Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ilil.pdf

Overview

General Information

Sample name:ilil.pdf
Analysis ID:1571439
MD5:671f6b1c8b3d9cc0a337d63aaa0736e7
SHA1:33e9af6ed0bcba57a0df6198dce0d53410740042
SHA256:60d6d2b2032b6e9893f15b1cfac3be3d7c1e9d39873addccb070c24ac009c2ae
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

IP address seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 4308 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ilil.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6700 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6620 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1580,i,3039298487198339448,15971892411548830346,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • rundll32.exe (PID: 7732 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • Acrobat.exe (PID: 2120 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ilil.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.41.168.139:443
Source: global trafficTCP traffic: 23.41.168.139:443 -> 192.168.2.16:49708
Source: Joe Sandbox ViewIP Address: 23.41.168.139 23.41.168.139
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownTCP traffic detected without corresponding DNS query: 23.41.168.139
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: 8e8d4412-38ed-4e67-9fe0-f02b9aa6e06e.tmp.3.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: ilil.pdfString found in binary or memory: https://www.dynaforms.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: classification engineClassification label: clean2.winPDF@18/34@3/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-09 05-37-23-305.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ilil.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1580,i,3039298487198339448,15971892411548830346,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ilil.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1580,i,3039298487198339448,15971892411548830346,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: ilil.pdfInitial sample: PDF keyword /JS count = 0
Source: ilil.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: ilil.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Rundll32		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1571439 Sample: ilil.pdf Startdate: 09/12/2024 Architecture: WINDOWS Score: 2 18 x1.i.lencr.org 2->18 7 Acrobat.exe 20 65 2->7         started        9 Acrobat.exe 41 2->9         started        11 rundll32.exe 2->11         started        process3 process4 13 AcroCEF.exe 108 7->13         started        process5 15 AcroCEF.exe 4 13->15         started        dnsIp6 20 23.41.168.139, 443, 49708 ZAYO-6461US United States 15->20

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ilil.pdf4%ReversingLabsDocument-PDF.Trojan.Heuristic

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://www.dynaforms.com0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://www.dynaforms.comilil.pdffalse
      • Avira URL Cloud: safe
      		unknown
      https://chrome.cloudflare-dns.com8e8d4412-38ed-4e67-9fe0-f02b9aa6e06e.tmp.3.drfalse
        		high
        http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D.2.drfalse
          		high

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          23.41.168.139
          		unknownUnited States
          		6461ZAYO-6461USfalse

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1571439
          Start date and time:2024-12-09 11:36:52 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 3m 43s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:24
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:ilil.pdf
          Detection:CLEAN
          Classification:clean2.winPDF@18/34@3/1
          Cookbook Comments:
          • Found application associated with file extension: .pdf

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, SearchApp.exe
          • Excluded IPs from analysis (whitelisted): 2.16.228.134, 52.6.155.20, 3.233.129.217, 3.219.243.226, 52.22.41.97, 172.64.41.3, 162.159.61.3, 199.232.210.172, 23.195.39.65, 23.32.238.49, 23.32.238.81, 2.19.198.192, 23.32.238.48
          • Excluded domains from analysis (whitelisted): www.bing.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, r.bing.com, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing behavior information.
          • VT rate limit hit for: ilil.pdf

          Simulations

          Behavior and APIs

          TimeTypeDescription
          05:37:35API Interceptor2x Sleep call for process: AcroCEF.exe modified

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          23.41.168.139qhjKN40R2Q.lnkGet hashmaliciousUnknownBrowse
            Notice_Of_New_Remittance.pdfGet hashmaliciousUnknownBrowse
              SPENDINGONDIGITALMARKETING_DIGITALMARKETINGBUDGET lnk.lnkGet hashmaliciousDucktailBrowse
                https://qrco.de/bfSzSwGet hashmaliciousUnknownBrowse
                  Experiencehub.com_Report_53158.pdfGet hashmaliciousUnknownBrowse
                    S4dd5N5VuJ.lnkGet hashmaliciousUnknownBrowse
                      [MALICIOUS]_Secured_Doc-[yBv-26104].pdfGet hashmaliciousUnknownBrowse
                        2FA Updating-2226-YZW.pdfGet hashmaliciousUnknownBrowse
                          Refrence-Order#63729.pdfGet hashmaliciousAzorultBrowse
                            Sales_Contract_Main_417053608_09.2024.pdfGet hashmaliciousUnknownBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              bg.microsoft.map.fastly.netf5ATZ1i5CU.exeGet hashmaliciousRedLine, XWormBrowse
                              • 199.232.214.172
                              https://www.drvhub.netGet hashmaliciousUnknownBrowse
                              • 199.232.210.172
                              NhoqAfkhHL.batGet hashmaliciousUnknownBrowse
                              • 199.232.214.172
                              TRANSFERENCIA COMPROBANTES.lnkGet hashmaliciousXenoRATBrowse
                              • 199.232.210.172
                              file.exeGet hashmaliciousLummaC StealerBrowse
                              • 199.232.210.172
                              file.exeGet hashmaliciousQuasarBrowse
                              • 199.232.210.172
                              file.exeGet hashmaliciousQuasarBrowse
                              • 199.232.210.172
                              file.exeGet hashmaliciousAveMaria, StormKitty, VenomRATBrowse
                              • 199.232.210.172
                              Q6OOwHYZzH.exeGet hashmaliciousDCRatBrowse
                              • 199.232.210.172
                              List of required items pdf.vbsGet hashmaliciousGuLoaderBrowse
                              • 199.232.214.172

