Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1741A0218-101424-Travelers-10142024.pdf

Overview

General Information

Sample name:1741A0218-101424-Travelers-10142024.pdf
Analysis ID:1541278
MD5:27cd98ccdd6d510d09efda0b46944253
SHA1:b40fc2ed52c4240e10ba98c9363106d7844b9bb2
SHA256:a61832c8e180ad5beef062065840b0991af8eca459723831272eba65315f1a7b
Infos:

Detection

Score:20
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected landing page (webpage, office document or email)
Potential document exploit detected (performs DNS queries)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6312 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\1741A0218-101424-Travelers-10142024.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6844 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2176 --field-trial-handle=1740,i,14463368390117274462,13698455103500201006,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: sus20.winPDF@14/47@1/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6580Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 10-48-06-926.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\1741A0218-101424-Travelers-10142024.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2176 --field-trial-handle=1740,i,14463368390117274462,13698455103500201006,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2176 --field-trial-handle=1740,i,14463368390117274462,13698455103500201006,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 1741A0218-101424-Travelers-10142024.pdfInitial sample: PDF keyword /JS count = 0
Source: 1741A0218-101424-Travelers-10142024.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 1741A0218-101424-Travelers-10142024.pdfInitial sample: PDF keyword /EmbeddedFile count = 0

