Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Fawn SR.pdf

Overview

General Information

Sample name:Fawn SR.pdf
Analysis ID:1546427
MD5:21b8872312436e51fd92f4b352475db1
SHA1:7d43e86b53a4e2accb4cccd2eab407e11b2fc40a
SHA256:aec16b70aa501f232237963786262b957012796870aa51a59d86814673542ffd
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Suricata IDS alerts with low severity for network traffic
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6944 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Fawn SR.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3492 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 432 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1660,i,4725044180020461910,8330491623448977777,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-31T21:47:56.533357+010020229301A Network Trojan was detected20.12.23.50443192.168.2.449744TCP
2024-10-31T21:48:24.793845+010020229301A Network Trojan was detected20.12.23.50443192.168.2.457101TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 96.6.160.189:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 96.6.160.189:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 96.6.160.189:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 96.6.160.189:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 96.6.160.189:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 96.6.160.189:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 96.6.160.189:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 96.6.160.189:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 96.6.160.189:443 -> 192.168.2.4:49745
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 192.168.2.4:49745 -> 96.6.160.189:443
Source: global trafficTCP traffic: 96.6.160.189:443 -> 192.168.2.4:49745
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.4:57101
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.4:49744
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
Source: unknownTCP traffic detected without corresponding DNS query: 96.6.160.189
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: classification engineClassification label: clean2.winPDF@14/47@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6236Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 16-47-42-952.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Fawn SR.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1660,i,4725044180020461910,8330491623448977777,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1660,i,4725044180020461910,8330491623448977777,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Fawn SR.pdfInitial sample: PDF keyword /JS count = 0
Source: Fawn SR.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Fawn SR.pdfInitial sample: PDF keyword stream count = 30
Source: Fawn SR.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Fawn SR.pdfInitial sample: PDF keyword obj count = 53
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546427 Sample: Fawn SR.pdf Startdate: 31/10/2024 Architecture: WINDOWS Score: 2 14 x1.i.lencr.org 2->14 16 bg.microsoft.map.fastly.net 2->16 7 Acrobat.exe 18 74 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 18 96.6.160.189, 443, 49745 AKAMAI-ASUS United States 11->18

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
      • URL Reputation: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      96.6.160.189
      		unknownUnited States
      		16625AKAMAI-ASUSfalse

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1546427
      Start date and time:2024-10-31 21:46:42 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 10s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowspdfcookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:10
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:Fawn SR.pdf
      Detection:CLEAN
      Classification:clean2.winPDF@14/47@1/1
      Cookbook Comments:
      • Found application associated with file extension: .pdf
      • Found PDF document
      • Close Viewer

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.143, 2.19.126.149, 52.202.204.11, 23.22.254.206, 54.227.187.23, 52.5.13.197, 172.64.41.3, 162.159.61.3, 2.23.197.184, 199.232.214.172
      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
      • Not all processes where analyzed, report is missing behavior information
      • VT rate limit hit for: Fawn SR.pdf

      Simulations

      Behavior and APIs

      TimeTypeDescription
      16:47:54API Interceptor2x Sleep call for process: AcroCEF.exe modified

      LLM Input / Output

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      96.6.160.189J4zGPhVRV3.exeGet hashmaliciousRMSRemoteAdminBrowse

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        bg.microsoft.map.fastly.netpCUif26EC3.pdfGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        https://usps.com-trackrsm.top/lGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        https://t.ly/4Nq2xGet hashmaliciousHTMLPhisher, Mamba2FABrowse
        • 199.232.214.172
        Metro Plastics Technologies.pdfGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        QUOTATION#09678.exeGet hashmaliciousRedLineBrowse
        • 199.232.210.172
        https://hidrive.ionos.com/lnk/FamigcCEFGet hashmaliciousUnknownBrowse
        • 199.232.214.172
        http://djaahaf.r.af.d.sendibt2.comGet hashmaliciousUnknownBrowse
        • 199.232.214.172
        http://www.kristinsacademy.com/?wptouch_switch=desktop&redirect=http://lagunaua.comGet hashmaliciousHTMLPhisherBrowse
        • 199.232.214.172
        Invoice Ref ++_Donuts.htmlGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        https://0nline1.logs-trading.site/?O462BZ3P81OgZBKGet hashmaliciousHTMLPhisherBrowse
        • 199.232.210.172

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        AKAMAI-ASUSfile.exeGet hashmaliciousStealc, VidarBrowse
        • 23.192.223.231
        Proposal From Wachler & Associates PC.pdfGet hashmaliciousHtmlDropper, HTMLPhisherBrowse
        • 96.6.168.143
        file.exeGet hashmaliciousStealc, VidarBrowse
        • 104.117.244.112
        original.emlGet hashmaliciousMamba2FABrowse
        • 2.19.126.160
        Fw Message from Kevin - Update on Coles Supply Chain Modernisation 31-10-24.emlGet hashmaliciousUnknownBrowse
        • 23.201.252.83
        Setup.exeGet hashmaliciousUnknownBrowse
        • 184.28.89.148
        http://3d1.gmobb.jp/dcm299ccyag4e/gov/Get hashmaliciousPhisherBrowse
        • 184.28.88.244
        https://dzentec-my.sharepoint.com/:u:/g/personal/i_lahmer_entec-dz_com/EdYp5IxQ-uxJivnPAqSzv40BZiCX7sphz7Kj8JDyRBKqpQ?e=wqutC4Get hashmaliciousUnknownBrowse
        • 23.38.98.83
        https://onedrive.live.com/view.aspx?resid=8656653D19C3C7C0!s599af221dbfd41b9a607812ebc66d2cf&migratedtospo=true&redeem=aHR0cHM6Ly8xZHJ2Lm1zL28vYy84NjU2NjUzZDE5YzNjN2MwL0VpSHltbG45MjdsQnBnZUJMcnhtMHM4QjRNbHFPTTJWd0ZlQTFNLWNhZ0lnRkE_ZT1aak8wczY&wd=target%28Sezione%20senza%20titolo.one%7C99ad2a4b-5ecc-495f-9ce8-040ac62eb8f2%2F%5BExternal%5D%20-%20Invoice%20%27s%208808-%7C9e6e973e-3cda-429a-a28f-c51dc242e5b1%2F%29&wdorigin=NavigationUrlGet hashmaliciousUnknownBrowse
        • 184.28.89.164
        .gov.ua.htmlGet hashmaliciousUnknownBrowse
        • 184.28.90.27