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              ZAYO-6461USqhjKN40R2Q.lnkGet hashmaliciousUnknownBrowse
                              • 23.41.168.139
                              x86.elfGet hashmaliciousMiraiBrowse
                              • 64.124.28.232
                              xd.mpsl.elfGet hashmaliciousMiraiBrowse
                              • 207.235.146.156
                              la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                              • 207.235.252.167
                              arm.elfGet hashmaliciousMiraiBrowse
                              • 167.217.255.31
                              Notice_Of_New_Remittance.pdfGet hashmaliciousUnknownBrowse
                              • 23.41.168.139
                              akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                              • 216.200.49.64
                              nklm68k.elfGet hashmaliciousUnknownBrowse
                              • 167.217.255.62
                              powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                              • 23.35.234.222
                              mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
                              • 209.66.85.167

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):290
                              Entropy (8bit):5.236465482132218
                              Encrypted:false
                              SSDEEP:6:L2FW+q2PRN2nKuAl9OmbnIFUt8O0ubZmw+O0urVkwORN2nKuAl9OmbjLJ:H+vaHAahFUt8lub/+lurV5JHAaSJ
                              MD5:2EF58540358E4E50DAA2CEC9A2BE25EB
                              SHA1:38DE98E1C891E9E4F95D2E4E0F59878D8CBB1BEE
                              SHA-256:686E8E90194A9FD2DAD653CCDD5D25AD31CF5C5E52DB3FCCD83AB225230EA835
                              SHA-512:ACCE4FA8B1E90806984293838CDB8DF4EC78286FA998FDEBCE33C531025773B415CA1A66E09FAD0A044227E323879397E6F69B0C1EB8E7DD9FF5BBD40EB3C895
                              Malicious:false
                              Reputation:low
                              Preview:2024/12/09-05:37:21.769 1a4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/09-05:37:21.785 1a4c Recovering log #3.2024/12/09-05:37:21.785 1a4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):290
                              Entropy (8bit):5.236465482132218
                              Encrypted:false
                              SSDEEP:6:L2FW+q2PRN2nKuAl9OmbnIFUt8O0ubZmw+O0urVkwORN2nKuAl9OmbjLJ:H+vaHAahFUt8lub/+lurV5JHAaSJ
                              MD5:2EF58540358E4E50DAA2CEC9A2BE25EB
                              SHA1:38DE98E1C891E9E4F95D2E4E0F59878D8CBB1BEE
                              SHA-256:686E8E90194A9FD2DAD653CCDD5D25AD31CF5C5E52DB3FCCD83AB225230EA835
                              SHA-512:ACCE4FA8B1E90806984293838CDB8DF4EC78286FA998FDEBCE33C531025773B415CA1A66E09FAD0A044227E323879397E6F69B0C1EB8E7DD9FF5BBD40EB3C895
                              Malicious:false
                              Reputation:low
                              Preview:2024/12/09-05:37:21.769 1a4c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/09-05:37:21.785 1a4c Recovering log #3.2024/12/09-05:37:21.785 1a4c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):331
                              Entropy (8bit):5.211061573404518
                              Encrypted:false
                              SSDEEP:6:LJJwVq2PRN2nKuAl9Ombzo2jMGIFUt8OAvSgZmw+OAvSIkwORN2nKuAl9Ombzo23:deVvaHAa8uFUt8Ag/+AI5JHAa8RJ
                              MD5:CAF27E13A7AB9A0E6F21D38C59B2A62E
                              SHA1:183A3D16A649074D4D2941D83D81A266EE95C9F9
                              SHA-256:FD40FA8B53D79F74A11825BBD530BD6430084CA94F0D2DDCFAA0564FD6666990
                              SHA-512:4006DAF28BD4B8E52319CB8486B14FBD680FC4434026725B807B88FDA0EA5A7CE740D647588A6A42B1E8283065140A97AD13673086BBEAF989336AAE40A7A76A
                              Malicious:false
                              Reputation:low
                              Preview:2024/12/09-05:37:21.551 d84 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/09-05:37:21.554 d84 Recovering log #3.2024/12/09-05:37:21.554 d84 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):331
                              Entropy (8bit):5.211061573404518
                              Encrypted:false
                              SSDEEP:6:LJJwVq2PRN2nKuAl9Ombzo2jMGIFUt8OAvSgZmw+OAvSIkwORN2nKuAl9Ombzo23:deVvaHAa8uFUt8Ag/+AI5JHAa8RJ
                              MD5:CAF27E13A7AB9A0E6F21D38C59B2A62E
                              SHA1:183A3D16A649074D4D2941D83D81A266EE95C9F9
                              SHA-256:FD40FA8B53D79F74A11825BBD530BD6430084CA94F0D2DDCFAA0564FD6666990
                              SHA-512:4006DAF28BD4B8E52319CB8486B14FBD680FC4434026725B807B88FDA0EA5A7CE740D647588A6A42B1E8283065140A97AD13673086BBEAF989336AAE40A7A76A
                              Malicious:false
                              Reputation:low
                              Preview:2024/12/09-05:37:21.551 d84 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/09-05:37:21.554 d84 Recovering log #3.2024/12/09-05:37:21.554 d84 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8e8d4412-38ed-4e67-9fe0-f02b9aa6e06e.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:modified
                              Size (bytes):403
                              Entropy (8bit):4.981722110430353
