Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Herinnering (5)_20241017163011148.pdf

Overview

General Information

Sample name:Herinnering (5)_20241017163011148.pdf
Analysis ID:1541945
MD5:b6e2cc2ba1e583099cc943fa5a23216c
SHA1:72a909151acd4253dce5d818b5829123b4c7e6fe
SHA256:171137ccd4a23a564074e583bcd77f04cadab38b406f84239c7b3e973a1e6c0e
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6784 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Herinnering (5)_20241017163011148.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6508 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5636 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1732,i,17151241865359330168,7598862305262395057,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: 241.42.69.40.in-addr.arpa
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean0.winPDF@14/45@2/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6380Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 04-55-22-456.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Herinnering (5)_20241017163011148.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1732,i,17151241865359330168,7598862305262395057,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1732,i,17151241865359330168,7598862305262395057,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Herinnering (5)_20241017163011148.pdfInitial sample: PDF keyword /JS count = 0
Source: Herinnering (5)_20241017163011148.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Herinnering (5)_20241017163011148.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1541945 Sample: Herinnering (5)_20241017163... Startdate: 25/10/2024 Architecture: WINDOWS Score: 0 13 x1.i.lencr.org 2->13 15 bg.microsoft.map.fastly.net 2->15 17 241.42.69.40.in-addr.arpa 2->17 7 Acrobat.exe 18 62 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		unknown
    241.42.69.40.in-addr.arpa
    		unknown
    		unknownfalse
      		unknown
      x1.i.lencr.org
      		unknown
      		unknownfalse
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
        • URL Reputation: safe
        		unknown

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1541945
        Start date and time:2024-10-25 10:54:27 +02:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 3m 57s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:9
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:Herinnering (5)_20241017163011148.pdf
        Detection:CLEAN
        Classification:clean0.winPDF@14/45@2/0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.193.227.236, 54.144.73.197, 18.207.85.246, 107.22.247.231, 162.159.61.3, 172.64.41.3, 2.23.197.184, 88.221.168.141, 199.232.214.172, 2.19.126.149, 2.19.126.143
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
        • VT rate limit hit for: Herinnering (5)_20241017163011148.pdf

        Simulations

        Behavior and APIs

        TimeTypeDescription
        04:55:33API Interceptor2x Sleep call for process: AcroCEF.exe modified

        LLM Input / Output

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        bg.microsoft.map.fastly.nethttps://klickskydd.skolverket.org/?url=https%3A%2F%2Fonedrive.live.com%2Fredir%3Fresid%3DA2C259BD24DEB977%25211517%26authkey%3D%2521AMV6sdjMIZf95vs%26page%3DView%26wd%3Dtarget%2528Quick%2520Notes.one%257C8266a05f-045a-4cc0-bddc-4debc90069bb%252FNotera%2520H6TYD9J4rDFDFECZC-HUYW%257Ca949d04d-b4e2-4509-b99f-d04546199b7b%252F%2529%26wdorigin%3DNavigationUrl&id=71de&rcpt=johan.brandt@skolverket.se&tss=1729830791&msgid=2d0ccdeb-928a-11ef-8a2e-0050569b0508&html=1&h=008c08c0Get hashmaliciousUnknownBrowse
        • 199.232.210.172
        https://dl.dropboxusercontent.com/scl/fi/kzw07ghqs05mfyhu8o3ey/BestellungVRG020002.zip?rlkey=27cmmjv86s5ygdnss2oa80i1o&st=86cnbbyp&dl=0Get hashmaliciousUnknownBrowse
        • 199.232.210.172
        2811271181036830236.jsGet hashmaliciousStrela DownloaderBrowse
        • 199.232.210.172
        https://sitecoresolrlb-mig.uat.ashurst.com/384ff7382de624fb94dbaf6da11977bba1ecd427Get hashmaliciousHTMLPhisherBrowse
        • 199.232.214.172
        z70OrderSpecificationsforMaterials_docx.exeGet hashmaliciousFormBookBrowse
        • 199.232.210.172
        https://bmgpeu.com/Get hashmaliciousUnknownBrowse
        • 199.232.214.172
        http://makkahdigitalcoins.net/?shiny/Get hashmaliciousUnknownBrowse
        • 199.232.214.172
        http://www.thegioimoicau.com/Get hashmaliciousUnknownBrowse
        • 199.232.214.172
        http://ylh2qh022.spreadsheetninjas.com/q3bCCwDV?sub1=ed10U&keyword=rbraley@avitusgroup.com&sub2=xelosv.nlGet hashmaliciousPorn ScamBrowse
        • 199.232.210.172
        http://nativestories.org/Get hashmaliciousHTMLPhisherBrowse
        • 199.232.214.172