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.238838626017441
        Encrypted:false
        SSDEEP:6:xyq2Pwkn2nKuAl9OmbnIFUt8Qr1Zmw++FslRkwOwkn2nKuAl9OmbjLJ:xyvYfHAahFUt8M/++qlR5JfHAaSJ
        MD5:AFF73755C236F9380BC3B21116B0726C
        SHA1:D685B9E67A080385A52C231E58BF179F47AC210C
        SHA-256:B9DF214259DECD2326116CEF1D3972A925B9C0CE99763E1FE93C04B7738D59C3
        SHA-512:DB6638BBA3031F399A01E8687DF515739F1D1965A79E3151AA2D1A60FFE48FDC86E28E8C386C020ECDABE70C386579E5C75F99DEF708797BE1D49A78F4CE4EA4
        Malicious:false
        Reputation:low
        Preview:2024/10/31-16:47:40.795 19c0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-16:47:40.797 19c0 Recovering log #3.2024/10/31-16:47:40.798 19c0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.238838626017441
        Encrypted:false
        SSDEEP:6:xyq2Pwkn2nKuAl9OmbnIFUt8Qr1Zmw++FslRkwOwkn2nKuAl9OmbjLJ:xyvYfHAahFUt8M/++qlR5JfHAaSJ
        MD5:AFF73755C236F9380BC3B21116B0726C
        SHA1:D685B9E67A080385A52C231E58BF179F47AC210C
        SHA-256:B9DF214259DECD2326116CEF1D3972A925B9C0CE99763E1FE93C04B7738D59C3
        SHA-512:DB6638BBA3031F399A01E8687DF515739F1D1965A79E3151AA2D1A60FFE48FDC86E28E8C386C020ECDABE70C386579E5C75F99DEF708797BE1D49A78F4CE4EA4
        Malicious:false
        Reputation:low
        Preview:2024/10/31-16:47:40.795 19c0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-16:47:40.797 19c0 Recovering log #3.2024/10/31-16:47:40.798 19c0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):336
        Entropy (8bit):5.1797040395981675
        Encrypted:false
        SSDEEP:6:oQ9+q2Pwkn2nKuAl9Ombzo2jMGIFUt8TdTJZmw+TdT9VkwOwkn2nKuAl9Ombzo23:cvYfHAa8uFUt8L/+B5JfHAa8RJ
        MD5:F2D67B7DBEA61B996508D6128A2B644F
        SHA1:E4F9EB45FBA4805D4034B2DAD270F6D498B1C26D
        SHA-256:F669BB3AE3AC8E657B19A9524E88F8FD3537B6DBDEF48E21B5BA47447FDFE4F9
        SHA-512:3F42A47A49D71CF9B4A6C1F39D0DE193C1E6DA655D74D10EE67A538613D32C373B5A034ED1F07B77BEEFB28A75C1EE72754D5C72CF2014910C57F6D5463B1C74
        Malicious:false
        Reputation:low
        Preview:2024/10/31-16:47:40.817 1c08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-16:47:40.818 1c08 Recovering log #3.2024/10/31-16:47:40.818 1c08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):336
        Entropy (8bit):5.1797040395981675
        Encrypted:false
        SSDEEP:6:oQ9+q2Pwkn2nKuAl9Ombzo2jMGIFUt8TdTJZmw+TdT9VkwOwkn2nKuAl9Ombzo23:cvYfHAa8uFUt8L/+B5JfHAa8RJ
        MD5:F2D67B7DBEA61B996508D6128A2B644F
        SHA1:E4F9EB45FBA4805D4034B2DAD270F6D498B1C26D
        SHA-256:F669BB3AE3AC8E657B19A9524E88F8FD3537B6DBDEF48E21B5BA47447FDFE4F9
        SHA-512:3F42A47A49D71CF9B4A6C1F39D0DE193C1E6DA655D74D10EE67A538613D32C373B5A034ED1F07B77BEEFB28A75C1EE72754D5C72CF2014910C57F6D5463B1C74
        Malicious:false
        Reputation:low
        Preview:2024/10/31-16:47:40.817 1c08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-16:47:40.818 1c08 Recovering log #3.2024/10/31-16:47:40.818 1c08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\5c96052f-48a7-48e7-9612-f8f3b52f1c65.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):475
        Entropy (8bit):4.962596660201576
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqnSVsBdOg2HVcaq3QYiubInP7E4T3y:Y2sRdsX2dMHU3QYhbG7nby
        MD5:754B519E0F9A489C4D64F9167BCB7C8D
        SHA1:12A9ED553FABA78A968563524B30EF7B117FE682
        SHA-256:B6A6DF2B96C3512D75907D54B57ABABBAB49A4D49CADE816A4D21ECE0C4C5B00
        SHA-512:C6911CE8F2145152D77287A0E0234C9388B5703D09C85A8D850C88ABCBA75ABE003F356D891F2790EE562DF2C7D54B258607565FFD66A5297A077821269F7E97
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374967673485553","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":256413},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.962596660201576
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqnSVsBdOg2HVcaq3QYiubInP7E4T3y:Y2sRdsX2dMHU3QYhbG7nby
        MD5:754B519E0F9A489C4D64F9167BCB7C8D
        SHA1:12A9ED553FABA78A968563524B30EF7B117FE682
        SHA-256:B6A6DF2B96C3512D75907D54B57ABABBAB49A4D49CADE816A4D21ECE0C4C5B00
        SHA-512:C6911CE8F2145152D77287A0E0234C9388B5703D09C85A8D850C88ABCBA75ABE003F356D891F2790EE562DF2C7D54B258607565FFD66A5297A077821269F7E97
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374967673485553","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":256413},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4730
        Entropy (8bit):5.249312187490306
        Encrypted:false
        SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7quhDQ0pNhDQ0Z:etJCV4FiN/jTN/2r8Mta02fEhgO73goT
        MD5:05308E8F00C7B7D99F4F2017A6B64941
        SHA1:85D3A2FBED30EC52319D82EE91767E9079AE1E1A
        SHA-256:D5C1A5FDBE7DF6F94BA94602C92B1179D4D09C108E348BD97A6EC89B25339364
        SHA-512:A44561CEF5E3FB9C523A1D2DC4803047EBAC15794242C03FE7332D8A72473CD337556F22535AE747D1E488F67B7AF0E93608D1C2D851C63196C8578008DDE67C
        Malicious:false
