Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Rhenus Express_Bank scam.pdf

Overview

General Information

Sample name:Rhenus Express_Bank scam.pdf
Analysis ID:1560170
MD5:c23e360dec1b5cce7084fae6653fcf29
SHA1:82e3ee68dd0b38eccbb6abd9f7e69ef83088e4bd
SHA256:f93a499cc946d82f97ce6edd0f8135b8feaca01d1cbb039beaa42e2766f35cdf
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

  • System is w10x64
  • Acrobat.exe (PID: 3148 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Rhenus Express_Bank scam.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5720 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6200 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1576,i,3010195169711488959,2304735170993569971,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean0.winPDF@15/53@1/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-21 07-53-57-727.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Rhenus Express_Bank scam.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1576,i,3010195169711488959,2304735170993569971,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1576,i,3010195169711488959,2304735170993569971,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Rhenus Express_Bank scam.pdfInitial sample: PDF keyword /JS count = 0
Source: Rhenus Express_Bank scam.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A9i1tdi8_ntz11e_4d0.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A9i1tdi8_ntz11e_4d0.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: Rhenus Express_Bank scam.pdfInitial sample: PDF keyword stream count = 23
Source: Rhenus Express_Bank scam.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System1
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560170 Sample: Rhenus Express_Bank scam.pdf Startdate: 21/11/2024 Architecture: WINDOWS Score: 0 13 x1.i.lencr.org 2->13 15 bg.microsoft.map.fastly.net 2->15 7 Acrobat.exe 20 67 2->7         started        process3 process4 9 AcroCEF.exe 147 7->9         started        process5 11 AcroCEF.exe 4 9->11         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    high
    x1.i.lencr.org
    unknown
    unknownfalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
        high
        No contacted IP infos
        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1560170
        Start date and time:2024-11-21 13:53:02 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 6s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:9
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:Rhenus Express_Bank scam.pdf
        Detection:CLEAN
        Classification:clean0.winPDF@15/53@1/0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer
        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 184.28.88.176, 172.64.41.3, 162.159.61.3, 18.207.85.246, 34.193.227.236, 54.144.73.197, 107.22.247.231, 2.23.197.184, 199.232.210.172, 95.101.148.135, 2.19.126.143, 2.19.126.149
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
        • Report size exceeded maximum capacity and may have missing behavior information.
        • VT rate limit hit for: Rhenus Express_Bank scam.pdf
        TimeTypeDescription
        07:54:07API Interceptor2x Sleep call for process: AcroCEF.exe modified
        No context
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        bg.microsoft.map.fastly.netestimate Cost.pdfGet hashmaliciousUnknownBrowse
        • 199.232.214.172
        mLi58UzdI2.dllGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        1.e.msiGet hashmaliciousDanaBotBrowse
        • 199.232.214.172
        F2.exeGet hashmaliciousBlackMoonBrowse
        • 199.232.214.172
        test2.exeGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        file.exeGet hashmaliciousCredential FlusherBrowse
        • 199.232.214.172
        ibk0BQaWAo.exeGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        ibk0BQaWAo.exeGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        TS_F97A.dllGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        PWS5JoRGtk.exeGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        No context
        No context
        No context
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.188045711369942
        Encrypted:false
        SSDEEP:6:HEDQJ3Iq2P92nKuAl9OmbnIFUt8YEDQJYvZZmw+YEDQJYvzkwO92nKuAl9OmbjLJ:kMJ3Iv4HAahFUt8/MJ0/+/MJ05LHAaSJ