Persistence and Installation Behavior

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentLLM: PDF document contains QR code
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541278 Sample: 1741A0218-101424-Travelers-... Startdate: 24/10/2024 Architecture: WINDOWS Score: 20 14 x1.i.lencr.org 2->14 16 AI detected landing page (webpage, office document or email) 2->16 8 Acrobat.exe 20 72 2->8         started        signatures3 process4 process5 10 AcroCEF.exe 107 8->10         started        process6 12 AcroCEF.exe 2 10->12         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1541278
    Start date and time:2024-10-24 16:47:07 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 2s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowspdfcookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:10
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:1741A0218-101424-Travelers-10142024.pdf
    Detection:SUS
    Classification:sus20.winPDF@14/47@1/0
    Cookbook Comments:
    • Found application associated with file extension: .pdf
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 104.124.11.43, 104.124.11.64, 52.202.204.11, 54.227.187.23, 23.22.254.206, 52.5.13.197, 162.159.61.3, 172.64.41.3, 2.23.197.184, 88.221.168.141, 93.184.221.240, 2.19.126.149, 2.19.126.143
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com, wu.azureedge.net, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, geo2.adobe.com
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: 1741A0218-101424-Travelers-10142024.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    10:48:17API Interceptor2x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.141145274629273
    Encrypted:false
    SSDEEP:6:+Xf4cXM+q2Pwkn2nKuAl9OmbnIFUt8tXf4kZZmw+tXf4kMMVkwOwkn2nKuAl9Omt:CrM+vYfHAahFUt8R1/+RQMV5JfHAaSJ
    MD5:568EDA75C119CD6F9559474958E1C9C4
    SHA1:A9CA9452D66668EE714C5AFFF7D3EED58929F58D
    SHA-256:C3A4FBB50C8B8E495C19A4173FE077C6A3F4CFD5B6A734AEF2C9D623535EE833
    SHA-512:959DB4F1BEF43F71428E5661ACA261FA29EFC8B85BEAC4E35A7BABB9AFC063F2FEEEC241AE03E90E13A499981FF631B513FF0E5902F5B4D7A472417A6543FC57
    Malicious:false
    Reputation:low
    Preview:2024/10/24-10:48:04.431 f8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/24-10:48:04.434 f8c Recovering log #3.2024/10/24-10:48:04.434 f8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.141145274629273
    Encrypted:false
    SSDEEP:6:+Xf4cXM+q2Pwkn2nKuAl9OmbnIFUt8tXf4kZZmw+tXf4kMMVkwOwkn2nKuAl9Omt:CrM+vYfHAahFUt8R1/+RQMV5JfHAaSJ
    MD5:568EDA75C119CD6F9559474958E1C9C4
    SHA1:A9CA9452D66668EE714C5AFFF7D3EED58929F58D
    SHA-256:C3A4FBB50C8B8E495C19A4173FE077C6A3F4CFD5B6A734AEF2C9D623535EE833
    SHA-512:959DB4F1BEF43F71428E5661ACA261FA29EFC8B85BEAC4E35A7BABB9AFC063F2FEEEC241AE03E90E13A499981FF631B513FF0E5902F5B4D7A472417A6543FC57
    Malicious:false
    Reputation:low
    Preview:2024/10/24-10:48:04.431 f8c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/24-10:48:04.434 f8c Recovering log #3.2024/10/24-10:48:04.434 f8c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):336
    Entropy (8bit):5.114134007795766
    Encrypted:false
    SSDEEP:6:+Xf8cq2Pwkn2nKuAl9Ombzo2jMGIFUt8tXf8Y9Zmw+tXf8YPkwOwkn2nKuAl9OmT:CnvYfHAa8uFUt8RT/+RJ5JfHAa8RJ
    MD5:F351D37DAD4DC1D934D41CF9BA05BA36
    SHA1:342C1DE39006930A90478D6D70A3B5E2BE15FD0A
    SHA-256:00BD413507038D3AAC687A6D9E79110F46DD5CF5202964C64E1EC2F118A28D94
    SHA-512:0F377E0E16B5754D90D33FCD6255AAFEE0B28F8EE94B1866E9EEFBB235BA1AF74C01CC8C8D0E8FCE578189F5B48C6FBC7585CA7E8FEACC42B5B676277414F419
    Malicious:false
    Reputation:low
    Preview:2024/10/24-10:48:04.471 1b04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/24-10:48:04.472 1b04 Recovering log #3.2024/10/24-10:48:04.472 1b04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):336
    Entropy (8bit):5.114134007795766
    Encrypted:false
    SSDEEP:6:+Xf8cq2Pwkn2nKuAl9Ombzo2jMGIFUt8tXf8Y9Zmw+tXf8YPkwOwkn2nKuAl9OmT:CnvYfHAa8uFUt8RT/+RJ5JfHAa8RJ
    MD5:F351D37DAD4DC1D934D41CF9BA05BA36
    SHA1:342C1DE39006930A90478D6D70A3B5E2BE15FD0A
    SHA-256:00BD413507038D3AAC687A6D9E79110F46DD5CF5202964C64E1EC2F118A28D94
    SHA-512:0F377E0E16B5754D90D33FCD6255AAFEE0B28F8EE94B1866E9EEFBB235BA1AF74C01CC8C8D0E8FCE578189F5B48C6FBC7585CA7E8FEACC42B5B676277414F419
    Malicious:false
    Reputation:low
    Preview:2024/10/24-10:48:04.471 1b04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/24-10:48:04.472 1b04 Recovering log #3.2024/10/24-10:48:04.472 1b04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):475
    Entropy (8bit):4.9634035746652865
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqU+JksBdOg2HpeXcaq3QYiubInP7E4T3y:Y2sRdspgJdMHpt3QYhbG7nby
    MD5:4E9F37F7E0EFC556D9348BC0710A3F5D
    SHA1:BBF1F812C8550ADB33D3E6C1D038C1613C808AE7
    SHA-256:7B4B108DBABA60256A25E5B1CE0EA0887541432B15C72B7609620E8F05AA40EF
    SHA-512:D8D32E07E13AB6EB4CAA65EB8D47412BBFBE06E619F30E880650ADBE8B7D5E31F82946436A52924D8456E780EC7931296340BC77ADECA12E36829635A6537576
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374341291180889","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":238966},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b3672a8e-00f0-499b-b1c3-4ad577217a0f.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):475
    Entropy (8bit):4.9634035746652865
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqU+JksBdOg2HpeXcaq3QYiubInP7E4T3y:Y2sRdspgJdMHpt3QYhbG7nby
    MD5:4E9F37F7E0EFC556D9348BC0710A3F5D
    SHA1:BBF1F812C8550ADB33D3E6C1D038C1613C808AE7
    SHA-256:7B4B108DBABA60256A25E5B1CE0EA0887541432B15C72B7609620E8F05AA40EF
    SHA-512:D8D32E07E13AB6EB4CAA65EB8D47412BBFBE06E619F30E880650ADBE8B7D5E31F82946436A52924D8456E780EC7931296340BC77ADECA12E36829635A6537576