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.184786873208191
        Encrypted:false
        SSDEEP:6:8VN+q2P92nKuAl9OmbnIFUt8TVLudzmWZmw+TVLudzNVkwO92nKuAl9OmbjLJ:8z+v4HAahFUt8TTW/+TmV5LHAaSJ
        MD5:F0F86507B88A33023B43D7A2C707A8AF
        SHA1:FB83E6A0DF3C914788E52E21087924F7D46A6146
        SHA-256:F579463B8356028889B96E1D7C3BAD9337E09A9A487AD86AA68FD29B3E987A29
        SHA-512:DBA90AB94632EA5FC8662C09FCABD74C42D08C747580E16183753194623565E8CD4242A41BC636D145B05A5A4A251DF337EB44E69031B55E33D51CF6EB6B6E35
        Malicious:false
        Reputation:low
        Preview:2024/10/25-04:55:20.144 183c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-04:55:20.147 183c Recovering log #3.2024/10/25-04:55:20.147 183c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.184786873208191
        Encrypted:false
        SSDEEP:6:8VN+q2P92nKuAl9OmbnIFUt8TVLudzmWZmw+TVLudzNVkwO92nKuAl9OmbjLJ:8z+v4HAahFUt8TTW/+TmV5LHAaSJ
        MD5:F0F86507B88A33023B43D7A2C707A8AF
        SHA1:FB83E6A0DF3C914788E52E21087924F7D46A6146
        SHA-256:F579463B8356028889B96E1D7C3BAD9337E09A9A487AD86AA68FD29B3E987A29
        SHA-512:DBA90AB94632EA5FC8662C09FCABD74C42D08C747580E16183753194623565E8CD4242A41BC636D145B05A5A4A251DF337EB44E69031B55E33D51CF6EB6B6E35
        Malicious:false
        Reputation:low
        Preview:2024/10/25-04:55:20.144 183c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-04:55:20.147 183c Recovering log #3.2024/10/25-04:55:20.147 183c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):338
        Entropy (8bit):5.087782234009394
        Encrypted:false
        SSDEEP:6:8VzjIq2P92nKuAl9Ombzo2jMGIFUt8TV+b9Zmw+TVzFzkwO92nKuAl9Ombzo2jM4:8tjIv4HAa8uFUt8T89/+T3z5LHAa8RJ
        MD5:28B5D99261001925741600879F8A6F67
        SHA1:FA4D0B1696DC9DC87A66E0B517CC310445CEDB24
        SHA-256:EE607D469BAD4692DD2F1964DB47235B6F7ED8EFF6C6522C7689171395DBD874
        SHA-512:4C7C0383BE66B4EB6AE2C3F927A63657E08C875C18EF221C1179A71EA1054AE4ED7A3EF2E6430A7BE44ACEFD93799CA4713D9B82A8291559A175297C8C9CC313
        Malicious:false
        Reputation:low
        Preview:2024/10/25-04:55:20.204 1c04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-04:55:20.205 1c04 Recovering log #3.2024/10/25-04:55:20.206 1c04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):338
        Entropy (8bit):5.087782234009394
        Encrypted:false
        SSDEEP:6:8VzjIq2P92nKuAl9Ombzo2jMGIFUt8TV+b9Zmw+TVzFzkwO92nKuAl9Ombzo2jM4:8tjIv4HAa8uFUt8T89/+T3z5LHAa8RJ
        MD5:28B5D99261001925741600879F8A6F67
        SHA1:FA4D0B1696DC9DC87A66E0B517CC310445CEDB24
        SHA-256:EE607D469BAD4692DD2F1964DB47235B6F7ED8EFF6C6522C7689171395DBD874
        SHA-512:4C7C0383BE66B4EB6AE2C3F927A63657E08C875C18EF221C1179A71EA1054AE4ED7A3EF2E6430A7BE44ACEFD93799CA4713D9B82A8291559A175297C8C9CC313
        Malicious:false
        Preview:2024/10/25-04:55:20.204 1c04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-04:55:20.205 1c04 Recovering log #3.2024/10/25-04:55:20.206 1c04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):508
        Entropy (8bit):5.054204384749851
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqOsBdOg2Hpkcaq3QYiubxnP7E4T3OF+:Y2sRdsqdMHp33QYhbxP7nbI+
        MD5:1C9C87AA94DDC9A7E2743D7EDB756EFF
        SHA1:293552CC3B3766B8543334ABF21594973AD7CC55
        SHA-256:A28B934003B99ABCC797901897A5C79036EF2CD358FBA2EDBF37A12F1E750F3F
        SHA-512:789246034E29F7B79A0276F7AEA05D93DCAEB2DFC159FCF0ECC9669A93DBD1A5DAB959A1D9451C7176B649C2C1507BE9AF6779768B1F413CE4BB65579C5042B8
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374406526141889","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":235813},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fc139e13-c93f-4c76-92f2-d63804454f25.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):508
        Entropy (8bit):5.054204384749851
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqOsBdOg2Hpkcaq3QYiubxnP7E4T3OF+:Y2sRdsqdMHp33QYhbxP7nbI+
        MD5:1C9C87AA94DDC9A7E2743D7EDB756EFF
        SHA1:293552CC3B3766B8543334ABF21594973AD7CC55
        SHA-256:A28B934003B99ABCC797901897A5C79036EF2CD358FBA2EDBF37A12F1E750F3F
        SHA-512:789246034E29F7B79A0276F7AEA05D93DCAEB2DFC159FCF0ECC9669A93DBD1A5DAB959A1D9451C7176B649C2C1507BE9AF6779768B1F413CE4BB65579C5042B8