        MD5:2EAEB87FE02073A0207A5548A9A780A0
        SHA1:405889518303A27ED7561E67FA4EAD34A4EA9DA7
        SHA-256:E8E351399B834814337426EC27BDE88A60C8DED2508A110D0B656BEE1ED0A487
        SHA-512:9D8282CA7884326893CF84873DD750FBF08465D425F6F8E576AF89258A24D7B35DAB2424C2F96F4E896F564B2C23E63853C462945C2558C51B4374849396D95C
        Malicious:false
        Reputation:low
        Preview:2024/11/21-07:53:55.332 1a90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/21-07:53:55.335 1a90 Recovering log #3.2024/11/21-07:53:55.335 1a90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.188045711369942
        Encrypted:false
        SSDEEP:6:HEDQJ3Iq2P92nKuAl9OmbnIFUt8YEDQJYvZZmw+YEDQJYvzkwO92nKuAl9OmbjLJ:kMJ3Iv4HAahFUt8/MJ0/+/MJ05LHAaSJ
        MD5:2EAEB87FE02073A0207A5548A9A780A0
        SHA1:405889518303A27ED7561E67FA4EAD34A4EA9DA7
        SHA-256:E8E351399B834814337426EC27BDE88A60C8DED2508A110D0B656BEE1ED0A487
        SHA-512:9D8282CA7884326893CF84873DD750FBF08465D425F6F8E576AF89258A24D7B35DAB2424C2F96F4E896F564B2C23E63853C462945C2558C51B4374849396D95C
        Malicious:false
        Reputation:low
        Preview:2024/11/21-07:53:55.332 1a90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/21-07:53:55.335 1a90 Recovering log #3.2024/11/21-07:53:55.335 1a90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):338
        Entropy (8bit):5.223614393730339
        Encrypted:false
        SSDEEP:6:HEDQJdlVq2P92nKuAl9Ombzo2jMGIFUt8YEDQJCMQgZmw+YEDQJCMQIkwO92nKuA:kMJlv4HAa8uFUt8/MJCC/+/MJCu5LHAv
        MD5:18CF61920E8833C7C492F27EF827504E
        SHA1:8F7B05174083593211993B2F3F76B87FCC6983F9
        SHA-256:DCCF0BC499D652069116AE1A20F0E4E7E01ECEFC5F0D666AC2B1293101A51FD7
        SHA-512:D045D9F16AB9AE858C1051AB58070A3B1A4D4B5A032188BFAC09F8E3AA856F9CAECEB81AAD23B22CDDE44BFFAF9335ABA25F2AF3F43F0464C563DA88FB91E193
        Malicious:false
        Reputation:low
        Preview:2024/11/21-07:53:55.379 1064 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/21-07:53:55.381 1064 Recovering log #3.2024/11/21-07:53:55.381 1064 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):338
        Entropy (8bit):5.223614393730339
        Encrypted:false
        SSDEEP:6:HEDQJdlVq2P92nKuAl9Ombzo2jMGIFUt8YEDQJCMQgZmw+YEDQJCMQIkwO92nKuA:kMJlv4HAa8uFUt8/MJCC/+/MJCu5LHAv
        MD5:18CF61920E8833C7C492F27EF827504E
        SHA1:8F7B05174083593211993B2F3F76B87FCC6983F9
        SHA-256:DCCF0BC499D652069116AE1A20F0E4E7E01ECEFC5F0D666AC2B1293101A51FD7
        SHA-512:D045D9F16AB9AE858C1051AB58070A3B1A4D4B5A032188BFAC09F8E3AA856F9CAECEB81AAD23B22CDDE44BFFAF9335ABA25F2AF3F43F0464C563DA88FB91E193
        Malicious:false
        Reputation:low
        Preview:2024/11/21-07:53:55.379 1064 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/21-07:53:55.381 1064 Recovering log #3.2024/11/21-07:53:55.381 1064 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):508
        Entropy (8bit):5.047195090775108
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
        MD5:70321A46A77A3C2465E2F031754B3E06
        SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
        SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
        SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):508
        Entropy (8bit):5.047195090775108
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
        MD5:70321A46A77A3C2465E2F031754B3E06
        SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
        SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
        SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):508
        Entropy (8bit):5.047195090775108
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
        MD5:70321A46A77A3C2465E2F031754B3E06
        SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
        SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
        SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):508
        Entropy (8bit):5.048109251103277
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqg2sBdOg2HOcaq3QYiubxnP7E4TfF+:Y2sRdsvbdMHx3QYhbxP7np+
        MD5:E982CF0CE55D5A966CE115C1C8A742BB
        SHA1:C5552772D13C611F32BC1CCEA9ADAC9C93F672FC
        SHA-256:623DB761B553CAB136B8CA98C581519380158F6A9B0AE4686BF08C2CE1F01675
        SHA-512:58CD9DD6D12485C6C9F00D691A8D9F44C2A76AD9C2499585E9DB86D7B17508E2B71FFC5EFF6D877789BE8B5D4514360E8BA1F454BB2BB3BAC0E69CE2D11EFA0C