                              Encrypted:false
                              SSDEEP:12:YHO8sqo5ThsBdOg2HHGAcaq3QYiubrP7E4TX:YXsHgdMHmr3QYhbz7n7
                              MD5:1C9D37DECBBBD7E7D51B915A145074A4
                              SHA1:BFCA5E48276C28F31349EC9A15FC0D070A5BD240
                              SHA-256:F76845398025C0CA42D5E6A2744F1D460834AA5DFAAF590B28C31260395EC6A9
                              SHA-512:67C5292C212D4588B44945C41ECCCC9C4E02F0E5B35BE1191B20BA7678CF016362B604B89DBE7DCF6A00A812E290E35E43FF1FEE5E9163FC2C5B87ECBA4CED48
                              Malicious:false
                              Reputation:low
                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378300653566394","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":623691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):403
                              Entropy (8bit):4.981722110430353
                              Encrypted:false
                              SSDEEP:12:YHO8sqo5ThsBdOg2HHGAcaq3QYiubrP7E4TX:YXsHgdMHmr3QYhbz7n7
                              MD5:1C9D37DECBBBD7E7D51B915A145074A4
                              SHA1:BFCA5E48276C28F31349EC9A15FC0D070A5BD240
                              SHA-256:F76845398025C0CA42D5E6A2744F1D460834AA5DFAAF590B28C31260395EC6A9
                              SHA-512:67C5292C212D4588B44945C41ECCCC9C4E02F0E5B35BE1191B20BA7678CF016362B604B89DBE7DCF6A00A812E290E35E43FF1FEE5E9163FC2C5B87ECBA4CED48
                              Malicious:false
                              Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378300653566394","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":623691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4099
                              Entropy (8bit):5.231857786740779
                              Encrypted:false
                              SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xeqcpVGCk:OLT0bTIeYa51Ogu/0OZARBT8kN88hVG/
                              MD5:111149026B5FAC95F019C53648CB6FBF
                              SHA1:6827608BD478593142E445C5F593B794FF536553
                              SHA-256:6A7B519B9C1BE2E4F342A51BD44C118E32C028650FA78DB6E0E41EC547F6BFB8
                              SHA-512:52CA1834A487F500583DBD859083EAB7A2491D6AB930049A29138A6183568782D3718491FE1C163D67230261BB314200A8EB815EAC2590F9588DC3F0FBB48978
                              Malicious:false
                              Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):319
                              Entropy (8bit):5.232443322788006
                              Encrypted:false
                              SSDEEP:6:L+6ZjwVq2PRN2nKuAl9OmbzNMxIFUt8O+gBegZmw+O+GFSIkwORN2nKuAl9OmbzE:twVvaHAa8jFUt87g/+WFSI5JHAa84J
                              MD5:A46FAD80D5AF5BB0D92D9F53BCC1FC5D
                              SHA1:6F56F754AFE4EB9979955A83DC143E1F318D2C29
                              SHA-256:CF17ABE4C36855AA98BF9929F872FC18F4DB7F44D9E3AC09898D3FA25AC8DE7C
                              SHA-512:76ED372BCF83C72B5BFE8F14D101593D3B4879138249F6F94A87A81905C3202D1D529616078B6A1A470FD29458E26B5208B2920CE8C5B466470D0D8D6188B88E
                              Malicious:false
                              Preview:2024/12/09-05:37:21.849 d84 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/09-05:37:21.850 d84 Recovering log #3.2024/12/09-05:37:21.852 d84 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):319
                              Entropy (8bit):5.232443322788006
                              Encrypted:false
                              SSDEEP:6:L+6ZjwVq2PRN2nKuAl9OmbzNMxIFUt8O+gBegZmw+O+GFSIkwORN2nKuAl9OmbzE:twVvaHAa8jFUt87g/+WFSI5JHAa84J
                              MD5:A46FAD80D5AF5BB0D92D9F53BCC1FC5D
                              SHA1:6F56F754AFE4EB9979955A83DC143E1F318D2C29
                              SHA-256:CF17ABE4C36855AA98BF9929F872FC18F4DB7F44D9E3AC09898D3FA25AC8DE7C
                              SHA-512:76ED372BCF83C72B5BFE8F14D101593D3B4879138249F6F94A87A81905C3202D1D529616078B6A1A470FD29458E26B5208B2920CE8C5B466470D0D8D6188B88E
                              Malicious:false
                              Preview:2024/12/09-05:37:21.849 d84 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/09-05:37:21.850 d84 Recovering log #3.2024/12/09-05:37:21.852 d84 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241209103725Z-160.bmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PC bitmap, Windows 3.x format, 119 x -152 x 32, cbSize 72406, bits offset 54
                              Category:dropped
                              Size (bytes):72406
                              Entropy (8bit):0.08512285737187829
                              Encrypted:false
                              SSDEEP:12:zstOmRat3at1xaXRatbat3alafFCa1jadaERaeaQRamRaob:zsF8tqtDht+tqAPsYE8FQRlRP
                              MD5:73B7997FBA14F7ECFBC43AC5A4F9D9EA
                              SHA1:38C7A578ED23B7C2B66CDD991809D2E7D0E46240
                              SHA-256:E25132C776014E17A715FCF4F7EE4720AA832F368666257FDB89E93D02AB285F
                              SHA-512:93C586A26A8D49138C3F06829C7494E7F51E8235CDF348D43CDBA179B6B7E295784729C92767E9214E02AEC0D4BFBDAEED124E9FE0D53272B637C3DBB43F6AD0
                              Malicious:false
                              Preview:BM........6...(...w...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                              Category:dropped
