Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdf

Overview

General Information

Sample name:CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdf
Analysis ID:1545596
MD5:9ebea89f3d1a93fd3ee90b3f4c860d36
SHA1:2523ad7b01c2b16d9fbb6e2f1e14043ee83d1272
SHA256:52833138f08afa8ba5512127806d2b7b89d0d13ebd80e67c656b9f016dfaaf67
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6952 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7152 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6552 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2220 --field-trial-handle=1576,i,2527262263396610559,4175806813873224483,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: 06130fff-273c-4118-a880-ec7cb786c49b.tmp.3.dr, 669d5ca7-f5a3-4949-a591-d1a315b8512c.tmp.3.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: classification engineClassification label: clean0.winPDF@16/48@1/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6960Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-30 12-53-01-341.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2220 --field-trial-handle=1576,i,2527262263396610559,4175806813873224483,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2220 --field-trial-handle=1576,i,2527262263396610559,4175806813873224483,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdfInitial sample: PDF keyword /JS count = 0
Source: CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdfInitial sample: PDF keyword /Page count = 10
Source: CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdfInitial sample: PDF keyword stream count = 57
Source: CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdfInitial sample: PDF keyword obj count = 71
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1545596 Sample: CP01 - DESORMEAUX - LOT 07 ... Startdate: 30/10/2024 Architecture: WINDOWS Score: 0 13 x1.i.lencr.org 2->13 7 Acrobat.exe 20 66 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 6 9->11         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://chrome.cloudflare-dns.com0%URL Reputationsafe
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://chrome.cloudflare-dns.com06130fff-273c-4118-a880-ec7cb786c49b.tmp.3.dr, 669d5ca7-f5a3-4949-a591-d1a315b8512c.tmp.3.drfalse
    • URL Reputation: safe
    		unknown
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1545596
    Start date and time:2024-10-30 17:52:23 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 3m 49s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:15
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdf
    Detection:CLEAN
    Classification:clean0.winPDF@16/48@1/0
    Cookbook Comments:
    • Found application associated with file extension: .pdf