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376753645223273","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":659565},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4730
        Entropy (8bit):5.234847347473082
        Encrypted:false
        SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUrpVkzh4+VEz4Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLt
        MD5:8B04941A83DCF4DE92D1382527392337
        SHA1:D1987760D7389441C69791947DAE7C6531AACC3D
        SHA-256:FBB9075C9D064883A51F31428812BD24DC2717EBBCFEE5B5A2495FF18F2860CF
        SHA-512:621F734FB14AE1E9CF09E902C572F158467870B5220A9D289023101FEEF74215D370E379E8E304AEC80DF7ACAEF6A6C7436262AAD3F2A7BCA570507E99E85C1A
        Malicious:false
        Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):326
        Entropy (8bit):5.230419044927761
        Encrypted:false
        SSDEEP:6:HEDQuqVq2P92nKuAl9OmbzNMxIFUt8YEDQxqgZmw+YEDQBIkwO92nKuAl9OmbzNq:kMuWv4HAa8jFUt8/MV/+/MS5LHAa84J
        MD5:0ABCCA2962092E59E4C955DBB09EE490
        SHA1:A3B9E0BC81064D6E262F84C702E86B35DB48E852
        SHA-256:1511E6F31AFDF22BD376D9F739F0CAC6E44AA614934D70C3109B16B1EB1A2802
        SHA-512:F28FBE73FC5F4F39B9ACA3A550B1D369DEBD8A53F741A693FD07A8979E09B3C808FB9F0303F2C4E3A1833ED35F239A11BF74C8CC2C806CB87799F5CEDC1994C4
        Malicious:false
        Preview:2024/11/21-07:53:55.683 1064 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/21-07:53:55.684 1064 Recovering log #3.2024/11/21-07:53:55.685 1064 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):326
        Entropy (8bit):5.230419044927761
        Encrypted:false
        SSDEEP:6:HEDQuqVq2P92nKuAl9OmbzNMxIFUt8YEDQxqgZmw+YEDQBIkwO92nKuAl9OmbzNq:kMuWv4HAa8jFUt8/MV/+/MS5LHAa84J
        MD5:0ABCCA2962092E59E4C955DBB09EE490
        SHA1:A3B9E0BC81064D6E262F84C702E86B35DB48E852
        SHA-256:1511E6F31AFDF22BD376D9F739F0CAC6E44AA614934D70C3109B16B1EB1A2802
        SHA-512:F28FBE73FC5F4F39B9ACA3A550B1D369DEBD8A53F741A693FD07A8979E09B3C808FB9F0303F2C4E3A1833ED35F239A11BF74C8CC2C806CB87799F5CEDC1994C4
        Malicious:false
        Preview:2024/11/21-07:53:55.683 1064 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/21-07:53:55.684 1064 Recovering log #3.2024/11/21-07:53:55.685 1064 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):131072
        Entropy (8bit):0.013154474863312006
        Encrypted:false
        SSDEEP:3:ImtV9lyHPllllnUIghlPtCR/l2/l1u5oll/llAcnylsX+/l/Wwh/fX1:IiV9kvlll5ZgztCR68o/12sX+tuwh/
        MD5:B623A727CD94F2BB69F027CEC7746ABE
        SHA1:5DFE5B80B1C87F74CE3F16E1C2BCEB5D0F112029
        SHA-256:9ABFE0767F9AF078D11D27635673F1C5B939950AB450E6E73FEDB10782F9F309
        SHA-512:1F9CBBED18898002ABF5CDCAF8F6B35118D0ADEBD2B8A1F095675847F5F08D999F0C3E2FA379A2AE41251DAFC07015CC6F87D0EE003D1CFD1C07E097F4A7DB90
        Malicious:false
        Preview:VLnk.....?..........b2.A................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
        Category:dropped
        Size (bytes):65110
        Entropy (8bit):1.2574676864595749
        Encrypted:false
        SSDEEP:96:BRrfrEZ/Wp8zgMDrke/qViMZaa/f4ozfaNFVoa9N:BRrfAZ/W+z3Yu2x4oUFVdN
        MD5:292193BFC98935629D2E43C0CFA9E676
        SHA1:68B6D954642BBB3A0E26DC794A094EEB0CB46136
        SHA-256:3897D3D56156AD7D12165592189B3213FEB367DD2DB15D580DAA2B3D0CC1675E
        SHA-512:5DE8E296E8A49FAF158E453956066292E8222192112EC207172503981F2119EB5198AA320C05822F5F3C57038B52DFDF1A10F28BD3927A7A4EAE2DC3EBFB44DA
        Malicious:false
        Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):71954
        Entropy (8bit):7.996617769952133
        Encrypted:true
        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
        Malicious:false
        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.7673182398396405
        Encrypted:false
        SSDEEP:3:kkFklXP2ZhfllXlE/HT8kj7vNNX8RolJuRdxLlGB9lQRYwpDdt:kKN6T8k7VNMa8RdWBwRd
        MD5:5304D66053901DF850B2958310AF3A92
        SHA1:929F182E764E712FB010BB9037CC72CFB3EE945A
        SHA-256:74641D585FA58B25D56D37DBFA678E1AB71E974EDB17BDDFCF36A6A23CC84AA2
        SHA-512:54BDA8373689B34273D8329EA5E7DBB619A03DA0FB4228107F3ECEFBDAA5775D512E909E1BFC8F197AB136B0EEB14870221CD677C93C673837EB58727E2924B7
        Malicious:false