                              Size (bytes):57344
                              Entropy (8bit):3.291927920232006
                              Encrypted:false
                              SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
                              MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                              SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                              SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                              SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):16928
                              Entropy (8bit):1.2156026576960024
                              Encrypted:false
                              SSDEEP:24:7+twvqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+ZC:7MQqLmFTIF3XmHjBoGGR+jMz+LhL7
                              MD5:E5866FB8D1798B11F255F815D0D48CB0
                              SHA1:DAC6582C228A3DCB34CDAFE9E6A4988E86F94884
                              SHA-256:9F4662B94E73BD9E9EB6FB8D435ED3B67A60654378D7EB8EE1FCAA3C5A4A746B
                              SHA-512:8EB23A276BC79232518056A99C0291374DC30B23D5F71D68C83C076EBE6955C94A1485C286BBD535CCBFF7A551D847CFBC2E85EEDFBABF56DD9957F663572F76
                              Malicious:false
                              Preview:.... .c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:Certificate, Version=3
                              Category:dropped
                              Size (bytes):1391
                              Entropy (8bit):7.705940075877404
                              Encrypted:false
                              SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                              MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                              SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                              SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                              SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                              Malicious:false
                              Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                              Category:dropped
                              Size (bytes):71954
                              Entropy (8bit):7.996617769952133
                              Encrypted:true
                              SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                              MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                              SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                              SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                              SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                              Malicious:false
                              Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):192
                              Entropy (8bit):2.7529698674325394
                              Encrypted:false
                              SSDEEP:3:kkFklhJuzbNllltfllXlE/HT8kqt1NNX8RolJuRdxLlGB9lQRYwpDdt:kKhzbNllleT8x7NMa8RdWBwRd
                              MD5:95E9862C20B9A6170B979ED2E2DF1A81
                              SHA1:86D8E375427CF982361CA87F690B03B06B01AA6D
                              SHA-256:2C2AC1619F47C025577C3728E8F709D674B11223448E9AEE306115DADBEAD117
                              SHA-512:883443109F2CCCF85B50EE567048D3BEF38E4C2F5798F82358DF13AB6EA91E51A0F39FF4F603FA9019D657C27CF30ADE11A430D6E6A59EAD71EA4B4873ABC282
                              Malicious:false
                              Preview:p...... .........c\&J..(....................................................... ..........W....O...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                              C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:data
                              Category:modified
                              Size (bytes):328
                              Entropy (8bit):3.2352707042963518
                              Encrypted:false
                              SSDEEP:6:kK12LllL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:skDImsLNkPlE99SNxAhUe/3
                              MD5:6530EEC2B7A8ED0B12A5C4E42CC3D484
                              SHA1:0AE15976C521B41FF881A820DA29AD7011959D35
                              SHA-256:F317DC5F60EA27CD156067CE6D592497499973EBBDC61D97E157CA1E37018AD8
                              SHA-512:20BE3117D42B02790C992E05D8A7ABC1A22B7A65411B073B5707CE9987579B1DFF218951C54DB65E19D0F8D8718B4310A9AE176C9EF7D59DAAD671A90A596B54
                              Malicious:false
                              Preview:p...... .........f6o&J..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):1233
                              Entropy (8bit):5.233980037532449
                              Encrypted:false
                              SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                              MD5:8BA9D8BEBA42C23A5DB405994B54903F
                              SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                              SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                              SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                              Malicious:false
                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6244