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.202.204.11, 52.5.13.197, 54.227.187.23, 23.22.254.206, 172.64.41.3, 162.159.61.3, 2.23.197.184, 23.32.184.135, 199.232.210.172, 2.19.126.142, 2.19.126.149, 88.221.110.91, 2.16.100.168
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ssl.adobe.com.edgekey.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    12:53:12API Interceptor2x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):290
    Entropy (8bit):5.232010262699232
    Encrypted:false
    SSDEEP:6:6NnNyq2PRN2nKuAl9OmbnIFUt8vN1r1Zmw+vN19RkwORN2nKuAl9OmbjLJ:6OvaHAahFUt8vf1/+vv5JHAaSJ
    MD5:12ABE29C8017C5839E26F248A2C459EB
    SHA1:807A2F9382E5ABA76BBE1BEABFB71CEDBA0AA10A
    SHA-256:967E8961C6705B8F1B4947F9D4215EB16497B2F680659290B3B6ADA3BE9BC9B4
    SHA-512:7C814400DB7A653B13C5BB657899CEDC74D57A489867D31B0D5C33BB269B0B98EA4755B602CF229091421C573BA92173F0CD1F7B8330955A219089DDFF7405C7
    Malicious:false
    Reputation:low
    Preview:2024/10/30-12:52:59.899 1874 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/30-12:52:59.901 1874 Recovering log #3.2024/10/30-12:52:59.901 1874 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):290
    Entropy (8bit):5.232010262699232
    Encrypted:false
    SSDEEP:6:6NnNyq2PRN2nKuAl9OmbnIFUt8vN1r1Zmw+vN19RkwORN2nKuAl9OmbjLJ:6OvaHAahFUt8vf1/+vv5JHAaSJ
    MD5:12ABE29C8017C5839E26F248A2C459EB
    SHA1:807A2F9382E5ABA76BBE1BEABFB71CEDBA0AA10A
    SHA-256:967E8961C6705B8F1B4947F9D4215EB16497B2F680659290B3B6ADA3BE9BC9B4
    SHA-512:7C814400DB7A653B13C5BB657899CEDC74D57A489867D31B0D5C33BB269B0B98EA4755B602CF229091421C573BA92173F0CD1F7B8330955A219089DDFF7405C7
    Malicious:false
    Reputation:low
    Preview:2024/10/30-12:52:59.899 1874 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/30-12:52:59.901 1874 Recovering log #3.2024/10/30-12:52:59.901 1874 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):334
    Entropy (8bit):5.1831808485961695
    Encrypted:false
    SSDEEP:6:6NAQWM+q2PRN2nKuAl9Ombzo2jMGIFUt8vNM+pG1Zmw+vNw7SQWMVkwORN2nKuAv:66Q+vaHAa8uFUt8vnG1/+vm2QV5JHAaU
    MD5:2AF3088BFE98401E09D02DBF60EAB19D
    SHA1:31E1609028ABA7B7512A781F6635634DACDE50C7
    SHA-256:84588FD434E115B70832DDEF68D1BB47CA4C495CE7A26A5C51E5A60EDCB5E228
    SHA-512:0B2633A405D4EAC02BF8DE1CC86B1B98F4BCA062B7A728FF8A8D2E7A83492FD627753A84F978D8C1B99E3016D75FCD3E066C81AC0B2A3EDE90BC80A8BE3DC2C8
    Malicious:false
    Reputation:low
    Preview:2024/10/30-12:52:59.774 19ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/30-12:52:59.779 19ac Recovering log #3.2024/10/30-12:52:59.780 19ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):334
    Entropy (8bit):5.1831808485961695
    Encrypted:false
    SSDEEP:6:6NAQWM+q2PRN2nKuAl9Ombzo2jMGIFUt8vNM+pG1Zmw+vNw7SQWMVkwORN2nKuAv:66Q+vaHAa8uFUt8vnG1/+vm2QV5JHAaU
    MD5:2AF3088BFE98401E09D02DBF60EAB19D
    SHA1:31E1609028ABA7B7512A781F6635634DACDE50C7
    SHA-256:84588FD434E115B70832DDEF68D1BB47CA4C495CE7A26A5C51E5A60EDCB5E228
    SHA-512:0B2633A405D4EAC02BF8DE1CC86B1B98F4BCA062B7A728FF8A8D2E7A83492FD627753A84F978D8C1B99E3016D75FCD3E066C81AC0B2A3EDE90BC80A8BE3DC2C8
    Malicious:false
    Reputation:low
    Preview:2024/10/30-12:52:59.774 19ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/30-12:52:59.779 19ac Recovering log #3.2024/10/30-12:52:59.780 19ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\06130fff-273c-4118-a880-ec7cb786c49b.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):403
    Entropy (8bit):4.978545816629669
    Encrypted:false
    SSDEEP:12:YHO8sqffhsBdOg2Hp8fcaq3QYiubrP7E4T3y:YXsrdMHpL3QYhbz7nby
    MD5:CB1D589CD719E0CEE650D5C557DB7017
    SHA1:044F0DE3FD8CEBCCC204811C141B9ECE6A40C1F3
    SHA-256:D83911F1E2F936F88E46382FE4F2107C7D028FBA565350E92FE743C43D4DD6D7
    SHA-512:6DB811F8A70E143D1679E438C10CFB5EB43FEDF71029A682686A580F637CAB7DA232C8846586903D65687F715A8878062DC80B90335021F1FD1BF95834DFFDC7
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374867185587884","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":236672},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\669d5ca7-f5a3-4949-a591-d1a315b8512c.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5f0dbd.TMP (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4099
    Entropy (8bit):5.2261326142083195
    Encrypted:false
    SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xezkOp:OLT0bTIeYa51Ogu/0OZARBT8kN88zkOp
    MD5:54677B97799661E6E7615BE712A2FBB4
    SHA1:91696138240AA2603BF5629469F08F1FBDF84519
    SHA-256:0FF49D1E174897794F4ED14271ED27EA2CC6F3031D4F6A49D32025FA3290591A
    SHA-512:544D42F27195577874491ED70DD26FD6064C133C453721802ECF17738F5F2BBC7C6278E2E271BB834413E4D472263AE9E5F36988B5CE4DD28CC2C61F8FD9DE72