        Preview:p...... ........$..s.<..(....................................................... ..........W....j...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):328
        Entropy (8bit):3.2539954282295116
        Encrypted:false
        SSDEEP:6:kKLT9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:ODImsLNkPlE99SNxAhUe/3
        MD5:1439E88CF202305812661DE47964D2D5
        SHA1:95925FF3CA9C15A1A3FDC9D10EEA64E1679C2C85
        SHA-256:7F5D1A17443667E56858A75118166DE91118F667A362CEEE674F118ED1F5F5D5
        SHA-512:05EFDFB39A95DC85A8255163EC83DA4450BAC8FA4BF2D640115D53B23328F0BFC4BA93CAA4D112841641DCC412AC35C68482B7F62CAD11DCEE355EFDB4CEC88B
        Malicious:false
        Preview:p...... ........{....<..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):1233
        Entropy (8bit):5.233980037532449
        Encrypted:false
        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
        MD5:8BA9D8BEBA42C23A5DB405994B54903F
        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):1233
        Entropy (8bit):5.233980037532449
        Encrypted:false
        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
        MD5:8BA9D8BEBA42C23A5DB405994B54903F
        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):1233
        Entropy (8bit):5.233980037532449
        Encrypted:false
        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
        MD5:8BA9D8BEBA42C23A5DB405994B54903F
        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):10880
        Entropy (8bit):5.214360287289079
        Encrypted:false
        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
        MD5:B60EE534029885BD6DECA42D1263BDC0
        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):10880
        Entropy (8bit):5.214360287289079
        Encrypted:false
        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
        MD5:B60EE534029885BD6DECA42D1263BDC0
        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):227002
        Entropy (8bit):3.392780893644728
        Encrypted:false
        SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
        MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
        SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
        SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
        SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
        Malicious:false
        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.356743901232909
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJM3g98kUwPeUkwRe9:YvXKXKoYpW7NoVGMbLUkee9
        MD5:571D418386451A5431B51E525A0CC60C
        SHA1:08B6A5A202F762A9E3A8D5A71EE6F5C70FCD438D
        SHA-256:D044C2BF6DA92726561545A47BBD3B4D31B95622AF3D115EEDC60F85C75D2A3E
        SHA-512:49B45880A2B5A1D201D693E3DFBC06B87A070F7A38EB5656EAB0BFC94D84B6C134329CF2BB2FE2E7E1847D6869AE68F0D197DB97936F02F26AE72AAF5800F587
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.295305713261826
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfBoTfXpnrPeUkwRe9:YvXKXKoYpW7NoVGWTfXcUkee9
        MD5:35C2164E01BD4BAEBB521FC174EF58DF
        SHA1:B0989EED63ED0815E7D1DD9425AE57B34B9C72A7
        SHA-256:0DC3EB15A9F2999E71E028C0258D2C64460D08DF72FC14EC696A5CA4BB2AA267
        SHA-512:46C8191F19830B77568BED41C6640372776C69CF8843B688BF769F44814EC3A86118F915E3BFDC16BC68D08E4769AEEDAC644E98EFC474C3DDDC2649EBCF9C80
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.273444628007094
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfBD2G6UpnrPeUkwRe9:YvXKXKoYpW7NoVGR22cUkee9
        MD5:8AFDF397CB336973AA3D44417DB7EFA8
        SHA1:85D3C7985AF63E40B716ED6646D03D2BE331451F
        SHA-256:3037C22ED45FFF24ED392D696449FB963F2EE1301DC6AF23D3BCE0C7C3A47EB4
        SHA-512:ECD49D9B9A14060A0BD85BE9F8CBF95C303E4E6445B53F0728C9F9CCD533485EF9BA63A9EFCFC7A60A9EBDDACA6F1C032A4B46354D004E0F10B21F355DE10699
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.335404516252308
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfPmwrPeUkwRe9:YvXKXKoYpW7NoVGH56Ukee9
        MD5:958665B1B39A2CD70190C25168349124
        SHA1:736E1F4F67541E95EF7FA2F49C86F36CAFD60BE5
        SHA-256:16E11565627A2D3366C65E49C4DBBDD17BE1B4E31FE0E8EE5AB66323DCCAF9C6
        SHA-512:0B49550C8F9BDF752DD4CA497F49FA00A615149698D60EC50632BE3806455C046830B10B1736689EFFF7B664683D4B5C6AF84BAB0CD6A9E72ED8101E89473753
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1123