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):1233
                              Entropy (8bit):5.233980037532449
                              Encrypted:false
                              SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                              MD5:8BA9D8BEBA42C23A5DB405994B54903F
                              SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                              SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                              SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                              Malicious:false
                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):1233
                              Entropy (8bit):5.233980037532449
                              Encrypted:false
                              SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                              MD5:8BA9D8BEBA42C23A5DB405994B54903F
                              SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                              SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                              SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                              Malicious:false
                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):10880
                              Entropy (8bit):5.214360287289079
                              Encrypted:false
                              SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                              MD5:B60EE534029885BD6DECA42D1263BDC0
                              SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                              SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                              SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                              Malicious:false
                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6244

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:PostScript document text
                              Category:dropped
                              Size (bytes):10880
                              Entropy (8bit):5.214360287289079
                              Encrypted:false
                              SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                              MD5:B60EE534029885BD6DECA42D1263BDC0
                              SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                              SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                              SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                              Malicious:false
                              Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):4
                              Entropy (8bit):0.8112781244591328
                              Encrypted:false
                              SSDEEP:3:e:e
                              MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                              SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                              SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                              SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                              Malicious:false
                              Preview:....

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):2145
                              Entropy (8bit):5.08238517098719
                              Encrypted:false
                              SSDEEP:48:YcAiESAuYCjWbj2CjxjZ4oijxi+0jPjrVbjBgajF:pDWP2ERaTx3y7BPBgMF
                              MD5:4F45FA0FB4DF114E59A94E32F2292B75
                              SHA1:7BD15EEA26583832E000CBDA43EC6F9056EE27B0
                              SHA-256:6EC1F4948B9E7E9EFD603A8C0704642BB9C65CE9D7816B949E55FA565E51BD68
                              SHA-512:823601601F11395E93E24E4F8CFF217FFD965810EDDEADBC8381F633A777FC702F73C25D16F2FEAFD3A214164C92B6CFC56CF1E92D8685FF673A3F8628C601D8
                              Malicious:false
                              Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1733740644000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f44756c6e08822e64c0e471a2499e34d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696585148000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e8f53b6740aba22a83a1a569cebedbcc","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696585148000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"cc1faa6a0c714f2f0c497731f1772fa2","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696585143000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ab062dea95f25ef019cc2f5f5f0121d4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696583346000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"65580efad4bc88b91040ff50d71bfae9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696583346000},{"id":"DC_Reader_Edit_LHP_Banner"

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                              Category:dropped
                              Size (bytes):12288
                              Entropy (8bit):0.9863212783995554
                              Encrypted:false
                              SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6Qe3uWRnIcLESiAiefuWRnF:TVl2GL7ms67YXtrAcI8h
                              MD5:442D5228ADCFB0DDBA29B45F7A909187
                              SHA1:9073EF5B68BCDC96FBD0A10DF238DA9EE4D5BAC4
                              SHA-256:F776A12C2FAB0F973DF5906A28197C0DC69601E252A229F954B9B8C775DD23E9
                              SHA-512:0EC745B2B73A557DE2E6FAD0FE3E3F13E0F4D22210814B1DD47BD4682C13B350C03747F6A1B28FFA1320044F87C2F57ECE9E8F346FF9F3DA3EA754D3CE68C718
                              Malicious:false
                              Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:SQLite Rollback Journal
                              Category:dropped
                              Size (bytes):8720
                              Entropy (8bit):1.3436670276161256
                              Encrypted:false
                              SSDEEP:24:7+trASY9QmQ6Qe3uWRn7cLESiAi0mY9QiqLBx/XYKQvGJF7ursCn:7MrlYXtrjcI8KYTqll2GL7msC
                              MD5:3BDA5702896B39F05887445EF71916C6
                              SHA1:823825E5FC3A1467A03FDA1F81E411C9A23C4D21
                              SHA-256:0C8D6407ED216A53EDD4FD7DDF6BAA98125F8CCB12C7C7D70379EF80B6EDEA7E
                              SHA-512:DA29783BDC668205CCD51D472CFE0EEFDB5FA36FF4862B1840EE0CD864B573219DF919614CB52A9CCEE6075CAF20E5030E13CE150F4C36B5DC05143E9F9F63D6
                              Malicious:false
                              Preview:.... .c.......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):66726
                              Entropy (8bit):5.392739213842091
                              Encrypted:false
                              SSDEEP:768:RNOpblrU6TBH44ADKZEg62+3L71cV2RQ/XfkwaHrRjyQpWYyu:6a6TZ44ADEiL7+WQXkwnQpWK
                              MD5:D7A4019CD7230E650F2FDB015F0C3E6C
                              SHA1:3DBF9D7CB407240D9F13F9A0A39366AE70CDBF58
                              SHA-256:18A74418A728B1F1FA1853A990BDFF6846113458E9346A4AAC044D58FBAE985B
                              SHA-512:DB2CCA877B3EDE3C394022AB7B6A6769EF5F71D70B374C4B7F6416F7AF19EE4D28A9067889D99AFEB65DAC2EB5DFEDE840269B21139D7A2E1A3C1533E11E68ED
                              Malicious:false
                              Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                              C:\Users\user\AppData\Local\Temp\MSI3b179.LOG