    Malicious:false
    Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):322
    Entropy (8bit):5.15940648162678
    Encrypted:false
    SSDEEP:6:6NZpQWM+q2PRN2nKuAl9OmbzNMxIFUt8vNKfG1Zmw+vNIQWMVkwORN2nKuAl9Omk:6BQ+vaHAa8jFUt8vEfG1/+vuQV5JHAab
    MD5:7E89E187C537D1471FBC68A7F53A63CB
    SHA1:2C61B4DCD22AA2F600C7A4ADC4626A8943638FE8
    SHA-256:33C562A48AE8CBF51E538FE6D3D9832010811D44827D7E694F82EE6A6F131E48
    SHA-512:EB2D999345271FEB2D25AE25510A3F3E960EC5E34DAB0F9F7FBA1F97617BB6CAB8E3B0AEFEDA82C03F78920898BD35694D09BEAF37580420D8F4F8B010B54802
    Malicious:false
    Preview:2024/10/30-12:52:59.939 19ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/30-12:52:59.941 19ac Recovering log #3.2024/10/30-12:52:59.943 19ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):322
    Entropy (8bit):5.15940648162678
    Encrypted:false
    SSDEEP:6:6NZpQWM+q2PRN2nKuAl9OmbzNMxIFUt8vNKfG1Zmw+vNIQWMVkwORN2nKuAl9Omk:6BQ+vaHAa8jFUt8vEfG1/+vuQV5JHAab
    MD5:7E89E187C537D1471FBC68A7F53A63CB
    SHA1:2C61B4DCD22AA2F600C7A4ADC4626A8943638FE8
    SHA-256:33C562A48AE8CBF51E538FE6D3D9832010811D44827D7E694F82EE6A6F131E48
    SHA-512:EB2D999345271FEB2D25AE25510A3F3E960EC5E34DAB0F9F7FBA1F97617BB6CAB8E3B0AEFEDA82C03F78920898BD35694D09BEAF37580420D8F4F8B010B54802
    Malicious:false
    Preview:2024/10/30-12:52:59.939 19ac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/30-12:52:59.941 19ac Recovering log #3.2024/10/30-12:52:59.943 19ac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241030165303Z-157.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
    Category:dropped
    Size (bytes):65110
    Entropy (8bit):3.135501518668653
    Encrypted:false
    SSDEEP:384:mZWEUVIRIb/343ucfVlamCvjIe9IhPh0Y9v9iOk7KaOdIzhAqfrFWF:maVwO+fHaJRqh0av9ilOCzjoF
    MD5:D16EC6EC86564355EBFE03EE0D83A32F
    SHA1:08B07EF5B8090B6262D7125206BB6C06729304F6
    SHA-256:3D3D97A7919C81DE94D875304043A6B340A43F63B1B05AC3A29699B8C94621A3
    SHA-512:828D0870EF1714903F12E216EF347EFBE40558CDFE3B694F859E67D90F4B603071DE62A2AD132DA6BB1B726701452AC4879BF17342B0ECE35B3DF18D8F957113
    Malicious:false
    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
    Category:dropped
    Size (bytes):57344
    Entropy (8bit):3.291927920232006
    Encrypted:false
    SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):16928
    Entropy (8bit):1.2135219994498305
    Encrypted:false
    SSDEEP:24:7+tyFqMqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzmd:7MyIMqLmFTIF3XmHjBoGGR+jMz+Lh/k8
    MD5:D9041BD2D8D0684A9DC3A71D49B2572C
    SHA1:32E5A79B8199BFABBD15B81680B69BA3D3F28688
    SHA-256:04E527416AD97405283470471AAE5E2343FE481CE2F699E38B0D84D4556668BB
    SHA-512:9499C174C4B554A2EF8C09130B8CD8C4921034F5F38C81E484F5BB99A894FF294BB49E074AD099FB043B9C9CF5A3D73EE82D94D9D300FF443CFF2546913FFB4B
    Malicious:false
    Preview:.... .c.....Qhs.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1391
    Entropy (8bit):7.705940075877404
    Encrypted:false
    SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
    Malicious:false
    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
    Category:dropped
    Size (bytes):71954
    Entropy (8bit):7.996617769952133
    Encrypted:true
    SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
    Malicious:false
    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):192
    Entropy (8bit):2.7425532007658724
    Encrypted:false
    SSDEEP:3:kkFkl+jfBhfllXlE/HT8kuzl1NNX8RolJuRdxLlGB9lQRYwpDdt:kKnjfB6T8pl7NMa8RdWBwRd
    MD5:20E448DF7871CF745F85A099A738E1EF
    SHA1:84582828EF6291FA1E462B54765EF750021164FB
    SHA-256:8DD4315B358099EE8C71BA9FC54AAB376597FCD364292B2F8D20C5543F945655
    SHA-512:5B29905C3EB8E6313EF32EE0686506616E08119AC87A2688DAFCD3797095B707A50E76783AA0C39AB8C918490EF1D808854A20A53C66207F1183FF7D5F2ABB80
    Malicious:false
    Preview:p...... ...........4.*..(....................................................... ..........W....e...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:modified
    Size (bytes):328
    Entropy (8bit):3.2380042315897657
    Encrypted:false
    SSDEEP:6:kKbJD9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:jJaDImsLNkPlE99SNxAhUe/3
    MD5:45F290681D92C5419EF1A7ED7892B3E8
    SHA1:F08C7211D874AC03516F40C9C9107D13CC59C2BA
    SHA-256:FDB15B5AF88BB3A6109FC01F02B922A109C72D9C0A1F126F105732091D3CEDD0
    SHA-512:64F8D1011E416D076886F91FCB975A7348A528FFF02BFC299791922C8B9C891D0D7972B9DDDF7D2DD8470D0CA53F2893FFAC067C2CF585C259189C61E2B0382D
    Malicious:false
    Preview:p...... ..........bG.*..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6960