        Entropy (8bit):5.690082880020753
        Encrypted:false
        SSDEEP:24:Yv6X6iNFpLgE9cQx8LennAvzBvkn0RCmK8czOCCSC:YvaNFhgy6SAFv5Ah8cv/C
        MD5:DCC257BE707B847876638CC5473A42F6
        SHA1:BD94D2EC4D1CD74D1B9F0DC0A774D063E40715D1
        SHA-256:FC1AD272350DFB318511A2110162D74C57E5E3FC197BC74EA1387105E60758AF
        SHA-512:1D81289A35D8C340272F2EE311789BEBC582941E10A3870879798BE7D4ED2322B6C543BE4DE8D81CA0AE68745B742079EAB0021606D66ADAB1A8DC7203828ADE
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1122
        Entropy (8bit):5.678847985511578
        Encrypted:false
        SSDEEP:24:Yv6X6iNJVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBj:YvaNJFgSNycJUAh8cvYHE
        MD5:79825F56835EC5EEDCA8393447AC0D95
        SHA1:144661AC46C3CF3F1CCDB1523FBB80D354A90AC0
        SHA-256:F92662DB3D9A0D1E44531B9E0C6B87071204F64F9B305199C60D6E58EEB5F65D
        SHA-512:C5B135B86004E3C2B889B4D54E1DD9341A7E651ABF8C56F5CDF9EAF7A2A0DA11496F017B264706793501AC78AF0A2E3E7784BE5D4A5133520018670D55506CE7
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.283477555548577
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfQ1rPeUkwRe9:YvXKXKoYpW7NoVGY16Ukee9
        MD5:D6D002EA7417E94B02862AD6DBB32DFD
        SHA1:DC0EA54834877D9A6B19E1BE94CEAA4F15EF94AE
        SHA-256:0E8354B174C4C82DB9AF756BE5413DD727EF70386DC18AFD1AFC5E571C2B2115
        SHA-512:46C30C36F4F2A5DAAD8D3B271FB5098BFE9128FD13C797647D5B695C88EA6659D28D1CBB07B67D21BED5655244B6F0E9647FC4BC4FF15735628CD635EB631578
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1102
        Entropy (8bit):5.6725424198068755
        Encrypted:false
        SSDEEP:24:Yv6X6iN42LgErcXWl7y0nAvzIBcSJCBViVj:YvaN4ogH47yfkB5kVC
        MD5:BEC4F66900183D11690010A71B772B81
        SHA1:B587FF07BB8C7228AE5E6AE225176D4D0FE1ED68
        SHA-256:67A72E4A3ADB81FE983C539F70CE1A2AFFE784EE86B02EFDB5D9D0BBF4262AE9
        SHA-512:580D5610EE527D88E0ADDF129341F03C157D3B8114EA933C841AE58F55C78736380214C6E1C795977F38D34606980C64BEF911E1A52035BCE390C3D9706A7012
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1164
        Entropy (8bit):5.69734150897862
        Encrypted:false
        SSDEEP:24:Yv6X6iNwKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5j:YvaNwEgqprtrS5OZjSlwTmAfSKV
        MD5:D228E383BB0F3F52B672BE961092E662
        SHA1:F467D3D07F43C5061574BD0B51FA4E5E2C87CD18
        SHA-256:25ADFAA43B57B038FBBCA67A463F2C306590C86D5596A1EC1E132D3A014356A8
        SHA-512:E47342DD4847BF2F79958E187FD2F702ED3D7FF105BBEB6CB716681D566C38230EF7BA9583A698BEA60D83304976B81309A6CC9C150B11379275FBDB68CB4C60
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.291061364208064
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfYdPeUkwRe9:YvXKXKoYpW7NoVGg8Ukee9
        MD5:0071C0E4070084174C5A4A28267FEAF3
        SHA1:EF10BC569B99C34E8CBDE9591289A54438235548
        SHA-256:AEE7E6994174D9F58F76FFAFA7D2095DF6CFC252B61953AAEB5363610AC5D739
        SHA-512:9E68C841A42DC964C0B8AF2F03E555F694F87D3C6194AA5BDF323EAA5FC2848124AED16498F4683EEED5ED00F5DF22EBB7DB5E491B8BFB8F53F23235FE3A5842
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):284
        Entropy (8bit):5.27725335761013
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJf+dPeUkwRe9:YvXKXKoYpW7NoVG28Ukee9
        MD5:A55916B3C7BE863FA20849B1CE1D8AB0
        SHA1:67226B07AAFA7E726944A84B5A61ECCA22AF7CA9
        SHA-256:C9C0EDFF60BB499712424FF8AACE0606D6838E6AF8186948427F9628C3C5B6D3
        SHA-512:3DDB3054DFF2D6AD50EE7473DD74E4552D73E0F4E22BF7B2A230DE46A27DD82D1D8625F9399FC393F3CB462CB5244C0BA6E9BDF06FBD81C74400E54F7AB6B375
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.274669895804897
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfbPtdPeUkwRe9:YvXKXKoYpW7NoVGDV8Ukee9
        MD5:05596BAFF93F44510AE532210D28F11E
        SHA1:20942AA87E4840067E0EB75C7BDFAF74CAAC2B03
        SHA-256:2E51B11E15EA00FDEFC49B4B077AF3E852803F2751364AA63818952466ACB222
        SHA-512:4C4F1A93066010A4B0288339C6FE141E070F662C0DA10DA07AABDB943A1D2B0A82FBDE27F06C37EE1BF605EE0E2D0627378205ED273D96FF0E7A7887A106BFB2
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.2759050104093
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJf21rPeUkwRe9:YvXKXKoYpW7NoVG+16Ukee9
        MD5:0B70AF7D47C0F6379068103E28F5B616
        SHA1:D7BD4C2296B7CAB58CC2C540E3C506211A79FF07