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374406526141889","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":235813},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4509
        Entropy (8bit):5.243339913590633
        Encrypted:false
        SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUrC2Hw7VyCCp7Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLO
        MD5:C6071C136C2810280C73F7FDCD220BF2
        SHA1:CFBD84867A048688ABEF2AFB67E841D554589DA5
        SHA-256:A9C595CA9E28C815D3D4CFEDBFAB7F3D12E38371254372ACE05A788BF0111FE5
        SHA-512:DE4EB71C6AD39536A0BE25215C9360A7660A064199CF0747770E3D372F2C025C11020FD9A5CCFD7818047DFD54407410194956FDCA1B578F00C8FE3BC4AEE81B
        Malicious:false
        Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):326
        Entropy (8bit):5.145540440085219
        Encrypted:false
        SSDEEP:6:8V7iq2P92nKuAl9OmbzNMxIFUt8TV8ZZmw+TV8zkwO92nKuAl9OmbzNMFLJ:85iv4HAa8jFUt8TC/+Tu5LHAa84J
        MD5:3693FC8E547AF294033B95CBF40441E5
        SHA1:ED6370A53B7E1F1D14CAECDB3377E696211605D2
        SHA-256:7B18545D402F46001F74A3782A5A286D93538A61D0A9C99316DA6F2DB02770AF
        SHA-512:A1C44EEA0C0130AFA46549DC436D91FF2B0F6263087E25A0D17BF8F371093B19ADD8CCA31810A9BBDE82DA68591A1B45763C6A23B33F23DF17B633EDA78768F9
        Malicious:false
        Preview:2024/10/25-04:55:20.358 1c04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-04:55:20.359 1c04 Recovering log #3.2024/10/25-04:55:20.359 1c04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):326
        Entropy (8bit):5.145540440085219
        Encrypted:false
        SSDEEP:6:8V7iq2P92nKuAl9OmbzNMxIFUt8TV8ZZmw+TV8zkwO92nKuAl9OmbzNMFLJ:85iv4HAa8jFUt8TC/+Tu5LHAa84J
        MD5:3693FC8E547AF294033B95CBF40441E5
        SHA1:ED6370A53B7E1F1D14CAECDB3377E696211605D2
        SHA-256:7B18545D402F46001F74A3782A5A286D93538A61D0A9C99316DA6F2DB02770AF
        SHA-512:A1C44EEA0C0130AFA46549DC436D91FF2B0F6263087E25A0D17BF8F371093B19ADD8CCA31810A9BBDE82DA68591A1B45763C6A23B33F23DF17B633EDA78768F9
        Malicious:false
        Preview:2024/10/25-04:55:20.358 1c04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-04:55:20.359 1c04 Recovering log #3.2024/10/25-04:55:20.359 1c04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025085524Z-152.bmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
        Category:dropped
        Size (bytes):65110
        Entropy (8bit):0.9926301978539023
        Encrypted:false
        SSDEEP:96:HM7MBj+w/3MkMMCYMMMMQAjfcgMjN8ayEMT0iC:fMylU
        MD5:A6B588DE31FD9C2E0F90047A336E9D98
        SHA1:BBF86DA8AEBDE46680E67D114EAFF1E43349AC35
        SHA-256:7FFD65F3ECC73D50BFE6061C6FA572D9D90A3B623F9694A46911613A6D3A1943
        SHA-512:0EB63E5B719CB412005188509C974035D990AA6AEED80A532486B86A4FFC5E284FD4B3075350C4943193561316D2239F42D578955C10387CDF921B9654C85403
        Malicious:false
        Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):71954
        Entropy (8bit):7.996617769952133
        Encrypted:true
        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
        Malicious:false
        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.7673182398396405
        Encrypted:false
        SSDEEP:3:kkFkloG1ltfllXlE/HT8k17ttNNX8RolJuRdxLlGB9lQRYwpDdt:kKxG1leT8cNMa8RdWBwRd
        MD5:1D574CEB8785422FC32EE5124876E7B8
        SHA1:D289E9927B026DB522C5BEEF953BF0FEA173BBBB
        SHA-256:F8923AFD15B935B6131A4CC85E4EB71898340FADF03E3544B345175E36BDE6EA
        SHA-512:7F9DC4C5541C4885A622DF5883CF735A30BE35E2A516299B51296E442C8FA987713D9049DB72D083CC8A956CD0A8BDE91BA02686853A7C62EA060C3F1B174137
        Malicious:false
        Preview:p...... ........[....&..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):328
        Entropy (8bit):3.247897867253902
        Encrypted:false
        SSDEEP:6:kKDiklL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:ridDImsLNkPlE99SNxAhUe/3
        MD5:C052CB68D2179B820C68E48B1C731C23
        SHA1:76A1A1ACAB1043F10DC79D2C99DE40EC89E370AE
        SHA-256:9C08D7AE4929FDC4F47E20C3000E2B985700538F540A7F2EA34259CFD7368AF9
        SHA-512:AAF174570EFE664307B862FC9A81CAF4865B3BA431F30A6370F3BAD52E07E263BCBEBC8EBB5466CE9522B5CB236B7E2A7DD1E380BBD7E3B057E09D0B22E17EA4
        Malicious:false
        Preview:p...... ..........&..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6380