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):246
                              Entropy (8bit):3.537590009309966
                              Encrypted:false
                              SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K88hlAmfWG:Qw946cPbiOxDlbYnuRKrLWG
                              MD5:6FFA12D6F78137BCB18A79E25FD7E89B
                              SHA1:EE42FB5158BC20CB82A6130539D5A199E125A4EB
                              SHA-256:8B2103F59320E5029FC0E30B03DB81B49608395F0D0FAF96CA91A8589152DE5D
                              SHA-512:BFD13D9F9992B8BDCC27DC54D4DE3895148DCA176C7FBA8110E905CAD1159B281B0604EB11E08D910764B57E64448AA878451B013DD97BF0B613BF7F6B68331A
                              Malicious:false
                              Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.9./.1.2./.2.0.2.4. . .0.5.:.3.7.:.2.8. .=.=.=.....

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-09 05-37-23-305.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with very long lines (393)
                              Category:dropped
                              Size (bytes):16525
                              Entropy (8bit):5.353642815103214
                              Encrypted:false
                              SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
                              MD5:91F06491552FC977E9E8AF47786EE7C1
                              SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                              SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                              SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                              Malicious:false
                              Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with very long lines (393), with CRLF line terminators
                              Category:dropped
                              Size (bytes):15114
                              Entropy (8bit):5.367123027427185
                              Encrypted:false
                              SSDEEP:384:6tXgOIHnM/WcUr+HjN5QmcBAMX2zOvjxBSkImqmDWsVZVL4gYYrZVuFujyvJ2hIc:H971
                              MD5:8CED67F9983D223166C8CFB6955F7BAF
                              SHA1:4C2587EEE2A6FC32D576FE7BE9B9629B2DEDFEC6
                              SHA-256:FDC7738503B1AD91A7E7B56CA66CB38E7F465DDC9C60DBF09EF6DE4C6E427FC1
                              SHA-512:79BD9398B16127A9FDB5A1A826C07CC6F1084591221505C6502AC3038333876969DEB260DACD7E14F2EA4478ADB8922BE307B62A1DA0E28AB11B74EF8DC43223
                              Malicious:false
                              Preview:SessionID=23c6bbcb-6bf8-4f7f-981c-c33ee4ca18b1.1733740643316 Timestamp=2024-12-09T05:37:23:316-0500 ThreadID=5476 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=23c6bbcb-6bf8-4f7f-981c-c33ee4ca18b1.1733740643316 Timestamp=2024-12-09T05:37:23:318-0500 ThreadID=5476 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=23c6bbcb-6bf8-4f7f-981c-c33ee4ca18b1.1733740643316 Timestamp=2024-12-09T05:37:23:318-0500 ThreadID=5476 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=23c6bbcb-6bf8-4f7f-981c-c33ee4ca18b1.1733740643316 Timestamp=2024-12-09T05:37:23:318-0500 ThreadID=5476 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=23c6bbcb-6bf8-4f7f-981c-c33ee4ca18b1.1733740643316 Timestamp=2024-12-09T05:37:23:319-0500 ThreadID=5476 Component=ngl-lib_NglAppLib Description="SetConf

                              C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):29752
                              Entropy (8bit):5.423714901544538
                              Encrypted:false
                              SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbQ1kcbMPIyIcbI2J:fhWlA/TVd1qwym2J
                              MD5:1F145363C089164C2F305FA8D53190E8
                              SHA1:AF7318B04B06EE6B68D125E02489CB97FB8D9A1E
                              SHA-256:5105E884A83568C588D6DC363FCC9C1E267F40FFA2393C4DDAD63847A1322201
                              SHA-512:79F79FDC2356D9C66D8DEA2008515C46C0D0F4B2BCCD3E9445996EADAFDB5DA90B1AAC9D032BC7233741B03C733E763A6B6E8A75D9B5A3E3CEA2353A699298CA
                              Malicious:false
                              Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                              C:\Users\user\AppData\Local\Temp\acrocef_low\5c710295-7264-4387-8c8b-672f2598ddd0.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                              Category:dropped
                              Size (bytes):1419751
                              Entropy (8bit):7.976496077007677
                              Encrypted:false
                              SSDEEP:24576:/xA7ouWLgGZtwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLgGZtwZGk3mlind9i4ufFXpAXkru
                              MD5:A8E5C37206C98D1B655FF994A420FFB6
                              SHA1:827237782AB5971EC205C3BCECCC7950BE9F84C3
                              SHA-256:F1F755059AF7C2CBC36920337941AEFB18FBDB3CD14D3239CBBBCF0CB8F208EA
                              SHA-512:12DE33EB7624458AEC44D83D4E2C09E626F8E54E177FC0C26EEBA232935F34FAAAEB71FBB025EB7C53BEA9933C46ADCE759C32516D1B80C03B6734C61D61CEB2
                              Malicious:false
                              Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                              C:\Users\user\AppData\Local\Temp\acrocef_low\a9fb6f48-4180-4fa6-a12f-74ee2d89f6d2.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                              Category:dropped
                              Size (bytes):758601
                              Entropy (8bit):7.98639316555857
                              Encrypted:false
                              SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                              MD5:3A49135134665364308390AC398006F1
                              SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                              SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                              SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                              Malicious:false
                              Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                              C:\Users\user\AppData\Local\Temp\acrocef_low\de753ac0-f3a2-4e46-9eb3-7bc6d3902501.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                              Category:dropped
                              Size (bytes):1407294
                              Entropy (8bit):7.97605879016224
                              Encrypted:false
                              SSDEEP:24576:GqA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:5VB3mlind9i4ufFXpAXkrfUs03WLaGZw
                              MD5:408F8BA5ED5014C1E10FA19D75C944A6
                              SHA1:87595F69D692B4D785AAFAD71394426879C7980F
                              SHA-256:FFFE47EBC7E157F63F4BE40AC0B2DCD73A5DCDF57B9D03FEA3EB99212A7EC16F
                              SHA-512:01B286CA276C6B4302AC6ABA30466CE2048F6AC7FA5ACD7DCA375541C91339CEE94377B783A3A7710D10C315CA062CAE79DD2A073406D1C3C76AC4787DA5A793
                              Malicious:false
                              Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