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374341291180889","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":238966},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4730
    Entropy (8bit):5.258519885511592
    Encrypted:false
    SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo78HFIH5Z:etJCV4FiN/jTN/2r8Mta02fEhgO73go1
    MD5:51555FFF0142E3B1E202FC4FDCFDC3B2
    SHA1:3BB5D12C9DA558E590F22C2B0C47A063867860CB
    SHA-256:0C32BE10791F6BF8178D6E61D6C3F58B9CABBE1D1989CA48355A716EF56ECD1D
    SHA-512:FA6688872A7CD0C4B0FD66DB29A0812907B2D31BEFB287420BFA585A5334D4139004A6934D6D28711BD57443A99D725087753E32A1B3C022190FEB483986BC58
    Malicious:false
    Reputation:low
    Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):324
    Entropy (8bit):5.184961306041556
    Encrypted:false
    SSDEEP:6:+Xfaoq2Pwkn2nKuAl9OmbzNMxIFUt8tXf+RXZmw+tXfshkwOwkn2nKuAl9OmbzNq:C5vYfHAa8jFUt8R2RX/+R85JfHAa84J
    MD5:CA1A20E7644E0085B186F4A5763CA533
    SHA1:92F8FD5648B2B6733089406FF0E79C40F44812EB
    SHA-256:450B82AF2C29C05BD3EAA7D70DA4C95647827C72CF220498720609B3ABA7B403
    SHA-512:5342C5A5A931D9BBA7214AFC6090A91275F6181F948DA4CE12E3E0E2EBBFE4532DC4BD033522F16ECA8BC88F09EE5995A0F50B08E4B5051E7F0FB5D013768830
    Malicious:false
    Reputation:low
    Preview:2024/10/24-10:48:05.685 1b04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/24-10:48:05.690 1b04 Recovering log #3.2024/10/24-10:48:05.692 1b04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):324
    Entropy (8bit):5.184961306041556
    Encrypted:false
    SSDEEP:6:+Xfaoq2Pwkn2nKuAl9OmbzNMxIFUt8tXf+RXZmw+tXfshkwOwkn2nKuAl9OmbzNq:C5vYfHAa8jFUt8R2RX/+R85JfHAa84J
    MD5:CA1A20E7644E0085B186F4A5763CA533
    SHA1:92F8FD5648B2B6733089406FF0E79C40F44812EB
    SHA-256:450B82AF2C29C05BD3EAA7D70DA4C95647827C72CF220498720609B3ABA7B403
    SHA-512:5342C5A5A931D9BBA7214AFC6090A91275F6181F948DA4CE12E3E0E2EBBFE4532DC4BD033522F16ECA8BC88F09EE5995A0F50B08E4B5051E7F0FB5D013768830
    Malicious:false
    Reputation:low
    Preview:2024/10/24-10:48:05.685 1b04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/24-10:48:05.690 1b04 Recovering log #3.2024/10/24-10:48:05.692 1b04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241024144808Z-158.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
    Category:dropped
    Size (bytes):71190
    Entropy (8bit):0.897031021041428
    Encrypted:false
    SSDEEP:192:bJeZlf8QFMlK4tw8aW5v3bwRqrjz68+O/:bJeUQelK58dbqu68+e
    MD5:8B80716633B88A28960038591E181E6B
    SHA1:A82DBB2AA944F98DFC71512C14E8EE8B5074A310
    SHA-256:F45C7C133AFBC549C2A7B540C125A06C6BAF6076A63FE59B8133DE39DBFA6993
    SHA-512:9BF1A37FA89C56955430A07F64D74FDBC7DEE9799E6332F3AB96C4ED6BD55DF6F2073372F1F49484D790B1311081EE1E959C47F9419E32806E2C8CA53750857B
    Malicious:false
    Preview:BM........6...(...u...h..... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................}}}...................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
    Category:dropped
    Size (bytes):86016
    Entropy (8bit):4.445169169811077
    Encrypted:false
    SSDEEP:384:yezci5t+iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rRs3OazzU89UTTgUL
    MD5:BB77FB76F2B66469759C7CFB03E18670
    SHA1:53FAA229025EE72FAD59CDE48BB423EBFCF81CBD
    SHA-256:B00BE0D2375A0693B5575042653B200146C89D404001F41960B805DCAE2E12A7
    SHA-512:C6F3D49AF7E3FE4584BFB41CB04DC844DEEA04F80A9E97DD4C0147EAA4D83D7AC021AD3F178E6ADBCC7FEAA1466A2192837910EAC5ED82A9FD77932CC585444B
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):3.7766668223507502
    Encrypted:false
    SSDEEP:48:7MW9p/E2ioyVbioy9oWoy1Cwoy1vKOioy1noy1AYoy1Wioy1hioybioyroy1noyL:7z9pjubFSXKQC2b9IVXEBodRBkO
    MD5:2716EF721DA9C47379D24AB89CA46352
    SHA1:985C77CF95D64066E048CCEB1FF5F2FE46B755E0
    SHA-256:2317ADD73B1F266856D18CBCA64927DFAB54E2D7E12123694618674189BEBCA6
    SHA-512:293D985AA2F6DDE9299B7EBCA66C4A2C6557A4E2A068E8ABB84BC29FEFFCB66D29DCFB50C4CD6C4DB46B2EF3785925830E25759D5DDC40A1FE74AD7C2E555A9C
    Malicious:false
    Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1391
    Entropy (8bit):7.705940075877404
    Encrypted:false
    SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
    Malicious:false
    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
    Category:dropped
    Size (bytes):71954
    Entropy (8bit):7.996617769952133
    Encrypted:true
    SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
    Malicious:false
    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):192
    Entropy (8bit):2.7457468364538267
    Encrypted:false
    SSDEEP:3:kkFklWRFDtfllXlE/HT8kkP/jNNX8RolJuRdxLlGB9lQRYwpDdt:kKP7eT8XNMa8RdWBwRd
    MD5:90814EE22DADF4D21752A97A7059DB4D
    SHA1:BA0A27073EC91D7E137063115BC3853BCD1739E2
    SHA-256:1EF5F99DD29237625854EA1BB75DC7F8E138626D982B335F63FC81E871188F6B
    SHA-512:B03E1CE6E625F00B95DC903BD9961060C5E26011B855638C81C170045131D9D77AD8E0571BDD94261099FC25754F332DC7A77503BA23516F2F160414D7A763AB
    Malicious:false
    Preview:p...... .........|..#&..(....................................................... ..........W.....j..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:modified
    Size (bytes):328
    Entropy (8bit):3.144086598890895
    Encrypted:false
    SSDEEP:6:kK75HPL9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:z5HqDnLNkPlE99SNxAhUe/3
    MD5:6DFE4FEA06D70EE2BFA8F90D0660A1EC
    SHA1:6F93DCB238AB83AC76FCB614A3D966A6F27B1D67
    SHA-256:710F43079E4200A7D5EC531FDF999AC7C5AEF2007F5804DAEF621EA495B81755
    SHA-512:9E32FF94805428A92DCCDB02D34EBF8D077785E2DF0084278911149A8FA783CF100F4E02407E8F95680E9C80251ED3AF0DC19FE075F28001574E582EA1A68FCC
    Malicious:false
    Preview:p...... ........,I..#&..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6580