        SHA-256:C14E80789F472FA9C61D738F70C32611E597981AD138BF5C75062B9096406CA2
        SHA-512:27B54627E7548C879587190B2A4204EB35B1068EC9675C5D38116B7B1BDC53AD2D29EC6DD7C5B77F16164927590BA870DE9543D1606A7FDAC94AE74A92DF1F35
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1090
        Entropy (8bit):5.662339188399296
        Encrypted:false
        SSDEEP:24:Yv6X6iNdamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSC:YvaNxBgkDMUJUAh8cvMC
        MD5:A8D752E5562A530EC7163BA150D42703
        SHA1:018497CD6516AB9B90B7C03BCD11BF5B89A4C690
        SHA-256:08A1E26D89B13149231099CB4EA6E1A1949D9DBBE5FE45BCE194C4EB17CA5EC3
        SHA-512:4C5C4C84A84AD9897118700F12DAA5F8B4BADC70B06668BFD6FDD3C3C6EBA70842CD7AA58BD5F06E6095714C57B7F7472986D8E645852EAED4262770A9B7AA0A
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.253093425173333
        Encrypted:false
        SSDEEP:6:YEQXJ2HXDn26br0+FIbRI6XVW7+0YI6DeoAvJfshHHrPeUkwRe9:YvXKXKoYpW7NoVGUUUkee9
        MD5:9AC75AB1B41E8083B327A69A603E2BDD
        SHA1:D7763EF736FB02C824303C06AA3EEF84BE082F04
        SHA-256:43E4888E54D9284DA3FB8E5FA75B9027BE720FDE97AB43C03EB8F9D3CB755C31
        SHA-512:4FF97B05725C7616C93393786D7E542102ED981B3E503631EA2E23B815E7BAE60A9CD570EE469CAC2616C97DC40BB06C378BDBB6D5B728020DA668D8060981E4
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"4b86c677-9295-4ebf-be7b-3a1810c6c9b5","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1732372538110,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2817
        Entropy (8bit):5.142848537827663
        Encrypted:false
        SSDEEP:48:YWVsQ4RUi4ZVIMxITaY2yTaVNi93ZJlio:lVsQwUnZVIMxIT2y33bB
        MD5:A8187424C61E6EC4A820BCC1054C4093
        SHA1:4F5C97DD718FB8C9F9AAA5C37345D6498C62E212
        SHA-256:43F2583A0C328D366492BFCDBE24FE4FF942E2CAEF7F33F6F1DB8E5B7621873A
        SHA-512:88A9D75F52829608819C2C1DC0EAC26D90DDF465F711019AE9A830BA1909B43426D147B546BA6973B6A3BF39351B319F6D299C75C96CF5CF576547A15C522B9D
        Malicious:false
        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"8f02b0c1cb83b378706951c6427f0b95","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732193647000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c8b3eb7145501ee78574473d20dfc148","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732193647000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"54131c8da2bad3d761c3b4b74f436247","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732193647000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c96408230e85666ff1b480354acc48f2","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732193647000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"c72ee2727da77138451a1a893a278af4","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732193647000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"a7adc810eb322ce1b86302cee65250b7","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):0.9849046016978474
        Encrypted:false
        SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/SpyDD4zJwtNBwtNbRZ6bRZ4FDDF:TVl2GL7ms6ggOVpyD8zutYtp6PQDp
        MD5:41C5DD67E578C0CE8ECA5B93D8178774
        SHA1:705D3C99118A0528853AE000A0AB4BA24B1B1F70
        SHA-256:7CC0450939219C82847741E60E25A492C45C0DFC1A9765B61A093360DBB50FDE
        SHA-512:A39FA35F1003815631BFC93646FC91B64BF2A58CEC4A03D22D66A64F4A213EA9650F600A40337B6D1770675BA6E68F38CC4FA910C3BE769A4F06B98404C1502F
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.3387599811230217
        Encrypted:false
        SSDEEP:24:7+tWAD1RZKHs/Ds/SpyDDPzJwtNBwtNbRZ6bRZWf1RZKUqLBx/XYKQvGJF7ursq4:7MWGgOVpyDDzutYtp6PM9qll2GL7ms5
        MD5:0D92038511B6E4D2F5A2301B2087809A
        SHA1:8C79664D62571B1D76F9FC9B56D02B583EE110C7
        SHA-256:E1FA1C280C1D3C9E40E2A08299B9D45F50BF30CAB0B2A621808298A4A7B97D80
        SHA-512:9D6652AF8E5D14C34C0F4727E5E67E7892CA5BB99B36AB126A4C89F864E876D1A8850F30018F115C51DCEDCAADB291298ADDC9405A8F8A73FE2D114DAA39786B
        Malicious:false
        Preview:.... .c........c......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):66726
        Entropy (8bit):5.392739213842091
        Encrypted:false
        SSDEEP:768:RNOpblrU6TBH44ADKZEgdlNg3NJNWCUY0BvSVfBUOWfJxYyu:6a6TZ44ADEdzg3NeBvSVp8DK
        MD5:5C5C7AA6D95F62ED17E749B4DE4C77FB
        SHA1:1C6F1D7EAACE153A31150A55953D202C55BFD07F
        SHA-256:41353923A7586903B0852F883A947E864CE08A7E0D0E7EA328930B6DD56A2552