        Reputation:low
        Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):324
        Entropy (8bit):5.205028981125265
        Encrypted:false
        SSDEEP:6:4T9+q2Pwkn2nKuAl9OmbzNMxIFUt8yNJZmw+lJ3F39VkwOwkn2nKuAl9OmbzNMFd:xvYfHAa8jFUt8y/+nFz5JfHAa84J
        MD5:E16A7ED4A56C399452E1A13DDE23DFBF
        SHA1:3E652ADA44D93A064C232A2386D1E321573D3A92
        SHA-256:0FE3BCF57044208510E94B4667BBF0DA1E356908588B3EF701D36614E1BBFC3B
        SHA-512:EE4CD984C490AA062AF1A82D77136BAD38E8EA54F6AE2F6D6A34A321BCE01ED554FDA96636D1400197EFBD8052E83B68F1B671D2FBBD5B033582531CFB0BB071
        Malicious:false
        Reputation:low
        Preview:2024/10/31-16:47:41.730 1c08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-16:47:41.742 1c08 Recovering log #3.2024/10/31-16:47:41.756 1c08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):324
        Entropy (8bit):5.205028981125265
        Encrypted:false
        SSDEEP:6:4T9+q2Pwkn2nKuAl9OmbzNMxIFUt8yNJZmw+lJ3F39VkwOwkn2nKuAl9OmbzNMFd:xvYfHAa8jFUt8y/+nFz5JfHAa84J
        MD5:E16A7ED4A56C399452E1A13DDE23DFBF
        SHA1:3E652ADA44D93A064C232A2386D1E321573D3A92
        SHA-256:0FE3BCF57044208510E94B4667BBF0DA1E356908588B3EF701D36614E1BBFC3B
        SHA-512:EE4CD984C490AA062AF1A82D77136BAD38E8EA54F6AE2F6D6A34A321BCE01ED554FDA96636D1400197EFBD8052E83B68F1B671D2FBBD5B033582531CFB0BB071
        Malicious:false
        Reputation:low
        Preview:2024/10/31-16:47:41.730 1c08 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-16:47:41.742 1c08 Recovering log #3.2024/10/31-16:47:41.756 1c08 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241031204745Z-160.bmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
        Category:dropped
        Size (bytes):71190
        Entropy (8bit):1.1687624529818026
        Encrypted:false
        SSDEEP:192:5h3BSpLDcslYSgdhZl7nBJ6hbvBuqzotvh:5h3B8QWYSgdZ7nBJkbvBbzotvh
        MD5:05B28C6921C5231B348D484C02C24927
        SHA1:1E56FD5CCA547180F03982F33A35B4D975C540FD
        SHA-256:D17A9F06A7BAC3BB69B27D6684C18CD79F6EA4DB77D010A99BA8C4314B09C8F6
        SHA-512:E9496AA67520A05DB952E90FC61EC2A71F4452CD225856BA76D1F26A8B93EBAB9CD9FCCD809B07E6F863D8B437C7D00951D066863A19AC704E192F20B62E00AA
        Malicious:false
        Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
        Category:dropped
        Size (bytes):86016
        Entropy (8bit):4.445179957912177
        Encrypted:false
        SSDEEP:384:yezci5t4iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rfs3OazzU89UTTgUL
        MD5:6E78A3CCBE34E2C39684643A6A2CFF30
        SHA1:B83419BC4F4C59CACE77532302F5EC14A94D97CC
        SHA-256:9E00CB10A3DB02BE9B5C8AFE626ED8575A4F56320E462871EF9D93D1C44E2423
        SHA-512:466EB35A6EDE998DA85F4F4041F4692CDDE336F9B4520B475A5DC61615F32027CC4B34A2451BA78B0D3CB2D3C9EEACD20DAB3ACC27FDD17AE3481A656D790659
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):3.7717722908608304
        Encrypted:false
        SSDEEP:48:7Mjp/E2ioyVfENioy9oWoy1Cwoy1MEWKOioy1noy1AYoy1Wioy1hioybioyeESo8:7UpjuMNFyOXKQoQcb9IVXEBodRBky
        MD5:952D0426AC883FBA8E2999B9C7A9D957
        SHA1:09E9444C649D59BA44C2DCA22986891E65D75E44
        SHA-256:1561E766C82BDE815F66435747FF280FBBCF1A57237AB90991B5D2098693305C
        SHA-512:F30AEF110FE245B6F2418276430423DAF2C7235FDD832AF16B7B87B2FCD0507C21FB3350E7DE01743B37C3E8FC1073B97DFA4B5D3B9831693347355378434E07
        Malicious:false
        Preview:.... .c.....c_B'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):71954
        Entropy (8bit):7.996617769952133
        Encrypted:true
        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
        Malicious:false
        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.7217198674325385
        Encrypted:false
        SSDEEP:3:kkFklJfFO+kN/XfllXlE/HT8kd1NNX8RolJuRdxLlGB9lQRYwpDdt:kKZ6T8eNMa8RdWBwRd
        MD5:F436D57AE76E82A11CF1A2266AE99F7E
        SHA1:F8EC0A98C71D29D8263832688E594D44D5B23D43
        SHA-256:D095CB345577BF36F76EF4321B211896F7915C113A5FA5653D0EBF8E753C838A
        SHA-512:ECEA083E792AC0323619B3ED5ABCD72396D40E8DFE9117BF97C55C6B45175D840253CAACE4723018E832178978DD1211C0D0B51426BF550005222138F352CC83
        Malicious:false
        Preview:p...... ...........(.+..(....................................................... ..........W....xt..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):328
        Entropy (8bit):3.247897867253901
        Encrypted:false
        SSDEEP:6:kKb0BF9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:j6sDImsLNkPlE99SNxAhUe/3
        MD5:C14DE2790C1B38A537CC9C3002F244E7
        SHA1:D58A82A61449CA6C2FFDD7C2852CC56667488203
        SHA-256:BBFD5C974FF9E2BB235468AA44DB4EA3D37146FE1D671E07CFB9040F12917729
        SHA-512:0A824103C12BFBFCDEFCC4A6672F5E4851CEE7C4BA45589E45CDADEA48F5A6A2BC77B8F204B275B4CAB62C3329050DDE50ACFE1481D31E92072B2EB653A310E9
        Malicious:false
        Preview:p...... ...........;.+..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6236