                              C:\Users\user\AppData\Local\Temp\acrocef_low\fd4e662d-86af-4ea9-91e9-4274f0de556d.tmp

                              Download File
                              Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                              Category:dropped
                              Size (bytes):386528
                              Entropy (8bit):7.9736851559892425
                              Encrypted:false
                              SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                              MD5:5C48B0AD2FEF800949466AE872E1F1E2
                              SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                              SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                              SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                              Malicious:false
                              Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                              Static File Info

                              General

                              File type:PDF document, version 1.6 (zip deflate encoded)
                              Entropy (8bit):7.820144132831358
                              TrID:
                              • Adobe Portable Document Format (5005/1) 100.00%
                              File name:ilil.pdf
                              File size:152'772 bytes
                              MD5:671f6b1c8b3d9cc0a337d63aaa0736e7
                              SHA1:33e9af6ed0bcba57a0df6198dce0d53410740042
                              SHA256:60d6d2b2032b6e9893f15b1cfac3be3d7c1e9d39873addccb070c24ac009c2ae
                              SHA512:93c310343bc29f9fcf9350987096ea1d1a7c77c40e5e6b0e67b091682e9963d47ece57e94ccbc698c264e920ecb72f6f640a2a495ae8421b8e36f6935773ffcc
                              SSDEEP:3072:9Jp/QzgaPJ2FHnf4WrVvlB+zcX7VlyNBpW+55/dPuwC/4vc2FYPXrhDk:laJ2FHwW/B+z6VczpJbur/Qc2FA1A
                              TLSH:C4E312A4C7865DE0FF8678B4C3015B79EA29894E5941BBD1428E0D23860BCF7F3D1E69
                              File Content Preview:%PDF-1.6.%......2 0 obj.<</Type/XObject/Subtype/Form/BBox[0 0 630 802.08002]/Resources<</XObject<</TLtHjENMgp 3 0 R>>>>/Filter/FlateDecode/Length 79>>stream..x.+.2T0.B.......S......^.......O.2.P0.314V02P07.366V(J.J.2...A.&.`.....9B..2@...endstream..endobj

                              File Icon

                              Icon Hash:62cc8caeb29e8ae0

                              Static PDF Info

                              General

                              Header:%PDF-1.6
                              Total Entropy:7.820144
                              Total Bytes:152772
                              Stream Entropy:7.817628
                              Stream Bytes:150792
                              Entropy outside Streams:5.329407
                              Bytes outside Streams:1980
                              Number of EOF found:1
                              Bytes after EOF:

                              Keywords Statistics

                              NameCount
                              obj16
                              endobj16
                              stream15
                              endstream15
                              xref0
                              trailer0
                              startxref1
                              /Page0
                              /Encrypt0
                              /ObjStm1
                              /URI0
                              /JS0
                              /JavaScript0
                              /AA0
                              /OpenAction0
                              /AcroForm0
                              /JBIG2Decode0
                              /RichMedia0
                              /Launch0
                              /EmbeddedFile0

                              Image Streams

                              IDDHASHMD5Preview
                              170000000000000000d4e1a967557f7d21399b655ad250a36f
                              18181840880002010b80de75b5a496cb0e1538a227d32e54d5