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):227002
        Entropy (8bit):3.392780893644728
        Encrypted:false
        SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
        MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
        SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
        SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
        SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
        Malicious:false
        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.322402066754583
        Encrypted:false
        SSDEEP:6:YEQXJ2HXjb1M6DxQnZ1x+FIbRI6XVW7+0YKSODoAvJM3g98kUwPeUkwRe9:YvXKXjhMYiXUYpW7tsGMbLUkee9
        MD5:84F94C64B7C168B40120E48081DF523D
        SHA1:1062B494D6EEFD29E275CF912C9D80CE889EF7B7
        SHA-256:BAC1A3677A2F17686D44B54B2E8ABDA484980415F277975EF69270186858FB8D
        SHA-512:6438692D635C26DD26BE922844025A4026B1646C73DD17739C34BF9301C5DD273103ADF53962C2047BDEF0881BCF13503345162A2799BA7AF2371656F75C8991
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.257257364148034
        Encrypted:false
        SSDEEP:6:YEQXJ2HXjb1M6DxQnZ1x+FIbRI6XVW7+0YKSODoAvJfBoTfXpnrPeUkwRe9:YvXKXjhMYiXUYpW7tsGWTfXcUkee9
        MD5:3979AED2EB0FF047279948A6704A0CF7
        SHA1:217017806E9BE73623EEF9CF5F0B9BB49D7D5B85
        SHA-256:2FFFBB911C3BCE5E64352124E6178D3A9CD072CA3415B038B54BFF847EF4101C
        SHA-512:40977AD99F8470EFB48BDBDABFCA330C2DDCA2342620150F6542E6B87020713B06EF998BEEF517B845F0D5B000BCEFC3D52D5BE462719E3418AE1A1BDF5BAC35
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.236078439193632
        Encrypted:false
        SSDEEP:6:YEQXJ2HXjb1M6DxQnZ1x+FIbRI6XVW7+0YKSODoAvJfBD2G6UpnrPeUkwRe9:YvXKXjhMYiXUYpW7tsGR22cUkee9
        MD5:4652FDF5F9F0E0A2B44D46C8275AE5BD
        SHA1:2EFE50A214AA9AA5C11AA459ECE2251B73654262
        SHA-256:7AB5228D51DAE5584AF63F8E8197785479E553049B92D8B3F5F19F17DF386D68
        SHA-512:79823A45ACF8013FE9E7706843C54BB70A804A212756F56E5F78F0A9C04E0CDF16C367189CD754A89AFA16B2968086BFA77C4449958647EC6EE80509FE1E6669
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.29985770512562
        Encrypted:false
        SSDEEP:6:YEQXJ2HXjb1M6DxQnZ1x+FIbRI6XVW7+0YKSODoAvJfPmwrPeUkwRe9:YvXKXjhMYiXUYpW7tsGH56Ukee9
        MD5:0EB4E69573E99E4A0FA3B39673E59362
        SHA1:B16D3B597A720620F8EF913F69FD148AD7F24783
        SHA-256:C244A56B0D73BBBE3672EAB164950BD748A10DEB9D2E8A9454BA512A90070F49
        SHA-512:7B6707A843E1060AB7C4717898BFE71CE5EAE6C975D2651D14B125A4C5EE224F7A17943AA016476389422FD5B70250CCB8802B559D43DD0D2DD1F2B267F09057
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1055
        Entropy (8bit):5.6595280254812925
        Encrypted:false
        SSDEEP:24:Yv6XjuFi3pLgEscLf7nnl0RCmK8czOCCSPcN:YvC13hgGzaAh8cv/PcN
        MD5:AD9742C72FC36F37062D217914F43F15
        SHA1:B21A82F02AB30BDDFE68CC754C628CB9F133E8CB
        SHA-256:9F1561A1023DC2365257F07600567B9E22FFFBB4077FD841F8BA6182023159CD
        SHA-512:C63CF9B59BFBA608E03514FA5D8C86FD9456719414C04413B0584CB434395F4A96BC3F8E12B92B82BE3F1C403897C32E18A83042E4250CFD967F7182B7FE1F9A
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1050
        Entropy (8bit):5.649980484998473
        Encrypted:false
        SSDEEP:24:Yv6XjuFibVLgEF0c7sbnl0RCmK8czOCYHflEpwiVkcN:YvC1bFg6sGAh8cvYHWpwPcN
        MD5:63F49130EBAF5735D6FEA5BA96044E5F
        SHA1:D976CA39240C6BD88A4D873B05C431771BC8854E
        SHA-256:504729634018A6DDF1C5B697504EE528DE9272CCF6A810E3B1E23969F523013B
        SHA-512:BD021EDE2B221BEFAC84C19CF926465E4B5E4DD3BE925939630D847F697302B0D31011464F264E97653669258E2728E7FB6379B4C334279DFBD235A85161AFA8
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.247698995383182
        Encrypted:false
        SSDEEP:6:YEQXJ2HXjb1M6DxQnZ1x+FIbRI6XVW7+0YKSODoAvJfQ1rPeUkwRe9:YvXKXjhMYiXUYpW7tsGY16Ukee9
        MD5:205C0C99E7E25536A0A4F58D56AE562E
        SHA1:3D8E37047131415A50A95B44AE663E4D20FB2FAA
        SHA-256:16EA2955ACB5771EBF705B13D40E7A6A0988606F96B231393957B61555B4911F
        SHA-512:883EAB2EFB948EFC6FF21ADF553EBC2CFDEA7EE0F29928E967AF5B5090C6372FAC55B0D51AA4B08F6C9B2AB7ACDB2E65A9F03543FCBC3676E61BF7698F7BD5EC