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.37604935109242
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfIiIRuBt5IRR4UhUR0YChoAvJM3g98kUwPeUkwRe9:YvXKXuY3WRuUhUOeGMbLUkee9
    MD5:C4ACEFFCFEA733A9E587234C9A40D90D
    SHA1:652A39036B51170EB1D410A46DF48E0A234FB5F2
    SHA-256:F1F8B074539F1FEF744296F386032782FFE09FB706B7FB4F48125FE0851C5447
    SHA-512:E46D48827E10C3BA5207E323143AE3A8736F21A30B48B4A0BA235EFFC11D945FA0DBA62ADEA77A9E27D584D23BE4F4B0EC4CA533ED6350AA5553016FA5393590
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.326930359733468
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfIiIRuBt5IRR4UhUR0YChoAvJfBoTfXpnrPeUkwRe9:YvXKXuY3WRuUhUOeGWTfXcUkee9
    MD5:6BA77011C799CE126586C90741D7D31C
    SHA1:0F00193C1CDC97FD6CBD634D1580F969AA9BC479
    SHA-256:FA73D9D3D050433C28446DD3EBFAA8FA0195780F160CCF7B05F5865F2F22CFFD
    SHA-512:667D2AD822AC949C593300AE0259A9EDF809AC63C252EDC13DF175B06520BB7A0DBEF473AE1292A20E27D53ED9659D8A2BB4F92705DBED988FB2DC74C4383399
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.305925395128544
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfIiIRuBt5IRR4UhUR0YChoAvJfBD2G6UpnrPeUkwRe9:YvXKXuY3WRuUhUOeGR22cUkee9
    MD5:94CEB9E2F3BB26D28FBEA4DEFCD7A4C7
    SHA1:A83F1B1B369E1574D6665D2A960B244861FE1E7A
    SHA-256:88C3A8DA796B3C2C4C33A30A17343B9554500F47998A8D8D8D4454A1432B1CB5
    SHA-512:F438443ECE0B3C3E91F15047E8F8FF8B0B6F502B3168EDAB4DF9784EDF0186E2E2A8AC70B3C1D8F67B59F05B1498C319AB783DEE598888F6B41500018FF5449D
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.3648746614044756
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfIiIRuBt5IRR4UhUR0YChoAvJfPmwrPeUkwRe9:YvXKXuY3WRuUhUOeGH56Ukee9
    MD5:8703C35EBAD8263665D1C96A8FE6271F
    SHA1:F7B27A86DC9F930C57FF2A6FADD3E9ABA22A9160
    SHA-256:3CD628B0B9C1C5344E01B04ACA186B954D3BA037FBC6D364932EF6364A93B58B
    SHA-512:796C95CFAC7A3362D5B8C6207B8B7F3EA7727028F58A08A896EDB42BA05E423CDFAFBFD8EAB3F1FCA0DF26578F7FC75EE1919F8507318078081BF7DEB917536D
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1055
    Entropy (8bit):5.66245185214663
    Encrypted:false
    SSDEEP:24:Yv6XYUOrpLgEscLf7nnl0RCmK8czOCCSb:YvTUChgGzaAh8cv/b
    MD5:D5E8DE44D189E3DD4157D5CAD296A4B1
    SHA1:A6CCCD3925971217DB73C2B4172C2EAEE813A1B2
    SHA-256:94E706A76E83D225FF915C3619EF504082DBEAA6B9B7BD6CC3ADE0F76F9C7F49
    SHA-512:7E3194CB38E983680EFFD2E59C9B6588DAA09D7D6946D662B1A27D5F693F9C9A0FC56FF5503DBC868F60E7FB84D10D79C0DB1CE08BD8D95B98EAAA5ABE8FB20D
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1050
    Entropy (8bit):5.651072134675933
    Encrypted:false
    SSDEEP:24:Yv6XYUOHVLgEF0c7sbnl0RCmK8czOCYHflEpwiV6:YvTUkFg6sGAh8cvYHWpwb
    MD5:D6AA25F7BE95C457CCEF8F9373D9BA62
    SHA1:A1089087DF4CEDDA8F0884179F0A7AEF656C7E61
    SHA-256:386A4C3E8BB82CAE2E80B478BA2EFD7411FA2AD07A7BCF8CD5B7978187BC6B8B
    SHA-512:ABAC4F22853043C9290156434BBD7168DD78B3B91925B27DAA4DE3098B5F2E391CC81EFC4FC9F34FF11ADC7960C37252AE9AE770670DE6ADB00D9C10EEA1D519
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.312243032904567
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfIiIRuBt5IRR4UhUR0YChoAvJfQ1rPeUkwRe9:YvXKXuY3WRuUhUOeGY16Ukee9
    MD5:9FFC2017155CBF6BE236BED4AD030723