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):243196
    Entropy (8bit):3.3450692389394283
    Encrypted:false
    SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
    MD5:F5567C4FF4AB049B696D3BE0DD72A793
    SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
    SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
    SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
    Malicious:false
    Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.356738715732995
    Encrypted:false
    SSDEEP:6:YEQXJ2HXRx3FpDUw9VoZcg1vRcR0YnXqoAvJM3g98kUwPeUkwRe9:YvXKXRdFpD6Zc0vSZGMbLUkee9
    MD5:D252132AA457BC635FFA9254392CA5F5
    SHA1:F263C4554AF1FCC7BF74EE05727172CA6FB3D042
    SHA-256:4F65B761D88005F56F68A037AF931EBEE83477A42E051C73FCE9C11059B7CC6E
    SHA-512:B2F2DAE1D78A97AE8E66E906B9C9E1AEFB4628AA59FEA9602D20B5E9EA92A9905112EDC45AD5EEC1EF2BCDE568C380FCE256BE5533A3B002CDE14803AD6965D2
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.305612455050959
    Encrypted:false
    SSDEEP:6:YEQXJ2HXRx3FpDUw9VoZcg1vRcR0YnXqoAvJfBoTfXpnrPeUkwRe9:YvXKXRdFpD6Zc0vSZGWTfXcUkee9
    MD5:5BA84BF9E52E17159D402008D685D035
    SHA1:78C266D83C91B436609625AEBA6C0F97D42690CA
    SHA-256:55FF0238EC106A9CE791BE5E13F3CDE6B94F43AD5DC18DCE3FAD4879B91FEE97
    SHA-512:85ECB1F81C09F29B026FD359D5B6D194BF1F9514FF94BFA7B9FFCF8614CD7F7BE896F66FE92690A27A89DA25DB0CD4183D9F569F06EA9E8D6B6108B144592131
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.28509902418836
    Encrypted:false
    SSDEEP:6:YEQXJ2HXRx3FpDUw9VoZcg1vRcR0YnXqoAvJfBD2G6UpnrPeUkwRe9:YvXKXRdFpD6Zc0vSZGR22cUkee9
    MD5:865B2AF236C862D71C9F85C40B488B0A
    SHA1:778B261238C82F294790BF82D9151D0AABADBE44
    SHA-256:8457AFDB869374C410F0B9F849B566FE3B6DDC5A32E68AA3B3CC9FF5FB7CA579
    SHA-512:E4EAC1D2B4FDF4B8F10F77392E942BCDAE8A39FA75CD0AABF537B0152359D3F52CBAB686FDDEB157F069AB8283BFBE2D40FFD875C89177C91C52BDDD3A8C8AC5
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.3435167773462515
    Encrypted:false
    SSDEEP:6:YEQXJ2HXRx3FpDUw9VoZcg1vRcR0YnXqoAvJfPmwrPeUkwRe9:YvXKXRdFpD6Zc0vSZGH56Ukee9
    MD5:FA7858952B7839A47EDF47F5CCD3496B
    SHA1:29C760A285E90BC785B2A3EDC1907FCE8265B97E
    SHA-256:196E18E917F4F82E7A67C16E51273798FE0659D3BDF50AE0F047F7548A6D6875
    SHA-512:7D8589AA2ABB2C6200CCE86E93CD929FC0305600FAF616B915608ABD7B22CECFF588B1F9FF90D2D8215154392E63FC53014BA44D8330B7A5B8A7BE990642B5FE
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1055
    Entropy (8bit):5.662323119453316
    Encrypted:false
    SSDEEP:24:Yv6XfFt6zvjpLgEscLf7nnl0RCmK8czOCCSD:Yv8yrhgGzaAh8cv/D
    MD5:9926545A705364A67A6E6B50984D4F88
    SHA1:5615F5875EB455C56830A5BD0FF80922A708DAED
    SHA-256:9202426C254B8989C8A80B90102D718B0D0054CF864FC6386B88A38DC56E3C98
    SHA-512:5BDB89F9659AEC54749376F3CC52800BA495924927D366506E4F49169D737F74C712F9697DF4BECE50F363F5F2975F9831377CC5645551651EABFFAC1B30DD9E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1050
    Entropy (8bit):5.656528477306272
    Encrypted:false
    SSDEEP:24:Yv6XfFt6zv/VLgEF0c7sbnl0RCmK8czOCYHflEpwiV6:Yv8yHFg6sGAh8cvYHWpwD
    MD5:C480B70183A8C5F6168B708B7A17F7AF
    SHA1:D61C9FB720303B5A72565F63E870FB6BF3E05891
    SHA-256:66A8F411C08F736FA07B15530D9B34DF12260F82EA77BC6FFA462FC0F1F9E7BF
    SHA-512:D0542D847E9EDE622098535E702747763812B46FE560DE5AA85B7B8A55CCADC6DCCD04DFE3D355AB13EC7A737123D6FF888558D03829EFDB1F995D488E044463
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.293419183440555
    Encrypted:false
    SSDEEP:6:YEQXJ2HXRx3FpDUw9VoZcg1vRcR0YnXqoAvJfQ1rPeUkwRe9:YvXKXRdFpD6Zc0vSZGY16Ukee9
    MD5:4507F18B7148F64B22394710AA14BD78
    SHA1:91F1CEC89F27576245BC55008E1CFB6A0F512873
    SHA-256:6F48F6FF3AE5A65705F555E9B793C7CF39E19ADC1D41A5570E0C275FC26B5413