        SHA-512:E21CC5DB4A21EF8BB571B472945596701D693A8B3D12357D9A0D2A8F4FECF214F8CAC54B7B15BCFDD59318A359EE6776BCD7A6DF7666D38C3513C1DF7D4C7315
        Malicious:false
        Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.501595078528367
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8hlpivH:Qw946cPbiOxDlbYnuRK0MH
        MD5:44D14EAFFE1332F09A5C67F2203A9F7C
        SHA1:BCF5772A9891D38BD3B6FBDADC31FAD7A987F177
        SHA-256:CC27A6337B06635B7E4EFF517737F9768B84F662F2DAA7C63B37DC836DD2D335
        SHA-512:B5853E68314B6C3277D0E83F73B3B4C4E65B42994489AF09E49342AFEB98BBE6CE07895D23B912C314882226ACA010E6D0B1A34FFE30A4B0BC3DBB648A847AFD
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.1./.1.1./.2.0.2.4. . .0.7.:.5.4.:.0.2. .=.=.=.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PDF document, version 1.6, 0 pages
        Category:dropped
        Size (bytes):358
        Entropy (8bit):5.071613107592004
        Encrypted:false
        SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOy1O1uLCSyAAO:IngVMre9T0HQIDmy9g06JXCoglX
        MD5:48C28C9A58771C14A4C9B4B644574F44
        SHA1:42C7376A087BAB43FF6FA2661ABFF494B9314DF3
        SHA-256:6AD7861327F5DDDF2095E6BA7D37D5FEF5625A2983E337DEE51A562DB8C77DA8
        SHA-512:AC92C48DD355922305085FF921523D31B0DD9F5BF24F361F5EB987D1626FE1382027EA7403125EF719763129748E823ACDA4E9178F66E40CA6CDB231AA952C7D
        Malicious:false
        Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<6BDA2BA29A88D14F96F733608BA61FB8><6BDA2BA29A88D14F96F733608BA61FB8>]>>..startxref..127..%%EOF..
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.376360055978702
        Encrypted:false
        SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
        MD5:1336667A75083BF81E2632FABAA88B67
        SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
        SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
        SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
        Malicious:false
        Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15114
        Entropy (8bit):5.377345941325967
        Encrypted:false
        SSDEEP:384:irRA3AEAvABAGA57AeAHA5AuAAAh181I1mEqEzE/E8E9rV15RjA5RE6IK2KmKELi:iFcJMMF87pOOz5EqO81IILQPXjAXEDNk
        MD5:029388930A95B66447FE67EB508B0C1A
        SHA1:646D3CC0CA0A306EA83965DDF60E08BD87EACE72
        SHA-256:C0BE90230AF4AF8CF84D40E78B6DFC2B6310DC5D7570EAE5809870C41C752602
        SHA-512:4EE88AA25B2277A0DB152209D2B59404CC39F335648E8EA73B74D446C1A49A1C7C87D58382E4FCCD4D893D1264C379B3AAC77925071425A79642D84A43BA6E3C
        Malicious:false
        Preview:SessionID=69f72078-85be-4bca-a609-c74cb0596806.1732193637737 Timestamp=2024-11-21T07:53:57:737-0500 ThreadID=4396 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=69f72078-85be-4bca-a609-c74cb0596806.1732193637737 Timestamp=2024-11-21T07:53:57:738-0500 ThreadID=4396 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=69f72078-85be-4bca-a609-c74cb0596806.1732193637737 Timestamp=2024-11-21T07:53:57:738-0500 ThreadID=4396 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=69f72078-85be-4bca-a609-c74cb0596806.1732193637737 Timestamp=2024-11-21T07:53:57:738-0500 ThreadID=4396 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=69f72078-85be-4bca-a609-c74cb0596806.1732193637737 Timestamp=2024-11-21T07:53:57:738-0500 ThreadID=4396 Component=ngl-lib_NglAppLib Description="SetConf
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29752
        Entropy (8bit):5.402072316457658
        Encrypted:false
        SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbT:X
        MD5:2A007FF6304BE8513BF57F3E92368AB3
        SHA1:823A0F13037CF2814742BE766AC5B5205B60571F
        SHA-256:062C3059E855975FF71E8EB5CC73E853524CD1951EAC3C1AC4BC005D02DB59AF
        SHA-512:6FBF3F571158F2E37D3F5E3714A0F1F80C0D69AAD24C2D737E2E97FB138EB9FDCDA0EBAD89F07F1F56BAA833D4F4C55E2A8AA8BEEFD1518A0827D87A92524BC3
        Malicious:false
        Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/M7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:RB3mlind9i4ufFXpAXkrfUs03WLaGZje
        MD5:716C2C392DCD15C95BBD760EEBABFCD0
        SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
        SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
        SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1439367