    SHA1:E3DCE17D52C8CC8396E6AD8B403235DA2593136F
    SHA-256:81CEF5E5D94E1730597FF295A5C2C325E841B4B598598B84F312AF867E4EA14D
    SHA-512:F7704003C6625E28765A10FFA93B9803FB634F61251D044FA81F8B43EC54111E425BB369AEBA7F9A205866801218CE39EFD59EAFC409912F3E051F36262FB9C3
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1038
    Entropy (8bit):5.643776453737057
    Encrypted:false
    SSDEEP:24:Yv6XYUO22LgEF7cciAXs0nl0RCmK8czOCAPtciB6:YvTUJogc8hAh8cvAs
    MD5:E3014F58E1420D1E5ABAF93967850F14
    SHA1:617269E5BB52A27CA6DA400631EBE8EC9110EFA6
    SHA-256:66375265F4B4E76BCDC223DA87BAB3D89553F8C6D994612F7333FD25F0D3D581
    SHA-512:F8C305A0F88D536485C3EC29C9280DB20081592728A6D8F39ECC3276AED19E8A311A0AC17E49BDE8226FC6CC07098BCC114BA8479F83C6196CBEE7618168DE38
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):5.697757889390871
    Encrypted:false
    SSDEEP:24:Yv6XYUOaKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK56:YvTUZEgqprtrS5OZjSlwTmAfSKI
    MD5:602400C158C50113D6C3DA6FD888127C
    SHA1:5F50834B0A629A97DD69EE52C76BD62E9B2BCF6F
    SHA-256:F1373A96EB327452F0CF98A4D40F9349A16804CF1AC3B81DC69D2768F903FE07
    SHA-512:D2270989DEC256E911CBE44B3C70013B0C4E5536F75E3FE7D67E545D85626956804CAD56C7AF5C0379813C8D6502D97642564BD84CE9E555EEB51D42BFD9F467
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.3161262356770465
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfIiIRuBt5IRR4UhUR0YChoAvJfYdPeUkwRe9:YvXKXuY3WRuUhUOeGg8Ukee9
    MD5:1309039C26B05BBC2DBB4BE7CC477684
    SHA1:1D853EA9E8AFB714F9F9215A78AA12B79B64DBAF
    SHA-256:222F97BE27052E635FEBC3FCDC70BDF653FA6B284437C6DB50C96BA092BE7E85
    SHA-512:4CB1150ED94316EEF6A3DBD67AC2F85916D20588CF39BBD7B877A369DCF0D2444F81E60E2D26763F6CF912DD1C483FECF1ACC36DB616BE7F91ABBD87291AECF0
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.7767886551218455
    Encrypted:false
    SSDEEP:24:Yv6XYUOJrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNi:YvTU0HgDv3W2aYQfgB5OUupHrQ9FJI
    MD5:12A5CF0A0FFA1483C636F1A9FA805880
    SHA1:08D89007C0B9FD4DA6AFF8F88655FD860935FB82
    SHA-256:EDE2FD163177F8D78FDE84C93939CD1C5FC367D8655F749151B563C49DCC5477
    SHA-512:95F596EFF883810D0522855C085A20582A813D2048B52253709F29B812EF6CA576AC422F8EEACA9C75F88709C650958E8EABFEC40AAF8D2EBDEE239B733F6157
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.299562500116015
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfIiIRuBt5IRR4UhUR0YChoAvJfbPtdPeUkwRe9:YvXKXuY3WRuUhUOeGDV8Ukee9
    MD5:8D8E360AC75A88D663311021664EA054
    SHA1:DDC744F1A5BB3CE31ECC53DEE54B539C2EC3038C
    SHA-256:33A14154835C1A42BE69B35FA8CAAB381D251E05741D1C2F77B0343BCB10A661
    SHA-512:501685A741226B4360FFE54FD385FAFBA66151540FAB962AEF5962D2ACBF3BD5AED48C2B9ED4598C85A3E5032D3BE63E2C3A00D567CDB4D652DAB10652354C8E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.30251728152309
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfIiIRuBt5IRR4UhUR0YChoAvJf21rPeUkwRe9:YvXKXuY3WRuUhUOeG+16Ukee9
    MD5:3BA77585E23DED92FC4A68C8470AE12F
    SHA1:5A911A3B8B597A813B1B1BBC2E8142034C5B2F17
    SHA-256:6670890F4CE71190783EF4FF1108F2974D5619A7195610530F9CB15C85B13F45
    SHA-512:08F6949D75C39A40261F5520715DF9FE9AF851C7BBAE990D7029C87734248E0DC52AEBBE647E656085AF5B5D7DBC88B977E6C0B45393F94B9A3F074D6409EA4D