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):243196
        Entropy (8bit):3.3450692389394283
        Encrypted:false
        SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
        MD5:F5567C4FF4AB049B696D3BE0DD72A793
        SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
        SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
        SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
        Malicious:false
        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.35914132535016
        Encrypted:false
        SSDEEP:6:YEQXJ2HXcD1leVoZcg1vRcR0Yl2RDoAvJM3g98kUwPeUkwRe9:YvXKXSZc0vs2OGMbLUkee9
        MD5:CF53C35F864B0D5199EB34F170253FBC
        SHA1:3C06BFC098A743EA361964B71F9B3A6CD04A5653
        SHA-256:B395409CDDCFB546C8E55EC1AB2B650BE5D15C0D60B6D3577A1F01071C7C2A55
        SHA-512:9665E18B8DC86A6AB3433D116B657183E30B5D25706BC0AC80D941863673ED8A2FD14067AB5B282E1502B846FD32C65232D261BFF1069EFF625CF5F9031A4245
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.305482584487623
        Encrypted:false
        SSDEEP:6:YEQXJ2HXcD1leVoZcg1vRcR0Yl2RDoAvJfBoTfXpnrPeUkwRe9:YvXKXSZc0vs2OGWTfXcUkee9
        MD5:1423C17563E5EEF19506617BB5108129
        SHA1:086F20904671C2304AC1EB024F48DA9F042F3876
        SHA-256:86FF1BEB1326E07F05D348D301F5F6DD83430B563936EFB8E666DFD1017D731E
        SHA-512:CFEFCF1D480E7E08DF3618653DE59D5E2F7B7D17F079047D574D0FBF6369FB13BB934CCF09BF16F9510BB561E7AF13F0E8FD93826DAE76533BECF72635389791
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.284303659533221
        Encrypted:false
        SSDEEP:6:YEQXJ2HXcD1leVoZcg1vRcR0Yl2RDoAvJfBD2G6UpnrPeUkwRe9:YvXKXSZc0vs2OGR22cUkee9
        MD5:7CAFF08D60D62623C722257FCB7DD813
        SHA1:D6B6E08CA33EF216F2D4469D5580534BFE30520C
        SHA-256:B730B38FC58E3519F449F295E600466C623F690FA826EF4B1A79183770A4A0FF
        SHA-512:1714CD6170B01E400CED885C589093930CAB9ACD674526A774CCBF78428E1434E6B30CA95FFACF9200E2589A100CD8BB7156A91066020F949105772DAB90B533
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.346003689055248
        Encrypted:false
        SSDEEP:6:YEQXJ2HXcD1leVoZcg1vRcR0Yl2RDoAvJfPmwrPeUkwRe9:YvXKXSZc0vs2OGH56Ukee9
        MD5:C8FAA60C65E6A331DBC0C09EF2179508
        SHA1:256F760E13C677311B71C66330775045479F458D
        SHA-256:55F626EE1DED5BE7889BEEF76FDF960413D4626BB202833A5C9FDE19B44E8BDF
        SHA-512:A67B6FE6F2AD8896BBDB9E47CB51DFFCB5B5256F255BCE844AA2C7C9B364E268401E838F0ED59DD3E792DFF9BE51C4082197331857537DDB2C2E9872AE0C2914
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1055
        Entropy (8bit):5.661534217883631
        Encrypted:false
        SSDEEP:24:Yv6XSzvs+pLgEscLf7nnl0RCmK8czOCCSb:YvBhhgGzaAh8cv/b
        MD5:FA634A372EF2513A6F1AA35FA61EEB5C
        SHA1:26E6BAFF463399842146BB4AC000DB491C6B0884
        SHA-256:352140C393016796F8FE0CC91ADDCC09E5B9196841D861C5092D964588D2833D
        SHA-512:C3754EF0530EA114A349DBC0BEA7992B7DD28D81E124111861318EECBFD9323745A0768DA7128644B631A20EA759C587D872A32E098E2F1DC86372BB092C8719
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1050
        Entropy (8bit):5.652248695915997
        Encrypted:false
        SSDEEP:24:Yv6XSzvsoVLgEF0c7sbnl0RCmK8czOCYHflEpwiV6:YvB9Fg6sGAh8cvYHWpwb
        MD5:089281BC1D4C674B581C462139FB91E0
        SHA1:C29F0BB034D67A07E7C9378FDE4E76D9E106B9F5
        SHA-256:BE96C6BE04D00016584C0B7287551C498896165E64CCB2D5D0442C16BE0B8981
        SHA-512:B664FA112504ABF91E5D0BC258211037980DACBAD5365EAC96939B8BE393D7DA4BAC0F8F0639991F13C32DC2612D69FD7F0B8B5B6D5B4296F1E110E4C8695711
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.294283266008474
        Encrypted:false
        SSDEEP:6:YEQXJ2HXcD1leVoZcg1vRcR0Yl2RDoAvJfQ1rPeUkwRe9:YvXKXSZc0vs2OGY16Ukee9
        MD5:0CF3BC5E3D4F51896B4203580534BB4E
        SHA1:06309D95685010316A076DA96E276249B194CBA1
        SHA-256:23DDA1AD52E292E37F270AFBB0261C7C631DC48522B8AF8BCC4D9952AB2C24C8
        SHA-512:782EC62073B2BB7B4A9BA8D3B33BC30D8674F92E6914618591E693AA59C1ADE9F0B5E3EE05F8116F24CD68676EB86B4461108F2E35D513CC07DEFFC8CC79FF3E
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1038
        Entropy (8bit):5.645009747465273
        Encrypted:false
        SSDEEP:24:Yv6XSzvst2LgEF7cciAXs0nl0RCmK8czOCAPtciB6:YvB8ogc8hAh8cvAY
        MD5:6A5EE5FDF56FBD518B80E88E534965E8
        SHA1:83FD5757A3A80C29EE6FFF5DA015732992DC94F1
        SHA-256:6537D30248C007840460DDEED691C86F7BD850998E9F000F3A3362452CA23D41
        SHA-512:CCD1753D5F46D62359F47F1BC9EA5AE919F9147FAA8470700FA51484444AF53FFC4E8F9993087627561C4AA60C6B88C09C74ACA231754592853C994EFFD4B8F0
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1164
        Entropy (8bit):5.6984525965621
        Encrypted:false
        SSDEEP:24:Yv6XSzvsFKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK56:YvB8EgqprtrS5OZjSlwTmAfSK0
        MD5:558BF7C8BE850CC851506AF779B30DD4
        SHA1:7F795E0D65046796CD5C018ABD3D475407D2B150
        SHA-256:E1D1367AD0266AE3F619DA10B45EAFC60D7E1C227CF0B98AA801BD9ECAC4014A
        SHA-512:A3EA23AF5AF6C03BD2BA1DAF61C2EA3877E5A8B292DD13D1155C339DF534CC6BC202B194C46695A5D2DF6CF6CAD6B0490D066D93E1B2BE92682DC4CE32F583D9
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.2962796588971175
        Encrypted:false
        SSDEEP:6:YEQXJ2HXcD1leVoZcg1vRcR0Yl2RDoAvJfYdPeUkwRe9:YvXKXSZc0vs2OGg8Ukee9
        MD5:C89AB06256B40A45B3C98F1F348A1FAA
        SHA1:A22915B4D33B1429B04A38D5755621B931FC16BB
        SHA-256:D373241556B7E5813873EF503BE50F4EBE5B94B6241DC276390086188D08F990
        SHA-512:58C9AD6FB080C470C6FF650EB8A437864D6D103B9754FC19DAFF3439B27CB04B6DF48E718C21BE9D7E953ED8BAC678B45419C2AF23D12421741CB9F5AA46F278
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1395
        Entropy (8bit):5.780343034715837
        Encrypted:false
        SSDEEP:24:Yv6XSzvs4rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNi:YvBzHgDv3W2aYQfgB5OUupHrQ9FJ0
        MD5:F67F6C71A6ACB444BC9F9CD23537751A
        SHA1:71CA244F8B77016C2DA10FD879CFDBFE4D6E379A
        SHA-256:7B298656365881FF4989C10EB805C45439B873FB5ADFDFD77D52D2D6F3F3A9D2