    SHA-512:2F6B05F3F8682DED07FAC70BC937A1C3E58EDA2DFD1328E3E81CED2173A6EFB4A7B8E70A9F5F09ABBE58F54B4CDFDFC19621BFD5EAE7CA58A79A8EC114B34488
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1038
    Entropy (8bit):5.6480940130997626
    Encrypted:false
    SSDEEP:24:Yv6XfFt6zvO2LgEF7cciAXs0nl0RCmK8czOCAPtciB6:Yv8y2ogc8hAh8cvA4
    MD5:0FD05A173BACF865D88A5BC00AC1635C
    SHA1:E5CA9886072B93B2A11102EF7A91F792A6FD2A27
    SHA-256:247FFA462690B03A2F1903CDA1DACE5B3F9C8BC3AFF13DCC65C25F631177C3A4
    SHA-512:8858661DE8F8EC245076B2D31D3B7B5D3A07B72445ED3638B278E9D2DBB0802406E98945522F92DBEF04EACCB7F8824E03D310B931078D105B6F582FE8BA6598
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):5.701479637887622
    Encrypted:false
    SSDEEP:24:Yv6XfFt6zvCKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK56:Yv8yaEgqprtrS5OZjSlwTmAfSKc
    MD5:6CF4EEE4C0F0592766BB04D745F1DB5B
    SHA1:FB81E2F503EF088FFC7F687D8A2FF1FFE074F3F0
    SHA-256:0707ECFFF1296FBD5B1596430B36D51A22946E77BF1BFE34D9A99C8AFA139065
    SHA-512:E1FC689915E59E77FB4FA54CBB538518F54B4D4CEC04A85CE240F3E1D3F6E47AAD8DFD54C51491C6909F842019BFC28DA2B7CF14536A4DB0ACC360A103C126E4
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.2946445705596155
    Encrypted:false
    SSDEEP:6:YEQXJ2HXRx3FpDUw9VoZcg1vRcR0YnXqoAvJfYdPeUkwRe9:YvXKXRdFpD6Zc0vSZGg8Ukee9
    MD5:2A2FB3AF4620466CCDAD038AFFBE448A
    SHA1:BB0C1369FC9D1992CD6B5FD33454531711539C34
    SHA-256:2D5B287FA19E6787C87B4FCDAD141692D3AC616350A146E6FDDEE0B191FB06E7
    SHA-512:5DB14C682AC9BAF0644B5B6A0FE1F9645A94B22F37BDE5586FC643F2CBA7853B2DA10ACE3B76408D4D400212AA5D3648781BB2931B15A28ABBFE8B12E4FF7744
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.774047340941075
    Encrypted:false
    SSDEEP:24:Yv6XfFt6zvBrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNS:Yv8yJHgDv3W2aYQfgB5OUupHrQ9FJc
    MD5:9C8893160B93C5BCD12EF26E3B84C7D0
    SHA1:46F538122EE4C8C1013EF24D026B8C77AB33CEAF
    SHA-256:EA8062FDBA3424160E8DFC639480AF1FD1B55DA3B583BD687AC0DE42525CC569
    SHA-512:D690A2114CD2F80EC19E4CE3049901C91F4A7D1860DFF108E37693779E18BEA31770A9576CF2761C9FB65D8DEDD489C61EDD3E8DF6066FAE9F8819C509E837B9
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.27822847530867
    Encrypted:false
    SSDEEP:6:YEQXJ2HXRx3FpDUw9VoZcg1vRcR0YnXqoAvJfbPtdPeUkwRe9:YvXKXRdFpD6Zc0vSZGDV8Ukee9
    MD5:22B832BBA3E831973CEE9047250D388F
    SHA1:F7E582AE9A6E6EF3568E91C59054BC37E8FC3B82
    SHA-256:4FEA237DBDEB34F157836702E11C78F537ED21ABE72B5DEBB7B0F3B01F403572
    SHA-512:B4ED41620EB306E53D9707DEF4650331F9B2A193C7C1A94331AE6E0E1EECD7A20674E2372550ACDB0C8C010954C65AD9C90DA8CD817C471026E621C4B13384C0
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.282805800803916
    Encrypted:false
    SSDEEP:6:YEQXJ2HXRx3FpDUw9VoZcg1vRcR0YnXqoAvJf21rPeUkwRe9:YvXKXRdFpD6Zc0vSZG+16Ukee9
    MD5:62F861CF0107445305F23DD7B72747A3
    SHA1:4B86A0D5EF9CB993C15A39EBE38062A8D9616642
    SHA-256:3311D71ABE915D1EB32E59F3CDBD6532C11BDD9BEA0DE25B5A0A42F597DFC698
    SHA-512:E95B9FA256002A4C06162D56D76B9E7A7FB1D41605B207D041CA142FAA49A23890B9C11793C02C1A0D931BB01B2BB64D9A82B138FB2213EFFA3C7EE668239500
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1026
    Entropy (8bit):5.632275227392939
    Encrypted:false
    SSDEEP:24:Yv6XfFt6zvTamXayLgE7cMCBNaqnl0RCmK8czOC/BSD:Yv8ybBgACBOAh8cvMD
    MD5:4CA481E19D4D9E806597A204710E9E10
    SHA1:9533AEB572251A3A4C59F088C1A7090BA9287E98
    SHA-256:AD938FDBD91B6CED9A5E392A48FEED7E84F97D33EBE2BB54018D4C1A9F1F3312
    SHA-512:9FC76CA31BC32A701AFDC47DC50185FF3DF01FB6C9911895FD6A7F2BB78D81E05F4F695B6453CA47977F8B24F9E5820487DBF491567FCB256EA5FCEA069F92C1
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.257583623463839
    Encrypted:false
    SSDEEP:6:YEQXJ2HXRx3FpDUw9VoZcg1vRcR0YnXqoAvJfshHHrPeUkwRe9:YvXKXRdFpD6Zc0vSZGUUUkee9