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1026
    Entropy (8bit):5.632971700369441
    Encrypted:false
    SSDEEP:24:Yv6XYUOLamXayLgE7cMCBNaqnl0RCmK8czOC/BSb:YvTUgBgACBOAh8cvMb
    MD5:B3822C10BA564233617BF38B1D506099
    SHA1:0CAB653476842776BF69DC6926893A9FB4A440D5
    SHA-256:1F781F3E9BC196CA9294512B0999194F79C1D6C0410D472BC345577BF6EDA565
    SHA-512:172FB0426A16778A70375C73E4726F3CAE555380420EEDA6BCD264047AD7A9BF7ABB7F18AB4B450A34FDC40A5BC4D1EEFA3B6D09E6ACF05E91F7B793AB980512
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.276099101633492
    Encrypted:false
    SSDEEP:6:YEQXJ2HXfIiIRuBt5IRR4UhUR0YChoAvJfshHHrPeUkwRe9:YvXKXuY3WRuUhUOeGUUUkee9
    MD5:D58A89E24FC52CE08F6CC172376359B7
    SHA1:8DDEEA965483FC1DF396C52E97E061E4919B4B05
    SHA-256:CBA3D469DB21B4EBB7D0B9EE00F1D510D2B683B7824ABCA1B0E87D9E188AB57A
    SHA-512:0FFA4482602AAE8D47AF9267B9EF7A25025F15E2D77481DDA8A1B7AEA4DE4EC9FBF184734021191440293836BB387BF3EC5B0ACA2EB8CB60E39E3990F3114A25
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.370328251282206
    Encrypted:false
    SSDEEP:12:YvXKXuY3WRuUhUOeGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW2:Yv6XYUOo168CgEXX5kcIfANhb
    MD5:3A2A26FE54658FE7522C4E4A6F672B01
    SHA1:D1E49A5ACE3C04490CAD10C3805CC98575A8C431
    SHA-256:608A829CCAE14EA4B58CED408CD3F0E7E6521A26BB915550CBF702B35E8C87C8
    SHA-512:5ADE7164AA4D28F18780611623D868D15A9AC7DA56D1A52E0B31CB72475422664B2F75F488E36D77562BDD99261323C78333AB9E80E79B36076B6159F40D0534
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"36d1bd5c-3374-45de-877d-2d442645d97e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730485745607,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730307185668}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2818
    Entropy (8bit):5.131816624007859
    Encrypted:false
    SSDEEP:24:YVX1S3a2zayFu6HiC31kMpNLqJ4H+0j+zdvj0SA+5k42t2LSaRD5cF95RWfuOOG:YJ8wukMpNLZH/y77NgYRDWF93Y
    MD5:80E616DBC6DABF293C5B86CAF1B25F09
    SHA1:1C28ADBA76155E3FC88579F4C02C43A4A5309D41
    SHA-256:C3816CEEBF55773CF310F8DA909971F963E4087949149062DBE2518979DD81E9
    SHA-512:D8D3F7E5A26DA13C59E1184749D633FE06C71EDD6CD5E855433E2007954E4677FA56DD2FA1A36E839D467764C614E90745BDBEE234904E4C97CDE3755AAAF028
    Malicious:false
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"0e7ddd76468723b73870fd147760c6b5","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730307185000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"48b9016d523f68f09e6141880ab03c7f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730307185000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"2a0196bbfa489e48003a7bdf6a934efd","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730307185000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b921dc4818e647ef66864f0c019b98d8","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730307185000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"55d387e7d29fba65b85aec6851bf144a","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730307185000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"539a4ab5f75ea27f79c9c68ffeb44e5f","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"t