        SHA-512:AD5CDAB44DA7A5A33206C49D7FF8A239E7418458D6995DDF16E07DDF1153F6BDBD0C2B028A896115D7BDBAA86E8634FBCDA291196E6A2EE116876E17A5571B0A
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.27985232592564
        Encrypted:false
        SSDEEP:6:YEQXJ2HXcD1leVoZcg1vRcR0Yl2RDoAvJfbPtdPeUkwRe9:YvXKXSZc0vs2OGDV8Ukee9
        MD5:9BADA3E3DFFF7D63C0D11A6FE0741149
        SHA1:19FA80CF9EC4C2371EF41A490FC590D3A61FE374
        SHA-256:3A0B77ACE7EAB5507F6BCC595A06DE7B18B406B08D18367C0B588F2D78E8453A
        SHA-512:48CCC806DFE9187EEDACD52915E70CF3D18BDE8AFD01A80D6ECCE7F337045E7EBA2ADB199352DD47B48E26A9996A227EB854663A341989872104453A70417688
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.284748149072168
        Encrypted:false
        SSDEEP:6:YEQXJ2HXcD1leVoZcg1vRcR0Yl2RDoAvJf21rPeUkwRe9:YvXKXSZc0vs2OG+16Ukee9
        MD5:0C161B9ED1ED3D9445EC2E073A74B2C6
        SHA1:F0DD8DA374F95A640DF574B68FE9AB46510B4B0E
        SHA-256:971114A330D1713B2B9D72627FDA6423BEDE7ED100155F2F0975DB180986CE2F
        SHA-512:9B0071F67EEB452B0F475CCFB0EF8D86AFCAACBD29105B99A241C56E248FE74578A6B5845E49BFA88CD5E62BFF988F7A93CF46D8C5DCB704034F756AA1371170
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1026
        Entropy (8bit):5.631965383109889
        Encrypted:false
        SSDEEP:24:Yv6XSzvsiamXayLgE7cMCBNaqnl0RCmK8czOC/BSb:YvBtBgACBOAh8cvMb
        MD5:89E0D811EC3D37646A5A374F39F3DD02
        SHA1:6E7BB9CD263FD6BE5DF59501E51B50CA9AD46F70
        SHA-256:02CAE7D47C165E6B802794C76F4A35B84AA10FE40A45855C598A74892ADDACAF
        SHA-512:34924DFE26821CCD24D70D45214BF6A24F6D1C5786CCF22C1E8DBBD967B7AC38044D17D30626DD8E7A2466192F2C405C6C32215C6AF1429EC6A7DAC7CEE2BB50
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.260360918759242
        Encrypted:false
        SSDEEP:6:YEQXJ2HXcD1leVoZcg1vRcR0Yl2RDoAvJfshHHrPeUkwRe9:YvXKXSZc0vs2OGUUUkee9
        MD5:488D9CB25C4AC0534393D9BE6B559BF3
        SHA1:2B57503A0C005C8A431A2533190E567E3DE4CE42
        SHA-256:9D2CFF75EEA592E73D7909499FC96DEA368FD7BAE1365108D879D12F7554E61E
        SHA-512:381646EAB2B73BA3C6EFF498AAE8E98026164190686DA3FE2C1567D18273CA7A380CF83EEDA949A5077EA49867B8D92850601D79A76841256971C5B592A5FD4E
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):782
        Entropy (8bit):5.366993633046803
        Encrypted:false
        SSDEEP:12:YvXKXSZc0vs2OGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWW:Yv6XSzvs1168CgEXX5kcIfANhb
        MD5:A4C9AC9B62E2418A53E28BA9FF4F634A
        SHA1:BA9C22D2587CF508BC0587C4DF7372EEEA43B225
        SHA-256:E26FEFF4787710B90CA3D17FE77913AB2A9DA454B1AE3FDC8BBB8F04E7119AC6
        SHA-512:D85B841A74BDF14E1409B56BE7D6B8C8FE5A33F0CFE3BA1D8FC4F2868479226BFF4945C58C42F6FD8AD22C7C2B7CFED329D098EF126101420A9DCE1461BCBC7C
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7afd542c-0f8d-4818-bf1e-e0a1c6e88a45","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730587653206,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730407668238}}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2818
        Entropy (8bit):5.127251632817851
        Encrypted:false
        SSDEEP:48:Y7IdO3IKOOq5dZuAjvqXQQBpNGphTmrBh/p95eC:nemjiXD/5VJj
        MD5:132E185B422A6225B0B7842C0F132409
        SHA1:8F2A6DB3DE9DF0B8FBF2CC9396A753EEB47F9417
        SHA-256:DAA455EEE00FF5C6EF9E6E0914C74A7BF8DA265588F34D9A2549C039F47D22BD
        SHA-512:97973FB2606764A345BBC0FE067B4887C2D6EDB4D8CEE5048C952D4CAA7087E7FE68B5C92E49585D2CBB2A40DB3547D30A2C81841719050697618A1710CAA37F
        Malicious:false
        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"d2c1715d946deda6b3a12182b0fd54fb","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730407667000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"e7cb4e88235e596389c10214fa519d06","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730407667000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"fe8e7eba618bf73b390b2b6ebe17ea54","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730407667000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"e2aaec71d2e97ef74485f7b03394d10c","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730407667000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"66e1b62fb81fbe048438f12acd907a15","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730407667000},{"id":"Edit_InApp_Aug2020","info":{"dg":"5bb7c77ba8561092ecbdf3a4fbc11bb2","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):1.1884028173493522
        Encrypted:false
        SSDEEP:48:TGufl2GL7msEHUUUUUUUUI4SvR9H9vxFGiDIAEkGVvpm:lNVmswUUUUUUUUD+FGSItK
        MD5:00FB18C941E885701CDF7011AA2EF1D2
        SHA1:7FDF2E4F170EA39C0E942787181700EF70E7A469
        SHA-256:24BFFB73516432DEF883181513BE89CAD17AABECC7320DDA151BA1F4DE1B76B1
        SHA-512:4EC49B8E2B111A435466AD060F8C18FD34A31614DA5F570A8B2DF90F485286E36447FD2DC9F4A69A971D56310528DBE74EE535C515A54B4DAEAAAEA7AAF926D9
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.6068370402833323
        Encrypted:false
        SSDEEP:48:7MPKUUUUUUUUUUIavR9H9vxFGiDIAEkGVvcqFl2GL7msT:7NUUUUUUUUUUfFGSItyKVmsT
        MD5:56BC3FC57EE5BE29EDC320A90B3ECE07
        SHA1:98E684A847A5C98FF8E1A90264F878C72DD410DE
        SHA-256:16A7005B194FBE655CD2FA843D9593904F154356E71A95F32EB864C5944C3E67
        SHA-512:0F4B52C652DD2AFB820904D45C1B223166585172D8DD8BE610A23EB9C4BF74F3F5C84CE06502C8D6E0F4EDA77633D567C45D3D5BFCB7BC2F9AF0730D71C499D3
        Malicious:false
        Preview:.... .c.....3..J......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MSI77383.LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.529459928009153
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fQRqrNO0w:Qw946cPbiOxDlbYnuRKuvNOZ
        MD5:F6E8391E8027FD482D14C310EC685B1A
        SHA1:30539D5FE3A653FBB2EAA4D6C2003349A61C4FA5
        SHA-256:CF1BAAED084999263448ADF7F5BB1DF15EA5CB6BA494B23AA2EA925382A2DD42
        SHA-512:385D8DDAF86DD57CD96C1C802E6A9402A570155341C259CA575844B2BAF41FD87868EC96A55002D7FC9054546CE3431B6DBEBA3756DC401B69BFDB774AD8C5AB
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.1./.1.0./.2.0.2.4. . .1.6.:.4.7.:.4.8. .=.=.=.....