    MD5:A0AA5FF344EFCD20BEC3C715DC00AC7F
    SHA1:695A8A1E249ACE8F50FF4D38D2D9744CE87D1EA4
    SHA-256:2D5737D13E1BE7D508142467EFC4E7356A29AB96ACF5D850EB59D5411153F283
    SHA-512:2FD41065A16178414C25AA64F73947D126D59A757B53668411BC87C3E778166EC07CC6F2B43C4A9661AD48DF876807DA8E85CAF1FF1B02663BFBF2EB1DFBCE7C
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.36678929747781
    Encrypted:false
    SSDEEP:12:YvXKXRdFpD6Zc0vSZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW+:Yv6XfFt6zvQ168CgEXX5kcIfANhD
    MD5:A25DAF869D67153132B56F4374B0CFA1
    SHA1:9443EA6610FA9F487591496461DD7927CF3337E8
    SHA-256:5322C8866E378D72EEF0B4E0BA7C1FAC66353153F0AF4FF7B903C7E69EF586EB
    SHA-512:957E9313E125E1DA0E9A12ADDBBFC36D0BD2FEC4BCD228F9398B5ECD6311CBD75B2CE22391DFBE4436DF9A26FD72767803DD095AF72D8AA8C2D8B640E07CB404
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"7894d79f-de29-47af-93e7-22b7d33a2f17","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1729954766300,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1729781291332}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2818
    Entropy (8bit):5.121060743528964
    Encrypted:false
    SSDEEP:24:YGZzR3hIa9xay+l4nTTjXC38TSk21bDE3RDjaFJlj3BSj0Sz9Vwweo2gnP2LSzvy:YGVb3OxpE32xkfNnPBCie9P
    MD5:DA90F06A14F05A071284A676418CF1DC
    SHA1:D8DBF87BA2E863366FD28038C2CE312494B4FBB0
    SHA-256:43D0395B21D2DCAE3B4A24957239D3310470A787DF98012D6C379D018F831E83
    SHA-512:30280842C87A2AA96DBBBCDFB8B50724C2E57CCCDDA80DDA5762BAD3DE4D93D01708D5BBDDA2C407B3D984E2BE4BD7FF9C4A91D31DF88ED8D677C9E0C7BF2855
    Malicious:false
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"6f37796298df7d6e58cc7e9cf1669794","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1729781290000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"77a3e2cda9e6591639b716a367fae126","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1729781290000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"f8dbb8e018db27ba1acfafe0af27a132","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1729781290000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"37b2001566155fd63e539c6b11514270","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1729781290000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"6453176c26222562aa94b8e5e2036b38","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1729781290000},{"id":"Edit_InApp_Aug2020","info":{"dg":"58ded5fea7ca2ca7503d38dafb467e91","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):1.186993390723025
    Encrypted:false
    SSDEEP:48:TGufl2GL7msEHUUUUUUUU4SvR9H9vxFGiDIAEkGVvpq:lNVmswUUUUUUUU4+FGSIt2
    MD5:A642F319C72D14E3247AB336754FFDD7
    SHA1:61137CCB190589E645856358F6364D9F6072B6F5
    SHA-256:F80097BB20B072402F5A0C2E10C92B6935AEA70A6BDBB71AB60C34A69EFF5E30
    SHA-512:CAA23D91D8B04E3704A8DA975D241F2BD54DBF15059DA02A319686A215823D17BDD999002DC8646DC6F5F602FD6AC52A89EC17B9CAEA348C587F37A1B7409097
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.607414498515863
    Encrypted:false
    SSDEEP:48:7M3KUUUUUUUUUUavR9H9vxFGiDIAEkGVvCqFl2GL7msL:79UUUUUUUUUUmFGSItUKVmsL
    MD5:318BD938DEF38C800CBD49E57182906A
    SHA1:FF17AC26B2230BF8BD069D3BF6BDDAB45D85EA28
    SHA-256:8848D085D39270F9455F30B6CED4DC70227E8F5843F8794E7FC9E3F529E980A4
    SHA-512:6EEC3A5477EFBE7A20B59B691D6CA82E9E3DDB6E8F947D14E682AA29192BC37FBD7BBABA0D37A87B11D9D435977FD2B840436DFE0D242BD22C6E602386E6F66A
    Malicious:false
    Preview:.... .c.......F......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSI28e49.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.4985264301455885
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8cjqdNOXH:Qw946cPbiOxDlbYnuRKHxH
    MD5:240AB822DB5C0739204976A3D3D17F1D
    SHA1:1EEF09220CF09510FCB8C50D3A050CEA2FDB9CCF