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):0.9875269437224581
    Encrypted:false
    SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6QebCIcLESiAieDCF:TVl2GL7ms67YXtrbRcI8PC
    MD5:881A9BD08513B6D3CF43C1204386F7F8
    SHA1:A61AF07CCC67AD2B020EEDA5F054AAFA6A4D06B9
    SHA-256:D6523D8C01B3E827FCEB05DCFE3CC71B9E9E4CD27A8C46A4525489FB564B4059
    SHA-512:68FCB2037309D388B5E314B97B3C3912F000CDDAFA679DFC610EB2E0D26C2C1C6FBB64B1F3427B971395399B7D5C6BCF3AB3B8F073D74537521D92229EBD02D9
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.3429024037345119
    Encrypted:false
    SSDEEP:24:7+tuASY9QmQ6QebC7cLESiAi0mY9QZfqLBx/XYKQvGJF7ursH:7MulYXtrbWcI8KY0fqll2GL7msH
    MD5:6CD83625DB4BE6CA2442D420202C6E07
    SHA1:B701DA25B5FAF1F4CEB3438C8ED2C5B7EA8425A7
    SHA-256:E87C1691BD930995273966C95AE4DCA293644746259943F49CA95B6A702E3FFA
    SHA-512:1D778E69AD5AB9E8E6C231ABCD0475921EC387293EAB0D2772DBFD775E7A7B50D4AE14DF3543E5AD6662729916D2E0CDCB8FDBDE94A9521B988EE3E84D2F8F2A
    Malicious:false
    Preview:.... .c.......n,......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSIdff0c.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5258803161342094
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K84Oq3ClHle:Qw946cPbiOxDlbYnuRK7ClQ
    MD5:A3A2F207D417A5B2B40E4827A9D5ADD8
    SHA1:D4524FB7245794607C77390A98E9A4BFD78E2CD2
    SHA-256:059BC7C5F2075D268B57B016AE262CE705BDA70583A0555CACB83B1A5076AAC2
    SHA-512:979CE5402BF661BB9FFEAA891C90C19E98D07175AF3B96E02EAE7358AE6A1FA25F5B70D6A18EBD9054EE18480F482A2D09CBA96E4205FEF83E94A331152FDE99
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.0./.1.0./.2.0.2.4. . .1.2.:.5.3.:.0.6. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-30 12-53-01-341.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.353642815103214
    Encrypted:false
    SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
    MD5:91F06491552FC977E9E8AF47786EE7C1
    SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
    SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
    SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
    Malicious:false
    Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):15114
    Entropy (8bit):5.337260027070406
    Encrypted:false
    SSDEEP:384:fF/zjzczb2H2gpqwpUptpFpaFpspOp4p88Hpupk8G80jfjXjGjbjaiY3YvYdfj5b:yyO
    MD5:139DD15B5708B95FC78AFC487826E240
    SHA1:6B543DE6D67E64B8860733F799EF23732DFDD3B4
    SHA-256:94EB32B75C4A6AE38414CDA60439DB28B8D81A55805BB95B379B39CAF49A41BE
    SHA-512:516E2444453CE9AC0BDD6B0285E6924B7ECC9A9D5888973B59BCB2C6AF6B222DDE822729065AF1105F987A869D5A8790D97BAE62534A1C2F1B23D48FEA6E8EC7
    Malicious:false
    Preview:SessionID=191d6401-22e4-4a7e-b3fb-c57d235bbb25.1730307181357 Timestamp=2024-10-30T12:53:01:357-0400 ThreadID=6616 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=191d6401-22e4-4a7e-b3fb-c57d235bbb25.1730307181357 Timestamp=2024-10-30T12:53:01:359-0400 ThreadID=6616 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=191d6401-22e4-4a7e-b3fb-c57d235bbb25.1730307181357 Timestamp=2024-10-30T12:53:01:359-0400 ThreadID=6616 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=191d6401-22e4-4a7e-b3fb-c57d235bbb25.1730307181357 Timestamp=2024-10-30T12:53:01:359-0400 ThreadID=6616 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=191d6401-22e4-4a7e-b3fb-c57d235bbb25.1730307181357 Timestamp=2024-10-30T12:53:01:361-0400 ThreadID=6616 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.415180344715852
    Encrypted:false
    SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbDcbX6IOocbJ:fhWlA/TV5jO3
    MD5:663A88733A8FFDC1F763A1FD0E717615
    SHA1:061E429A9B73362E1D76A8E816C033230505C35C
    SHA-256:2BFF1F993CFCCD20A01A86E6A5692DEE98E087A7E225A6B89CDC283482A5C29C
    SHA-512:3D077CD2CB0E5135DC84296ABAC267C3E303EBA964FA019095F48B5EC62BA1C335FAFE0947CD2F8EA4847D38D116E6D52CE49DE1F938D5295D092A7DB7762FC1
    Malicious:false
    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\aea9de07-e6c2-4b4d-8e4a-4146ea5aab2e.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/x0WL07oDGZswYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:J0WLxDGZswZGM3mlind9i4ufFXpAXkru
    MD5:1A39CAAE4C5F8AD2A98F0756FFCBA562
    SHA1:279F2B503A0B10E257674D31532B01EA7DE0473F
    SHA-256:57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95
    SHA-512:73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\db60578c-bfcc-4f57-9736-28437db22ced.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07tOWLaGZ4ZwYIGNPS:RB3mlind9i4ufFXpAXkrfUs0kWLaGZ48
    MD5:1D64D25345DD73F100517644279994E6
    SHA1:DE807F82098D469302955DCBE1A963CD6E887737
    SHA-256:0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
    SHA-512:C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\edde5c7b-4672-49e5-8e10-5a7889de4106.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    C:\Users\user\AppData\Local\Temp\acrocef_low\f2dc2bff-649b-4c55-950f-ca6beaefa4b0.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    Static File Info

