Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BRNB4220046D2EC_004113.pdf

Overview

General Information

Sample name:BRNB4220046D2EC_004113.pdf
Analysis ID:1560181
MD5:a3b90129336364fe04a62672bec5bac2
SHA1:de0d07aff56bc86c34e47c87f6aca19123828437
SHA256:6580703f8adcba9ad7214b8d5be3ec7091351a8f1c0dea71024183adf2f5d486
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

  • System is w10x64
  • Acrobat.exe (PID: 7272 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BRNB4220046D2EC_004113.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7460 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7648 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1564,i,18300350310385928855,1257340988202054605,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean0.winPDF@14/52@1/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-21 08-19-59-033.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BRNB4220046D2EC_004113.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1564,i,18300350310385928855,1257340988202054605,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1564,i,18300350310385928855,1257340988202054605,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: BRNB4220046D2EC_004113.pdfInitial sample: PDF keyword /JS count = 0
Source: BRNB4220046D2EC_004113.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: BRNB4220046D2EC_004113.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System1
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1560181 Sample: BRNB4220046D2EC_004113.pdf Startdate: 21/11/2024 Architecture: WINDOWS Score: 0 13 x1.i.lencr.org 2->13 15 bg.microsoft.map.fastly.net 2->15 7 Acrobat.exe 20 76 2->7         started        process3 process4 9 AcroCEF.exe 105 7->9         started        process5 11 AcroCEF.exe 4 9->11         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    high
    x1.i.lencr.org
    unknown
    unknownfalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
        high
        No contacted IP infos
        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1560181
        Start date and time:2024-11-21 14:19:00 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 9s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:10
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:BRNB4220046D2EC_004113.pdf
        Detection:CLEAN
        Classification:clean0.winPDF@14/52@1/0
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.19.126.149, 2.19.126.143, 172.64.41.3, 162.159.61.3, 52.202.204.11, 54.227.187.23, 52.5.13.197, 23.22.254.206, 2.23.197.184, 199.232.214.172, 88.221.168.141
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
        • Not all processes where analyzed, report is missing behavior information
        • Report size getting too big, too many NtCreateFile calls found.
        • VT rate limit hit for: BRNB4220046D2EC_004113.pdf
        TimeTypeDescription
        08:20:07API Interceptor2x Sleep call for process: AcroCEF.exe modified
        No context
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        bg.microsoft.map.fastly.netestimate Cost.pdfGet hashmaliciousUnknownBrowse
        • 199.232.214.172
        mLi58UzdI2.dllGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        1.e.msiGet hashmaliciousDanaBotBrowse
        • 199.232.214.172
        F2.exeGet hashmaliciousBlackMoonBrowse
        • 199.232.214.172
        test2.exeGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        file.exeGet hashmaliciousCredential FlusherBrowse
        • 199.232.214.172
        ibk0BQaWAo.exeGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        ibk0BQaWAo.exeGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        TS_F97A.dllGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        PWS5JoRGtk.exeGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        No context
        No context
        No context
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.262996873191139
        Encrypted:false
        SSDEEP:6:HE6Ffxyq2Pwkn2nKuAl9OmbnIFUt8YE6FfMG1Zmw+YE6FfMQRkwOwkn2nKuAl9Oe:k6lxyvYfHAahFUt8/6lMg/+/6lMQR5JK
        MD5:B36CFF45E4607F9641CD4B4218668DCC
        SHA1:F1FBEFA10A072199CC28D6307C5571D31AD61F2A
        SHA-256:3E0E3E658F36510A47251DEF3A65328E80F332815D36510426B74D1E7344FD1F
        SHA-512:4509AF502D5BD3114C762F04552AF78AD970CFE0F357D70EDC6AEFFA1AA72F5AABD0EF1FD73DBB02B95D201FAF228CB1AAF1B9BC7BBD94E14AC2C34E2F109D3C
        Malicious:false
        Reputation:low
        Preview:2024/11/21-08:19:56.472 1d90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/21-08:19:56.474 1d90 Recovering log #3.2024/11/21-08:19:56.474 1d90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.262996873191139