    SHA-256:5FB75A05F95048CA05AF66775302E24755074D19BA77DD25EF90862B537A41FE
    SHA-512:EA1A62D77A4ACFA901A340A4738B4886DD59DAE9B90DACB92E59CF3B711D6174C12AB24B2E946C2F6630F8CD70FB487AEE64FC756A5B3E29482EE3B1345075E7
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.1.0./.2.0.2.4. . .1.0.:.4.8.:.1.2. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-24 10-48-06-926.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.345946398610936
    Encrypted:false
    SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
    MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
    SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
    SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
    SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
    Malicious:false
    Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):15114
    Entropy (8bit):5.3608832584061465
    Encrypted:false
    SSDEEP:384:LjHeH3vA9jAwC7opD5T3MLBYppuhYzLPNGlvlDMGMoqkwzWGR/u01/q/pEy00XgL:Nv3V
    MD5:9D01C32ADC292B69C2692DA4A51FA0BF
    SHA1:CC85368A548666E65EE7757C1132B76E6F14C96F
    SHA-256:171AFED03EE5A492AB797AD072A1F4D958BCADE662EB8787CDAE136005C09745
    SHA-512:323BA4D92BA3742F67673D047E9E50F51E7FB618E7FF155FA8377B5EABB36F5B537A365DCE5A5ADE1BB1A016D517B38D7737DE4EB06BA4A8B99234D9DE31819C
    Malicious:false
    Preview:SessionID=198f1a60-651e-4c51-b387-2d18788b323e.1729781286939 Timestamp=2024-10-24T10:48:06:939-0400 ThreadID=6816 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=198f1a60-651e-4c51-b387-2d18788b323e.1729781286939 Timestamp=2024-10-24T10:48:06:942-0400 ThreadID=6816 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=198f1a60-651e-4c51-b387-2d18788b323e.1729781286939 Timestamp=2024-10-24T10:48:06:942-0400 ThreadID=6816 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=198f1a60-651e-4c51-b387-2d18788b323e.1729781286939 Timestamp=2024-10-24T10:48:06:942-0400 ThreadID=6816 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=198f1a60-651e-4c51-b387-2d18788b323e.1729781286939 Timestamp=2024-10-24T10:48:06:942-0400 ThreadID=6816 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.387622104200273
    Encrypted:false
    SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rc:g
    MD5:7112E6A5C3E57920C031BD936825046E
    SHA1:444625EB9F22D858190DA3D9075D968008E3BBFD
    SHA-256:1862871C59A5BCED35E054CC9D4E7C642CD435B4A9AA9409AD91D15B7E2DE03C
    SHA-512:F4217C62F3188518392A55AD9FC34F2A4675BBDC9400D10EDEF1DE9B421B2597DD65C37A9B71123E71C37B9883A97E30FC13C3BF0EC4D9C6CB703922C9A44828
    Malicious:false
    Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\3e19c9ac-95e5-4a95-a1d9-4ef392508585.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    C:\Users\user\AppData\Local\Temp\acrocef_low\3ecf6e96-473a-4049-ba00-f77d7ea07909.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    C:\Users\user\AppData\Local\Temp\acrocef_low\681881ce-4ac2-4217-9341-78dd3b3d12de.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/M7ouWLaGZjZwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLaGZjZwZGk3mlind9i4ufFXpAXkru
    MD5:AE1E8A5D3E7B2198980A0CA16DE5F3D3
    SHA1:A1DB2C58AFC81E6A114A8EB47BE0243956F79460
    SHA-256:8C2E1B13F6658714D51737D6745FE065B87497923945AB3028706A4171C8328F
    SHA-512:5B36CF0982C5AFED5CCEA4B30A0B31A2B5312FBF5438623D53153E076B59F1B4BEF8C08695EA74E086BCA4EF7221889DB977B5DCFF4C684BA0683FDDECDE2EC4
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\746f7c76-c356-4997-98ad-088c2a0bf7b3.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
    MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
    SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
    SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
    SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    Static File Info