    General

    File type:PDF document, version 1.4, 10 pages
    Entropy (8bit):7.963618351782483
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdf
    File size:709'651 bytes
    MD5:9ebea89f3d1a93fd3ee90b3f4c860d36
    SHA1:2523ad7b01c2b16d9fbb6e2f1e14043ee83d1272
    SHA256:52833138f08afa8ba5512127806d2b7b89d0d13ebd80e67c656b9f016dfaaf67
    SHA512:c3e9166e909564a2949ff39901cfe5a50fbab17decc7987ad9e93abb4a36bd65948599aad744e6b6788dc27060eac45c8f1647b9e92ceb1496367ecf637c6988
    SSDEEP:12288:zmFGZ35sBKqwYX4voxK+jwn0pFRCBTV8BvFOx3EKc0PG709l:+K3qbYUsn0pF28LOCQG7+l
    TLSH:B9E42365802D0454D6DF8040AB6A6D8BFADF3E648AFC75E150B8FD42127CF92E0A53F6
    File Content Preview:%PDF-1.4.%......1 0 obj.<< ./Creator (Canon iPR C165 PDF)./CreationDate (D:20240826164116+13'00')./Producer (\376\377\000A\000d\000o\000b\000e\000 \000P\000S\000L\000 \0001\000.\000\.3\000e\000 \000f\000o\000r\000 \000C\000a\000n\000o\000n\000\000).>> .e

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.4
    Total Entropy:7.963618
    Total Bytes:709651
    Stream Entropy:7.965813
    Stream Bytes:695836
    Entropy outside Streams:5.050008
    Bytes outside Streams:13815
    Number of EOF found:1
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj71
    endobj71
    stream57
    endstream57
    xref1
    trailer1
    startxref1
    /Page10
    /Encrypt0
    /ObjStm0
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Network Behavior

    Network Port Distribution

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Oct 30, 2024 17:53:12.070252895 CET6159653192.168.2.161.1.1.1
    Oct 30, 2024 17:53:12.994412899 CET53654121.1.1.1192.168.2.16

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Oct 30, 2024 17:53:12.070252895 CET192.168.2.161.1.1.10x6021Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Oct 30, 2024 17:53:12.078125954 CET1.1.1.1192.168.2.160x6021No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:12:52:57
    Start date:30/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CP01 - DESORMEAUX - LOT 07 - SAINT HILAIRE.pdf"
    Imagebase:0x7ff7f6040000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false

    General

    Target ID:2
    Start time:12:52:58
    Start date:30/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff658630000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false

    General

    Target ID:3
    Start time:12:52:59
    Start date:30/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2220 --field-trial-handle=1576,i,2527262263396610559,4175806813873224483,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff658630000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false

    Disassembly

    No disassembly