        Encrypted:false
        SSDEEP:6:HE6Ffxyq2Pwkn2nKuAl9OmbnIFUt8YE6FfMG1Zmw+YE6FfMQRkwOwkn2nKuAl9Oe:k6lxyvYfHAahFUt8/6lMg/+/6lMQR5JK
        MD5:B36CFF45E4607F9641CD4B4218668DCC
        SHA1:F1FBEFA10A072199CC28D6307C5571D31AD61F2A
        SHA-256:3E0E3E658F36510A47251DEF3A65328E80F332815D36510426B74D1E7344FD1F
        SHA-512:4509AF502D5BD3114C762F04552AF78AD970CFE0F357D70EDC6AEFFA1AA72F5AABD0EF1FD73DBB02B95D201FAF228CB1AAF1B9BC7BBD94E14AC2C34E2F109D3C
        Malicious:false
        Reputation:low
        Preview:2024/11/21-08:19:56.472 1d90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/21-08:19:56.474 1d90 Recovering log #3.2024/11/21-08:19:56.474 1d90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):336
        Entropy (8bit):5.198182101830389
        Encrypted:false
        SSDEEP:6:HE6Ff+L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YE6FfQ1KWZmw+YE6FfQjLVkwOwknV:k6l+L+vYfHAa8uFUt8/6lQAW/+/6lQj+
        MD5:2A4ABA06B841D07A0A6D4B604FB9D682
        SHA1:44C41882670C6FC21D3FB66D8F63DE860BEF085D
        SHA-256:455FA1C300161DFB6954B167432F765749D309CB1A05F54C5E6084D4771D1AD2
        SHA-512:FDE1E065F112EF08E796894ABDFA8DE0A4D7FCEDA691B5D64F2C29BA7851C613B22F0BF57975FC538CD268DE159CF1C0501A1249C75475A4339C719C8C89F78A
        Malicious:false
        Reputation:low
        Preview:2024/11/21-08:19:56.550 1e3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/21-08:19:56.552 1e3c Recovering log #3.2024/11/21-08:19:56.552 1e3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):336
        Entropy (8bit):5.198182101830389
        Encrypted:false
        SSDEEP:6:HE6Ff+L+q2Pwkn2nKuAl9Ombzo2jMGIFUt8YE6FfQ1KWZmw+YE6FfQjLVkwOwknV:k6l+L+vYfHAa8uFUt8/6lQAW/+/6lQj+
        MD5:2A4ABA06B841D07A0A6D4B604FB9D682
        SHA1:44C41882670C6FC21D3FB66D8F63DE860BEF085D
        SHA-256:455FA1C300161DFB6954B167432F765749D309CB1A05F54C5E6084D4771D1AD2
        SHA-512:FDE1E065F112EF08E796894ABDFA8DE0A4D7FCEDA691B5D64F2C29BA7851C613B22F0BF57975FC538CD268DE159CF1C0501A1249C75475A4339C719C8C89F78A
        Malicious:false
        Reputation:low
        Preview:2024/11/21-08:19:56.550 1e3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/21-08:19:56.552 1e3c Recovering log #3.2024/11/21-08:19:56.552 1e3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.967403857886107
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
        MD5:B7761633048D74E3C02F61AD04E00147
        SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
        SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
        SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.967403857886107
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
        MD5:B7761633048D74E3C02F61AD04E00147
        SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
        SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
        SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
        Malicious:false
        Reputation:moderate, very likely benign file
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.967403857886107
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
        MD5:B7761633048D74E3C02F61AD04E00147
        SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
        SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
        SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):475
        Entropy (8bit):4.973413864143525
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqTuXhsBdOg2HBcaq3QYiubInP7E4TX:Y2sRdsE7dMH43QYhbG7n7
        MD5:5B0D1D422CF465FD69C41E007D523A78
        SHA1:EC498C995628D352D32DD510883DDC584EB142B4
        SHA-256:991BC1FDEC24B3F548E3311FA0003E7793568AA55C0BAE3E5DF1AB85EBD2EFF1
        SHA-512:2CB51CB998C3CB1BC1C9ADE3DF84BC3EB9AD6C853EAF65A6E1BDAD8870C149E1DB1D4A899FAD1FDE2DF3A29819694A75803BC67375AB73E3C7E3E1FEB3FF27AC
        Malicious:false
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376755205073644","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":662649},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4730
        Entropy (8bit):5.2605868595991305
        Encrypted:false
        SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7kA0jZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gos
        MD5:01F64B08563FAFDB2012E6BFCE3E2EC0
        SHA1:59CCC4FA0650D92C17300E924BC60F9C6DD39ECF
        SHA-256:1ED6770B41D7A76141C245F10B4308C95AD7ABC6649CE2D4F9BB356549161E4E
        SHA-512:25D65746E9FEE22416BEF519C0E6CA35A59542B1F52C42FD2BA3C1DD53428FD467B1E27D1CA1F1C36A5AC6CD78EAAF35F3198E83DE0C1A8B125076ABD42C623B
