45F0D9DE41CF7FCC8E257155BD60E31C7CC2970B3E928F9EE2723814BD1216F
                      SHA-512:298D4E429632E410828FD0F6E732BEA1AE1B5F8CB90C8464ED90D7F559A49C23A2581D87F3347CED108B2BC09B829E1DE752C2DC5BC32CA866C7A472689B10B2
                      Malicious:false
                      Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\2db72695-2550-4c0d-a6af-f94abb92620d.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\48fa63ed-0ef2-404b-afbb-781fea50a557.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\5ad36a7a-69d8-4a4a-8dbf-d597b9015f74.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
                      MD5:18E3D04537AF72FDBEB3760B2D10C80E
                      SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
                      SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
                      SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
                      Malicious:false
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\5fc6f6b8-03ad-46f3-96dc-40fe460d9427.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      Static File Info

                      General

                      File type:PDF document, version 1.3, 1 pages
                      Entropy (8bit):4.641783812259633
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDF
                      File size:13'005 bytes
                      MD5:94fed46fd43f848e39f51962eb66f36a
                      SHA1:cd9668e67db6a84583694cc33bfedab32b535f24
                      SHA256:e4eb20c6e661409e26e2f51a0f82777b771191229e51e283cc4a462fff34268d
                      SHA512:b0bd59720f25e2a0774789813202ad94d47efbccd8925a3b815f31300af7df7d44f60acf29aff08fb9bf4d01638a54560e88d90d9689744c6d7dacece0bbb9ba
                      SSDEEP:384:jHacEj0ACu+m9EACZ3Id6egoZ5lRIWAqsF8s+1ajmj1CfgMuIGS0Gkb1HIzQHzup:jo+OaACZ3Id6egoZ5lRIWAqsF8s+1ajz
                      TLSH:9E429ADC2662CA9CF9112DDE2FC07240932E26253AC64A8E7D2C69114B5EB07F95F8C7
                      File Content Preview:%PDF-1.3..%......%RSTXPDF3 Parameters: DRSTXh..2 0 obj../WinAnsiEncoding..endobj..3 0 obj..<<..%Devtype HPLJ4000 Font COURIER normal Lang DE../Type /Font../Subtype /Type1../BaseFont /Courier../Name /F001../Encoding 2 0 R..>>..endobj..4 0 obj..<<../Type /

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.3
                      Total Entropy:4.641784
                      Total Bytes:13005
                      Stream Entropy:4.237646
                      Stream Bytes:8484
                      Entropy outside Streams:4.707391
                      Bytes outside Streams:4521
                      Number of EOF found:1
                      Bytes after EOF:

                      Keywords Statistics

                      NameCount
                      obj12
                      endobj12
                      stream1
                      endstream1
                      xref1
                      trailer1
                      startxref1
                      /Page1
                      /Encrypt0
                      /ObjStm0
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm0
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 14, 2024 08:52:45.391686916 CEST49744443192.168.2.4104.77.220.172
                      Oct 14, 2024 08:52:45.391778946 CEST44349744104.77.220.172192.168.2.4
                      Oct 14, 2024 08:52:45.391859055 CEST49744443192.168.2.4104.77.220.172
                      Oct 14, 2024 08:52:45.392184019 CEST49744443192.168.2.4104.77.220.172
                      Oct 14, 2024 08:52:45.392235994 CEST44349744104.77.220.172192.168.2.4
                      Oct 14, 2024 08:52:45.970400095 CEST44349744104.77.220.172192.168.2.4
                      Oct 14, 2024 08:52:45.970730066 CEST49744443192.168.2.4104.77.220.172
                      Oct 14, 2024 08:52:45.970762968 CEST44349744104.77.220.172192.168.2.4
                      Oct 14, 2024 08:52:45.971734047 CEST44349744104.77.220.172192.168.2.4
                      Oct 14, 2024 08:52:45.971843004 CEST49744443192.168.2.4104.77.220.172
                      Oct 14, 2024 08:52:45.973754883 CEST49744443192.168.2.4104.77.220.172
                      Oct 14, 2024 08:52:45.973815918 CEST44349744104.77.220.172192.168.2.4
                      Oct 14, 2024 08:52:45.973946095 CEST49744443192.168.2.4104.77.220.172
                      Oct 14, 2024 08:52:45.973963022 CEST44349744104.77.220.172192.168.2.4
                      Oct 14, 2024 08:52:46.022500038 CEST49744443192.168.2.4104.77.220.172
                      Oct 14, 2024 08:52:46.071784019 CEST44349744104.77.220.172192.168.2.4
                      Oct 14, 2024 08:52:46.071887970 CEST44349744104.77.220.172192.168.2.4
                      Oct 14, 2024 08:52:46.075287104 CEST49744443192.168.2.4104.77.220.172
                      Oct 14, 2024 08:52:46.075306892 CEST44349744104.77.220.172192.168.2.4
                      Oct 14, 2024 08:52:46.075335026 CEST49744443192.168.2.4104.77.220.172
                      Oct 14, 2024 08:52:46.075419903 CEST49744443192.168.2.4104.77.220.172

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Oct 14, 2024 08:52:44.963578939 CEST5020453192.168.2.41.1.1.1

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Oct 14, 2024 08:52:44.963578939 CEST192.168.2.41.1.1.10x8640Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Oct 14, 2024 08:52:44.970583916 CEST1.1.1.1192.168.2.40x8640No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • armmf.adobe.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.449744104.77.220.1724436584C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      TimestampBytes transferredDirectionData
                      2024-10-14 06:52:45 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                      Host: armmf.adobe.com
                      Connection: keep-alive
                      Accept-Language: en-US,en;q=0.9
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      Accept-Encoding: gzip, deflate, br
                      If-None-Match: "78-5faa31cce96da"
                      If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                      2024-10-14 06:52:46 UTC198INHTTP/1.1 304 Not Modified
                      Content-Type: text/plain; charset=UTF-8
                      Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                      ETag: "78-5faa31cce96da"
                      Date: Mon, 14 Oct 2024 06:52:46 GMT
                      Connection: close


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:02:52:30
                      Start date:14/10/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Muffenrohr Tiefbauh., Zahl.-Erinnerung KD2016680.PDF"
                      Imagebase:0x7ff6bc1b0000
                      File size:5'641'176 bytes
                      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:1
                      Start time:02:52:31
                      Start date:14/10/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:3
                      Start time:02:52:31
                      Start date:14/10/2024
                      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1640,i,9707924894947965681,5943374216949905986,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                      Imagebase:0x7ff74bb60000
                      File size:3'581'912 bytes
                      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      No disassembly