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1038
        Entropy (8bit):5.645179835180687
        Encrypted:false
        SSDEEP:24:Yv6XjuFiq2LgEF7cciAXs0nl0RCmK8czOCAPtciBkcN:YvC1qogc8hAh8cvAKcN
        MD5:61CCC2AB7BFF00800A486D2F642F05DA
        SHA1:4259B1CA82E6D6B863973BE662F6F8B40341E388
        SHA-256:BC74FA9DF543DF502EBED380694343FBB90A42A0001A6EB3454858FAFFF72FFC
        SHA-512:A83392AE94C529C40FB79B4558C5909D5D88E4115EF132AF4A38A81BDE088E2026743DD56B4CFC372367250928BCC38B68084F86A3B1621A45255643B71078CB
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1164
        Entropy (8bit):5.6980624227952905
        Encrypted:false
        SSDEEP:24:Yv6XjuFi2KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5kcN:YvC12EgqprtrS5OZjSlwTmAfSKGcN
        MD5:913648F418DD237B000D9A72989CE42A
        SHA1:DEB5B8DCF8A16C53383B23AB3843171F56391478
        SHA-256:D9230EF04CB0475F027F5030EDAA7338FBE4337D125755C27C1178A645790CE2
        SHA-512:8E619FA28EB2ECE8F4BDA3E7F2486EE2D237869503A47537B10005E94D5BF002052354D649057601618906046C2B4DE16B78416481133AD542DED72A0D45B817
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.254144747767975
        Encrypted:false
        SSDEEP:6:YEQXJ2HXjb1M6DxQnZ1x+FIbRI6XVW7+0YKSODoAvJfYdPeUkwRe9:YvXKXjhMYiXUYpW7tsGg8Ukee9
        MD5:7C963AD0A128AFD35EEEA2BD241C0020
        SHA1:1A6812077540E2427D7E969FD42111ADBC17E2B1
        SHA-256:24E3FC605C09BBD4A314B840C6D08F6D87B6DA4ADDADF06BE42FB3F8E2E23335
        SHA-512:FDCA1C4FA5897DDE7F5FC550CF9133C9C3C9E8F7C89C0F76763F5BFFAFFD1C93E21F399F5ED293D862FD8B8CBD91AC63DEECDBECA8691EF42F32CF40FA516D73
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1395
        Entropy (8bit):5.773804607272437
        Encrypted:false
        SSDEEP:24:Yv6XjuFi9rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN8cc:YvC19HgDv3W2aYQfgB5OUupHrQ9FJGcc
        MD5:8FC2F7E7B4987281DE72501F84093F16
        SHA1:66188DEC3C1065CA84F04AF59E946128FF623101
        SHA-256:CB91461C08E0CCB8503FB01838B15D128AD7259C65784A516283453B11DF8545
        SHA-512:D4CBD9BA6EFE9A114A4FE56389C355436B129000449855CA27384591B476F664C2A6D846270948DC7AEE7F006E6021327897CE515EA8B1C810CDDD4344E2AA9F
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.238007001814567
        Encrypted:false
        SSDEEP:6:YEQXJ2HXjb1M6DxQnZ1x+FIbRI6XVW7+0YKSODoAvJfbPtdPeUkwRe9:YvXKXjhMYiXUYpW7tsGDV8Ukee9
        MD5:2881C8C9EB1DD387F2AE3945F918C3B3
        SHA1:EB2658DFDA2B3644421345286BD98E5AF4FF40AD
        SHA-256:291735C11499E18F1E3FFB7BC31898B896A5BEEB622D57201C3C7BCD059596C6
        SHA-512:9F65C070E68E20C90E27818CE567170C35E03E631DA7E9B44A5188BEEA2B6C9A96FE9AE27FCBE110398B6B60FD149A0F8C074C6CC4F781E2F6289430D06A434C
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.239045515929153
        Encrypted:false
        SSDEEP:6:YEQXJ2HXjb1M6DxQnZ1x+FIbRI6XVW7+0YKSODoAvJf21rPeUkwRe9:YvXKXjhMYiXUYpW7tsG+16Ukee9
        MD5:ED5FC193D35F086E8CFE582A1270A2A8
        SHA1:302CFB2CCC308315AF5EBC96B811F96DAB6961D5
        SHA-256:AE12060EDF08DC81773FCC2AFD54DE42137B22576C09245B825960ABE63B0114
        SHA-512:F59A432C7C2477BB5B1B5815884BEEF6321A143BC5CA6B6284FB3E97D5C3EEFDC650F3C5B77731C46CB3A60F1F6C3676D17A3E9663E7B46D96932D03100B10E0
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1026
        Entropy (8bit):5.628175856565703
        Encrypted:false
        SSDEEP:24:Yv6XjuFiPamXayLgE7cMCBNaqnl0RCmK8czOC/BSPcN:YvC1nBgACBOAh8cvMPcN
        MD5:89D859CFF9F838B43B4E3AEB592B0B46
        SHA1:67DB101C42A8C9AAE054F18C4BE25B8E5B7C0B0D
        SHA-256:EF535FEF41D03177F9F6B52B333EAF19096C5DDFCE3C941CFF76E6909D7B087E
        SHA-512:2546C150F5D0735D454A1978AF42FEE70426C8217B54B6B606919F873F89015D00EDC7C21B5798015933D8FF10245D9CCA341D15ABB80C9F426E20624686D66D
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.216069959626391
        Encrypted:false
        SSDEEP:6:YEQXJ2HXjb1M6DxQnZ1x+FIbRI6XVW7+0YKSODoAvJfshHHrPeUkwRe9:YvXKXjhMYiXUYpW7tsGUUUkee9
        MD5:7A05DC00F38A0AF8B2E88AEB5B240B90
        SHA1:333D7601CDEA99EA3DFC9FA27FBD981B73040B29
        SHA-256:69470780FDCB7F14D08D62339A9BFB7BD305D379CAF834B104D6A873D320A014