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 16-47-42-952.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.345946398610936
        Encrypted:false
        SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
        MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
        SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
        SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
        SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
        Malicious:false
        Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15114
        Entropy (8bit):5.325723190703421
        Encrypted:false
        SSDEEP:384:VWs7Ee+NPWv9Le6AbcHedbOTXQVReSW4KZXNTHNpYjKOtshXhc6BZYZYxLtNsfnZ:OO+
        MD5:C50EC65204391533E685BEDD86DEB4A3
        SHA1:9000A99BD3A35690B7F13BBDA479C9DFA0386C40
        SHA-256:3EA1A1D9F266FBCCAF0B4CEB7D411B0E8A649B5B9493FB648CBBAB4DC59C4B4B
        SHA-512:A7CDBE98C7215B65C6E397C0464BA396A2194B94D43C302735A4A67DDB6C50C1AE563780A33484DBDEEB4070BA239A9362D5D4C083ACFFA626F53C1E4D11FFCF
        Malicious:false
        Preview:SessionID=2e73ce19-33cd-445f-afb4-e18a43e71648.1730407662963 Timestamp=2024-10-31T16:47:42:963-0400 ThreadID=2800 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=2e73ce19-33cd-445f-afb4-e18a43e71648.1730407662963 Timestamp=2024-10-31T16:47:42:963-0400 ThreadID=2800 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=2e73ce19-33cd-445f-afb4-e18a43e71648.1730407662963 Timestamp=2024-10-31T16:47:42:963-0400 ThreadID=2800 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=2e73ce19-33cd-445f-afb4-e18a43e71648.1730407662963 Timestamp=2024-10-31T16:47:42:963-0400 ThreadID=2800 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=2e73ce19-33cd-445f-afb4-e18a43e71648.1730407662963 Timestamp=2024-10-31T16:47:42:963-0400 ThreadID=2800 Component=ngl-lib_NglAppLib Description="SetConf