        Entropy (8bit):7.97609170196247
        Encrypted:false
        SSDEEP:24576:/xA7owWLaGZDwYIGNP4xdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGe3mlind9i4ufFXpAXkru
        MD5:49D8A80707172858F2DA6673037C272A
        SHA1:A2242B8E10DF0958FE2B44E2EE43851D7C231B3D
        SHA-256:0C6A67BA2D3DA8A887491F6651ADD953B6BA100BBC69237BBAC5581FE9A46669
        SHA-512:42FA0F072DEB5FC8D6A2AC410122AE7D07ACB38E379E7C51DD4B1813DA9E217444E903BB8ACD7217EE8468C65BC12C3D4FD2A2767FFAAD05956E95B7BDC11E1C
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/M7ouWLYZwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:RuWLYZwZGuGZn3mlind9i4ufFXpAXkru
        MD5:EC8D4FAB55F24C0E344D263724846C4A
        SHA1:5444D90F86D68A23AF7FB5434DEAE740D57D0312
        SHA-256:E489C11D38BFF8F1F51351BAEBEE9F723A5C036DA0B0CB9C82306251017054EE
        SHA-512:21018FD299944987654C202779C8E0185815868DE7179B814F145573EE8D45ACC33CA7E008CB23774C473DD7939E9D7D7C2E5A14E31D5EC62F7BFFDBBAB41F9A
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
        File type:PDF document, version 1.7 (zip deflate encoded)
        Entropy (8bit):6.992505428538972
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:Rhenus Express_Bank scam.pdf
        File size:207'515 bytes
        MD5:c23e360dec1b5cce7084fae6653fcf29
        SHA1:82e3ee68dd0b38eccbb6abd9f7e69ef83088e4bd
        SHA256:f93a499cc946d82f97ce6edd0f8135b8feaca01d1cbb039beaa42e2766f35cdf
        SHA512:be1a2933561b86b4d43c8808faa5a9c8a0494c72375cb8073b2d6aa958154d8b2ce02a4a5e228817c21821dd86d2bd8723d30a841547b94a34049d206b33bda0
        SSDEEP:3072:uic77xozYkjfMFWZbeEWbrAJkziKIRds4wWTEEjSf6Th:ucbbM4ZiFbrAJkzNmf4EVh
        TLSH:9C149C878E089AE1D81D04F97D461DDD7D2A4308DC490DFF792D0FDA3E909678EA6A0B
        File Content Preview:%PDF-1.7.%......48 0 obj.<</Linearized 1/L 207515/O 50/E 202702/N 1/T 207208/H [ 500 185]>>.endobj. ..67 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<BFFFC1B35153C94BBDE6210397B03AC4><FF68869ADF154B4E853C678C913169B
        Icon Hash:62cc8caeb29e8ae0

        General

        Header:%PDF-1.7
        Total Entropy:6.992505
        Total Bytes:207515
        Stream Entropy:6.967757
        Stream Bytes:203741
        Entropy outside Streams:5.422416
        Bytes outside Streams:3774
        Number of EOF found:2
        Bytes after EOF:
        NameCount
        obj26
        endobj26
        stream23
        endstream23
        xref0
        trailer0
        startxref2
        /Page1
        /Encrypt0
        /ObjStm4
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0

        Image Streams

        IDDHASHMD5Preview
        618804d889d7008800326f6a5c677289b20937f014548fcf47
        62000000000000000060e7febe461bf3061c54d25c417a6c65
        66010100000000565e58966a9d67d6148743ab75a4024458e8
        TimestampSource PortDest PortSource IPDest IP
        Nov 21, 2024 13:54:06.805257082 CET4997753192.168.2.51.1.1.1
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Nov 21, 2024 13:54:06.805257082 CET192.168.2.51.1.1.10x1edeStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Nov 21, 2024 13:54:07.043008089 CET1.1.1.1192.168.2.50x1edeNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
        Nov 21, 2024 13:54:08.815215111 CET1.1.1.1192.168.2.50xb9e2No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
        Nov 21, 2024 13:54:08.815215111 CET1.1.1.1192.168.2.50xb9e2No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

        Click to jump to process

        Click to jump to process

        Click to dive into process behavior distribution

        Click to jump to process

        Target ID:0
        Start time:07:53:54
        Start date:21/11/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Rhenus Express_Bank scam.pdf"
        Imagebase:0x7ff686a00000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Target ID:2
        Start time:07:53:55
        Start date:21/11/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff6413e0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Target ID:4
        Start time:07:53:55
        Start date:21/11/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2128 --field-trial-handle=1576,i,3010195169711488959,2304735170993569971,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff6413e0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        No disassembly