        SHA-512:78B248AF92AC83FC8EF60F9E57D5F92E67C3445D96CA587C0271F1C3E9FB864E60AFAADFFC4D3A2F4ECF21F215FC6F43B67DEFBAA2E104B53040BD2705D60DDB
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):782
        Entropy (8bit):5.359164032071769
        Encrypted:false
        SSDEEP:12:YvXKXjhMYiXUYpW7tsGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWQcN:Yv6XjuFi0168CgEXX5kcIfANhPcN
        MD5:0ED7E77A2E879A774AE301CC04AB92B7
        SHA1:D5BBA2F94C1BB69FAB34A12E16D070AFD4B65894
        SHA-256:C974ED6B1074C29BBE27909656EA575109F30C94EBEF5ED214BA5BB71DBAA326
        SHA-512:A9181577858237B5E6FC374CF3A3FCD70D652CC5E08E496F72FC823B1F9AC495CA2175526F6E481BC3CAF00439427FCF65D58CF0B2707037B8A0570B1B6C18CD
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"aef07341-026b-4e73-85fe-f59c7fa997c6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1730023242742,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1729846527775}}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2818
        Entropy (8bit):5.13830599080333
        Encrypted:false
        SSDEEP:48:Y7fcFcX9caEc879cTiUckc3wScITcLaV2c9CAcncUelP+cTcMcqFlS9Uc5nctcGb:8vGpwWvNCmlxcKAGb
        MD5:F7FF8A3B7F5C471B99BBDECC2979B555
        SHA1:846107E631A29430C6E7842E180BBBDCF33D5306
        SHA-256:5C7DF553CEE2FF4B86758E04A7CA0D897551AA2E91111A5EF9E3A824816DCA3C
        SHA-512:2B25C37308907C420598E238B5A60FDB5BE13FD35121C8D0AF478A160F6A8A43E6FB20F0228FC1DF65EE7D6D7693184848116306E6B213814FCC5F3AAFAFF239
        Malicious:false
        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"894500031cf236aceca2ada68f795ebc","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1729846526000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"2d2f9cfcce0df37838d9b9d89776e0da","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1729846526000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"a0647de8f4f60abe012d9aaecb104886","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1729846526000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"457de4aacc661398d3164752dfe98299","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1729846526000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"9e97b4fc81a4bdd0ed1b7950bd374a76","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1729846526000},{"id":"Edit_InApp_Aug2020","info":{"dg":"ed6597abc8c7a9f15f03eb64d16d4c59","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):0.9864430987562961
        Encrypted:false
        SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpaM4zJwtNBwtNbRZ6bRZ4HMF:TVl2GL7ms6ggOVp2zutYtp6PF
        MD5:F2113F5F585A43B697E068C0C877BB2C
        SHA1:0779BF91D27C0AC2F549DD35AB73158013DA68BD
        SHA-256:59EA8A4780DF43ED98A064F7005D6C11A5A72D07EBBD520B8372988E1408C50A
        SHA-512:FE0273008E09BFBFDF86D239D1F18AF24FA7527614D65BFAE985D588056291582D7DEE99F718F3C733CF8E4522D0365C99EE11CCDD3335BBDE9B431379C64152
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.3408188227644229
        Encrypted:false
        SSDEEP:24:7+tNAD1RZKHs/Ds/SpaMPzJwtNBwtNbRZ6bRZWf1RZK8GfqLBx/XYKQvGJF7ursa:7MNGgOVptzutYtp6PMQfqll2GL7msa
        MD5:2C28937B9FB2BF93CC661979149FCFB6
        SHA1:DDEB9CC0D7185FD7A3FEF8DE21534162771CF9CF
        SHA-256:20DA2013DAA08FB859F43F0EC8FD1256F2564C5E481F7B957A8E0B1078211CAF
        SHA-512:169FE065A38261151073452612F54A1A0AEAE181546E39A0E13D92232E407711006EA00FDD7C8013B02FBB7F900B6B80AECC64BC370CFE1EFAF4A15B2AFB244C
        Malicious:false
        Preview:.... .c........x......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MSI98b93.LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.518261198325562
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8jfl:Qw946cPbiOxDlbYnuRKwl
        MD5:82E17035BBB9B164E99B9E80DA6BD4E8
        SHA1:F93C1CA058840BC138BC3DCDFC12BFD6ABB35244
        SHA-256:D19A885C982998B553943C14859D9171124B71D88FD1877CD4934001C1F1BFD1
        SHA-512:D481150D35112D7F06D7C8C0E4E652C642D8BFF10E3B412B40548E8E06A84E7EBF580855BEDC6160628C0F03979A297E218F703D78EBD50B7A67B6EC3BB8CBC2
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.1.0./.2.0.2.4. . .0.4.:.5.5.:.2.8. .=.=.=.....