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29752
        Entropy (8bit):5.3874427036300405
        Encrypted:false
        SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rx:N
        MD5:0EF8BD61B36425870FEA89F9B8ACD7F6
        SHA1:457426557804814C4B4AC9CCE92B32CCDE1BF168
        SHA-256:5FD085CA9E1D239D87CF0909F417E18E637535AC1576DE3A7C102AB945FAC639
        SHA-512:1D35FDA1B8703F8772D4E4E65EBFB831BE0F2845DDBFBBA43C6AD83843ED49888EB810CDD190EB839DFB79AF331D2719B26DB460366EEA7A0B0DDEFAA6BAA8EE
        Malicious:false
        Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

        C:\Users\user\AppData\Local\Temp\acrocef_low\2f9cd2a7-35f7-44fe-b321-739efdad29c1.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

        C:\Users\user\AppData\Local\Temp\acrocef_low\431dae1c-a192-4b4d-aa75-d5d4f45b2b1a.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
        MD5:18E3D04537AF72FDBEB3760B2D10C80E
        SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
        SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
        SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\5178f885-f499-4328-ad0d-14830c323f5a.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\ae20c580-6cc4-43c6-b0e2-0d2a745f5e7e.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

        Static File Info

        General

        File type:PDF document, version 1.7, 1 pages
        Entropy (8bit):7.935965831552339
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:Fawn SR.pdf
        File size:995'981 bytes
        MD5:21b8872312436e51fd92f4b352475db1
        SHA1:7d43e86b53a4e2accb4cccd2eab407e11b2fc40a
        SHA256:aec16b70aa501f232237963786262b957012796870aa51a59d86814673542ffd
        SHA512:b6bf17ac6dcbf88773742eaa3bb74f06443cabd0a63887910b8192c215ee8c05f2854f97067810496cb47a22b60051d65a339b9de4ac77739fc6e21157034821
        SSDEEP:24576:rgtWTK6zwhPqWKIcBo2TCcJIWfkYxVcAC:EWueOyWKIh2ucCW8YxVc
        TLSH:5D251289CC42F8C3E971AB6A8331B6DB476D316371E11856D6FA33CE44E0EDA629D14C
        File Content Preview:%PDF-1.7..%......1 0 obj..<</Pages 2 0 R /Type/Catalog>>..endobj..2 0 obj..<</Count 1/Kids[ 4 0 R ]/Type/Pages>>..endobj..3 0 obj..<</CreationDate(D:20241028150152)/Creator(PDFium)/Producer(PDFium)>>..endobj..4 0 obj..<</Contents 50 0 R /CropBox[ 0 0 612