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Dec 9, 2024 11:37:34.242294073 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:34.242336988 CET4434970823.41.168.139192.168.2.16
                              Dec 9, 2024 11:37:34.242444992 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:34.242616892 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:34.242630005 CET4434970823.41.168.139192.168.2.16
                              Dec 9, 2024 11:37:35.454533100 CET4434970823.41.168.139192.168.2.16
                              Dec 9, 2024 11:37:35.458592892 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:35.458610058 CET4434970823.41.168.139192.168.2.16
                              Dec 9, 2024 11:37:35.459772110 CET4434970823.41.168.139192.168.2.16
                              Dec 9, 2024 11:37:35.459891081 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:35.483046055 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:35.483243942 CET4434970823.41.168.139192.168.2.16
                              Dec 9, 2024 11:37:35.483259916 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:35.523334026 CET4434970823.41.168.139192.168.2.16
                              Dec 9, 2024 11:37:35.534334898 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:35.534344912 CET4434970823.41.168.139192.168.2.16
                              Dec 9, 2024 11:37:35.581468105 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:35.984504938 CET4434970823.41.168.139192.168.2.16
                              Dec 9, 2024 11:37:35.984590054 CET4434970823.41.168.139192.168.2.16
                              Dec 9, 2024 11:37:35.985913992 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:35.986316919 CET49708443192.168.2.1623.41.168.139
                              Dec 9, 2024 11:37:35.986331940 CET4434970823.41.168.139192.168.2.16

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Dec 9, 2024 11:37:34.611051083 CET4991753192.168.2.161.1.1.1
                              Dec 9, 2024 11:37:47.638073921 CET6317453192.168.2.161.1.1.1
                              Dec 9, 2024 11:37:59.940013885 CET5285553192.168.2.161.1.1.1

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Dec 9, 2024 11:37:34.611051083 CET192.168.2.161.1.1.10x62d5Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                              Dec 9, 2024 11:37:47.638073921 CET192.168.2.161.1.1.10x135dStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                              Dec 9, 2024 11:37:59.940013885 CET192.168.2.161.1.1.10xcaa4Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Dec 9, 2024 11:37:28.693439960 CET1.1.1.1192.168.2.160xb0c9No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                              Dec 9, 2024 11:37:28.693439960 CET1.1.1.1192.168.2.160xb0c9No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                              Dec 9, 2024 11:37:34.752720118 CET1.1.1.1192.168.2.160x62d5No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                              Dec 9, 2024 11:37:47.869621992 CET1.1.1.1192.168.2.160x135dNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                              Dec 9, 2024 11:38:00.079142094 CET1.1.1.1192.168.2.160xcaa4No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • armmf.adobe.com

                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.164970823.41.168.1394436620C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              TimestampBytes transferredDirectionData
                              2024-12-09 10:37:35 UTC390OUTGET /onboarding/smskillreader.txt HTTP/1.1
                              Host: armmf.adobe.com
                              Connection: keep-alive
                              Accept-Language: en-US,en;q=0.9
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                              Sec-Fetch-Site: same-origin
                              Sec-Fetch-Mode: no-cors
                              Sec-Fetch-Dest: empty
                              Accept-Encoding: gzip, deflate, br
                              2024-12-09 10:37:35 UTC247INHTTP/1.1 200 OK
                              Server: Apache
                              Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                              ETag: "78-5faa31cce96da"
                              Accept-Ranges: bytes
                              Content-Length: 120
                              Content-Type: text/plain; charset=UTF-8
                              Date: Mon, 09 Dec 2024 10:37:35 GMT
                              Connection: close
                              2024-12-09 10:37:35 UTC120INData Raw: 46 69 6c 65 20 74 68 61 74 20 61 63 74 73 20 6c 69 6b 65 20 61 20 4b 69 6c 6c 20 73 77 69 74 63 68 20 66 6f 72 20 53 4d 53 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 69 6e 20 52 65 61 64 65 72 2e 20 44 65 6c 65 74 65 20 74 68 69 73 20 66 69 6c 65 20 74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 6b 69 6c 6c 20 73 77 69 74 63 68 20 69 6e 20 52 65 61 64 65 72 2e
                              Data Ascii: File that acts like a Kill switch for SMS functionality in Reader. Delete this file to enable the kill switch in Reader.


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:05:37:19
                              Start date:09/12/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ilil.pdf"
                              Imagebase:0x7ff7ea840000
                              File size:5'641'176 bytes
                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:2
                              Start time:05:37:20
                              Start date:09/12/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                              Imagebase:0x7ff66e140000
                              File size:3'581'912 bytes
                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:3
                              Start time:05:37:21
                              Start date:09/12/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2268 --field-trial-handle=1580,i,3039298487198339448,15971892411548830346,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                              Imagebase:0x7ff66e140000
                              File size:3'581'912 bytes
                              MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              General

                              Target ID:14
                              Start time:05:38:17
                              Start date:09/12/2024
                              Path:C:\Windows\System32\rundll32.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                              Imagebase:0x7ff6e3690000
                              File size:71'680 bytes
                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:23
                              Start time:05:39:00
                              Start date:09/12/2024
                              Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\ilil.pdf"
                              Imagebase:0x7ff7ea840000
                              File size:5'641'176 bytes
                              MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              Disassembly

                              No disassembly