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 04-55-22-456.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.376360055978702
        Encrypted:false
        SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
        MD5:1336667A75083BF81E2632FABAA88B67
        SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
        SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
        SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
        Malicious:false
        Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15114
        Entropy (8bit):5.318340487054538
        Encrypted:false
        SSDEEP:384:IthkZ14CQcfUJHmhM59KtPKn/YLStJNn9c6cMaw8qQdn+pTjp19r9VCZCbOycO6N:frB
        MD5:6903342B67A2ED516F9C2389BB37FF48
        SHA1:2CE261A407DF4B2D9EC705974B148B5FD5D6B4C5
        SHA-256:5C6C43859866FC2EE8BC1D346AC5C263EE511C0B6F5E7700D2372ABBBDA92B1F
        SHA-512:702527E3C016F6ACC18D67B1C314E50CA7C946362C2AFB4B795862CAFE750469C19F50F3B6A25DD1DB55750631F877813993A3E56FDE4E07BEDBA0535A5D173F
        Malicious:false
        Preview:SessionID=84aee608-a839-4601-9961-a52d418b44b2.1729846522466 Timestamp=2024-10-25T04:55:22:466-0400 ThreadID=4508 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=84aee608-a839-4601-9961-a52d418b44b2.1729846522466 Timestamp=2024-10-25T04:55:22:467-0400 ThreadID=4508 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=84aee608-a839-4601-9961-a52d418b44b2.1729846522466 Timestamp=2024-10-25T04:55:22:467-0400 ThreadID=4508 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=84aee608-a839-4601-9961-a52d418b44b2.1729846522466 Timestamp=2024-10-25T04:55:22:467-0400 ThreadID=4508 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=84aee608-a839-4601-9961-a52d418b44b2.1729846522466 Timestamp=2024-10-25T04:55:22:467-0400 ThreadID=4508 Component=ngl-lib_NglAppLib Description="SetConf