        File Icon

        Icon Hash:62cc8caeb29e8ae0

        Static PDF Info

        General

        Header:%PDF-1.7
        Total Entropy:7.935966
        Total Bytes:995981
        Stream Entropy:7.996850
        Stream Bytes:939991
        Entropy outside Streams:3.476325
        Bytes outside Streams:55990
        Number of EOF found:1
        Bytes after EOF:

        Keywords Statistics

        NameCount
        obj53
        endobj53
        stream30
        endstream30
        xref1
        trailer1
        startxref1
        /Page1
        /Encrypt0
        /ObjStm0
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0

        Image Streams

        IDDHASHMD5Preview
        47000000000000000009755d9770197873a1ab1f1594663507
        480000484ccc7800443409e01641b647b772acf2152495f171

        Network Behavior

        Suricata IDS Alerts

        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
        2024-10-31T21:47:56.533357+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.449744TCP
        2024-10-31T21:48:24.793845+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.12.23.50443192.168.2.457101TCP

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Oct 31, 2024 21:47:54.493400097 CET49745443192.168.2.496.6.160.189
        Oct 31, 2024 21:47:54.493418932 CET4434974596.6.160.189192.168.2.4
        Oct 31, 2024 21:47:54.493549109 CET49745443192.168.2.496.6.160.189
        Oct 31, 2024 21:47:54.493726969 CET49745443192.168.2.496.6.160.189
        Oct 31, 2024 21:47:54.493741035 CET4434974596.6.160.189192.168.2.4
        Oct 31, 2024 21:47:55.496675014 CET4434974596.6.160.189192.168.2.4
        Oct 31, 2024 21:47:55.497227907 CET49745443192.168.2.496.6.160.189
        Oct 31, 2024 21:47:55.497248888 CET4434974596.6.160.189192.168.2.4
        Oct 31, 2024 21:47:55.498285055 CET4434974596.6.160.189192.168.2.4
        Oct 31, 2024 21:47:55.498390913 CET49745443192.168.2.496.6.160.189
        Oct 31, 2024 21:47:55.503325939 CET49745443192.168.2.496.6.160.189
        Oct 31, 2024 21:47:55.503398895 CET4434974596.6.160.189192.168.2.4
        Oct 31, 2024 21:47:55.503823042 CET49745443192.168.2.496.6.160.189
        Oct 31, 2024 21:47:55.503843069 CET4434974596.6.160.189192.168.2.4
        Oct 31, 2024 21:47:55.553256989 CET49745443192.168.2.496.6.160.189
        Oct 31, 2024 21:47:55.635107040 CET4434974596.6.160.189192.168.2.4
        Oct 31, 2024 21:47:55.635189056 CET4434974596.6.160.189192.168.2.4
        Oct 31, 2024 21:47:55.635303020 CET49745443192.168.2.496.6.160.189
        Oct 31, 2024 21:47:55.635691881 CET49745443192.168.2.496.6.160.189
        Oct 31, 2024 21:47:55.635706902 CET4434974596.6.160.189192.168.2.4

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Oct 31, 2024 21:47:54.097973108 CET5088653192.168.2.41.1.1.1
        Oct 31, 2024 21:48:22.564887047 CET5354442162.159.36.2192.168.2.4
        Oct 31, 2024 21:48:23.471101046 CET53577351.1.1.1192.168.2.4

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Oct 31, 2024 21:47:54.097973108 CET192.168.2.41.1.1.10x63a7Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Oct 31, 2024 21:47:54.106601954 CET1.1.1.1192.168.2.40x63a7No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
        Oct 31, 2024 21:47:55.397499084 CET1.1.1.1192.168.2.40x8e7No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
        Oct 31, 2024 21:47:55.397499084 CET1.1.1.1192.168.2.40x8e7No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

        HTTP Request Dependency Graph

        • armmf.adobe.com

        HTTPS Proxied Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.44974596.6.160.189443432C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        TimestampBytes transferredDirectionData
        2024-10-31 20:47:55 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
        Host: armmf.adobe.com
        Connection: keep-alive
        Accept-Language: en-US,en;q=0.9
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
        Sec-Fetch-Site: same-origin
        Sec-Fetch-Mode: no-cors
        Sec-Fetch-Dest: empty
        Accept-Encoding: gzip, deflate, br
        If-None-Match: "78-5faa31cce96da"
        If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
        2024-10-31 20:47:55 UTC198INHTTP/1.1 304 Not Modified
        Content-Type: text/plain; charset=UTF-8
        Last-Modified: Mon, 01 May 2023 15:02:33 GMT
        ETag: "78-5faa31cce96da"
        Date: Thu, 31 Oct 2024 20:47:55 GMT
        Connection: close


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:16:47:39
        Start date:31/10/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Fawn SR.pdf"
        Imagebase:0x7ff6bc1b0000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        General

        Target ID:1
        Start time:16:47:40
        Start date:31/10/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff74bb60000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        General

        Target ID:3
        Start time:16:47:40
        Start date:31/10/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1660,i,4725044180020461910,8330491623448977777,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff74bb60000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Disassembly

        No disassembly