    General

    File type:PDF document, version 1.4, 1 pages
    Entropy (8bit):7.806808620566728
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:1741A0218-101424-Travelers-10142024.pdf
    File size:23'136 bytes
    MD5:27cd98ccdd6d510d09efda0b46944253
    SHA1:b40fc2ed52c4240e10ba98c9363106d7844b9bb2
    SHA256:a61832c8e180ad5beef062065840b0991af8eca459723831272eba65315f1a7b
    SHA512:ab89bcbf509a7dbce440e36a33bfe68d971151d3ba165c596dd2bc0f8cd8e8b973006e5ca07a874692c2f0f957e1d6f2b4607e354cc0fb122c50b015b1f9af98
    SSDEEP:384:tSkVRTMlaLVUoPK6ckDYkvSjTpxfCTNbeSIyiH3mmEUhY94Pz3aorXrOePsGW:tSuR557PK6JD/vurfCTNC31EUhY9UzqL
    TLSH:27A2E142D29DF5C5EC5F0C064EA93725CC1C3C7A8AD9321463A97F0CF13AA836E5A4A7
    File Content Preview:%PDF-1.4.%......5 0 obj.<<./Type /XObject./Subtype /Image./Name /Im0./Width 2550./Height 3300./DecodeParms << /K -1 /Columns 2550 >>./BitsPerComponent 1./ColorSpace /DeviceGray./Filter /CCITTFaxDecode./Length 4 0 R.>>.stream.........u,.`..C.n.J..8'D.s.q..

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.4
    Total Entropy:7.806809
    Total Bytes:23136
    Stream Entropy:7.810914
    Stream Bytes:22072
    Entropy outside Streams:5.049198
    Bytes outside Streams:1064
    Number of EOF found:1
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj8
    endobj8
    stream2
    endstream2
    xref1
    trailer1
    startxref1
    /Page1
    /Encrypt0
    /ObjStm0
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Network Behavior

    Network Port Distribution

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Oct 24, 2024 16:48:17.669070005 CEST5542253192.168.2.41.1.1.1

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Oct 24, 2024 16:48:17.669070005 CEST192.168.2.41.1.1.10x2cf4Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Oct 24, 2024 16:48:17.677107096 CEST1.1.1.1192.168.2.40x2cf4No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:10:48:03
    Start date:24/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\1741A0218-101424-Travelers-10142024.pdf"
    Imagebase:0x7ff6bc1b0000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    General

    Target ID:1
    Start time:10:48:04
    Start date:24/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff74bb60000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    General

    Target ID:3
    Start time:10:48:04
    Start date:24/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2176 --field-trial-handle=1740,i,14463368390117274462,13698455103500201006,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff74bb60000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:true

    Disassembly

    No disassembly