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29752
        Entropy (8bit):5.389919828527648
        Encrypted:false
        SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbj:n
        MD5:56B800B495D33DF9AAC8594655C154D0
        SHA1:C1BF400393842EC6E9C7BA3DCFE6BA211973E236
        SHA-256:B2443C40260EF2F47B7882AB1B6C4C5528F319CF8C99EBC4E64FF04981002A6D
        SHA-512:D5E4DF9566C76638D82874E41826BED85ACC555DA1AEF8F4B10EA3CEB2752696E1FDEFA0103886E8EE55E59A7434D4972CC775AD8160B72B7E2B8089FE8F17DF
        Malicious:false
        Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

        C:\Users\user\AppData\Local\Temp\acrocef_low\2006c744-3882-4549-8bb4-41c0f21ab3ab.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
        MD5:18E3D04537AF72FDBEB3760B2D10C80E
        SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
        SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
        SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\36f30b3a-e515-4715-87c4-c1ef1db112f0.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

        C:\Users\user\AppData\Local\Temp\acrocef_low\7551ef95-f852-4df3-a64c-141f841856e1.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
        MD5:716C2C392DCD15C95BBD760EEBABFCD0
        SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
        SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
        SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\92d963b3-e386-4292-b838-0e3af5acd7ed.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

        Static File Info

        General

        File type:PDF document, version 1.7, 1 pages
        Entropy (8bit):7.983630108643305
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:Herinnering (5)_20241017163011148.pdf
        File size:59'610 bytes
        MD5:b6e2cc2ba1e583099cc943fa5a23216c
        SHA1:72a909151acd4253dce5d818b5829123b4c7e6fe
        SHA256:171137ccd4a23a564074e583bcd77f04cadab38b406f84239c7b3e973a1e6c0e
        SHA512:525f184a6bff5528b0be4d47035c70a50a11a6190b1415bcf2fe77ed3e1467f981cab458bf21d25e42f5d0a2e066c977421055edde42ceb11b0909b24057d31d
        SSDEEP:768:h6O2oSjZs0SB6LbI2CUaWW8cA7rOUp6LMa0cdysq6X4y8bXdYrIXvQx19bk5IFjj:0bI2CCDm0cfnX4y8bNYrIfQnS3rVSxNV
        TLSH:5743F185770EA8ACD0939AC7FF820A567A0CC327754AD9F2271CDED3C311F9382955A9
        File Content Preview:%PDF-1.7..4 0 obj..<</Type /Page/Parent 3 0 R/Contents 5 0 R/MediaBox [0 0 595.29998779 841.90002441]/Resources<</Font<</FAAAAI 8 0 R/FAAABB 11 0 R>>/XObject<</X1 6 0 R>>>>/Group <</Type/Group/S/Transparency/CS/DeviceRGB>>>>..endobj..5 0 obj..<</Length 13

        File Icon

        Icon Hash:62cc8caeb29e8ae0

        Static PDF Info

        General

        Header:%PDF-1.7
        Total Entropy:7.983630
        Total Bytes:59610
        Stream Entropy:7.995680
        Stream Bytes:56971
        Entropy outside Streams:5.251164
        Bytes outside Streams:2639
        Number of EOF found:1
        Bytes after EOF:

        Keywords Statistics

        NameCount
        obj19
        endobj19
        stream5
        endstream5
        xref0
        trailer0
        startxref1
        /Page1
        /Encrypt0
        /ObjStm0
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0

        Image Streams

        IDDHASHMD5Preview
        66426d2d2d2de2ce52bc9ffb8a114d372755416376452a65b

        Network Behavior

        Network Port Distribution

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Oct 25, 2024 10:55:33.878273964 CEST6375553192.168.2.51.1.1.1
        Oct 25, 2024 10:55:52.582511902 CEST5358330162.159.36.2192.168.2.5
        Oct 25, 2024 10:55:53.203979015 CEST5947653192.168.2.51.1.1.1
        Oct 25, 2024 10:55:53.212527990 CEST53594761.1.1.1192.168.2.5

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Oct 25, 2024 10:55:33.878273964 CEST192.168.2.51.1.1.10x30e4Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
        Oct 25, 2024 10:55:53.203979015 CEST192.168.2.51.1.1.10x2916Standard query (0)241.42.69.40.in-addr.arpaPTR (Pointer record)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Oct 25, 2024 10:55:33.886595011 CEST1.1.1.1192.168.2.50x30e4No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
        Oct 25, 2024 10:55:34.294745922 CEST1.1.1.1192.168.2.50x49b3No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
        Oct 25, 2024 10:55:34.294745922 CEST1.1.1.1192.168.2.50x49b3No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
        Oct 25, 2024 10:55:53.212527990 CEST1.1.1.1192.168.2.50x2916Name error (3)241.42.69.40.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:04:55:19
        Start date:25/10/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Herinnering (5)_20241017163011148.pdf"
        Imagebase:0x7ff686a00000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        General

        Target ID:2
        Start time:04:55:19
        Start date:25/10/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff6413e0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        General

        Target ID:4
        Start time:04:55:20
        Start date:25/10/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1732,i,17151241865359330168,7598862305262395057,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff6413e0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Disassembly

        No disassembly