        Malicious:false
        Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):324
        Entropy (8bit):5.221058655443426
        Encrypted:false
        SSDEEP:6:HE6FfGL+q2Pwkn2nKuAl9OmbzNMxIFUt8YE6FfBKWZmw+YE6FfSZLVkwOwkn2nKA:k6lGL+vYfHAa8jFUt8/6l8W/+/6lSZLV
        MD5:C0FD855F5AED1A1D0A0E07CB85575E59
        SHA1:E7984F73C2CBCF839C42036B21677725DB07041C
        SHA-256:5187879B2057AAB126056862367F36001D8B52B9BB8D35A8A11BC48E42CC58B8
        SHA-512:AB2E44BD6A99055BEEF291076E92A8A7E5111C124DB8348DB170263B86B2F107C472B122DF3E6D33C8EB7D0CB829A3F1C44EFD1ABE225C337D0B75126F5D5B48
        Malicious:false
        Preview:2024/11/21-08:19:56.653 1e3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/21-08:19:56.654 1e3c Recovering log #3.2024/11/21-08:19:56.655 1e3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):324
        Entropy (8bit):5.221058655443426
        Encrypted:false
        SSDEEP:6:HE6FfGL+q2Pwkn2nKuAl9OmbzNMxIFUt8YE6FfBKWZmw+YE6FfSZLVkwOwkn2nKA:k6lGL+vYfHAa8jFUt8/6l8W/+/6lSZLV
        MD5:C0FD855F5AED1A1D0A0E07CB85575E59
        SHA1:E7984F73C2CBCF839C42036B21677725DB07041C
        SHA-256:5187879B2057AAB126056862367F36001D8B52B9BB8D35A8A11BC48E42CC58B8
        SHA-512:AB2E44BD6A99055BEEF291076E92A8A7E5111C124DB8348DB170263B86B2F107C472B122DF3E6D33C8EB7D0CB829A3F1C44EFD1ABE225C337D0B75126F5D5B48
        Malicious:false
        Preview:2024/11/21-08:19:56.653 1e3c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/21-08:19:56.654 1e3c Recovering log #3.2024/11/21-08:19:56.655 1e3c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 106 x -152 x 32, cbSize 64502, bits offset 54
        Category:dropped
        Size (bytes):64502
        Entropy (8bit):4.611300969135374
        Encrypted:false
        SSDEEP:384:0jPjHjr4kMLP4AzN5waUqB144HRJyZy0fd4MV9yc9+aKZanL0cZNhvQoDVHptN+e:pKPga60PZTvddzY5+0LivBOcWRPb4hX
        MD5:1BA56C13DF444ECF590B6F31E53D4266
        SHA1:79E48DFE2BC86B90349727CDE0945DC7B2893FC6
        SHA-256:CC9959CE06C1AC449734D60223457977D69E43F77B1FCBA17B17C322369654F7
        SHA-512:CE880EB68762988285E26F9915AF344B634171EEBD5C5D2EFA9D502691FC1E2AEFD5AD39596F8CBFB537FE658624AC36AB29B7B035CFB969CEAD8279945A394A
        Malicious:false
        Preview:BM........6...(...j...h..... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
        Category:dropped
        Size (bytes):86016
        Entropy (8bit):4.444873028454647
        Encrypted:false
        SSDEEP:384:yezci5twiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rHs3OazzU89UTTgUL
        MD5:93DA9EA704CF34F9BC9D7794C93AA893
        SHA1:797FB2261C91E84B40A8C09BBDBC5FC10CADECBF
        SHA-256:42D0142117C35C79A5DA77C20D160DC8805D810518CA2CB7347FC34C202BBD3E
        SHA-512:919366160BA2BAE8CD2A852A3906FA55C2AFF72BB54518883D614FA8E49261313AF8455D9A7051E7CBA6440D71E0EB13E14A4446F3302B346FB3F8722755C849
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):3.774845462749924
        Encrypted:false
        SSDEEP:48:7Mmup/E2ioyVORioy9oWoy1Cwoy1JaKOioy1noy1AYoy1Wioy1hioybioy3Ooy1D:74pjuORFsSXKQiM2b9IVXEBodRBku
        MD5:12CF60B5A61AFAE7C09D1C30A7D5CBB8
        SHA1:174BF4FAA38BB2F7F57703ACEABF6CDA1F5BB548
        SHA-256:57E5DBB49DC8AF35962F5E8642BBB43AB03E888D051DD76E5A21AF1EDE0C3F0E
        SHA-512:444304C09B1C896BD80B8A8D43A37DC7FCE842AFA97082E59AC3C8451E8A9A7D3EF25FFAF55510A55BA5EB42CD905F1608817975009769ED35C81362E1A1E3C8
        Malicious:false
        Preview:.... .c.......K"...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):71954
        Entropy (8bit):7.996617769952133
        Encrypted:true
        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
        Malicious:false
        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.756901573172974
        Encrypted:false
        SSDEEP:3:kkFklnvw9jfllXlE/HT8kwbNNX8RolJuRdxLlGB9lQRYwpDdt:kKz9sT8FNMa8RdWBwRd
        MD5:715EAC09B7F180428552CFB6D65952E7
        SHA1:A6218E7B3D7C36119F180895DD1ED124949B8B88
        SHA-256:4AE010AF54229D75AE4F5A61787F44E2DE856F6298282A461D7A72117D376F09
        SHA-512:51035D1737E27746CCBB6E519E5878D2AB655F2FD1F39942C68541AC781739D3FAF86D1E69313948AB9245F752F8A1AF5DBFC31DCE7CA2E7ADEAE7909812A056
        Malicious:false
        Preview:p...... ..........N..<..(....................................................... ..........W....e...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):328
        Entropy (8bit):3.2418003062782916
        Encrypted:false
        SSDEEP:6:kK90MD9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:GDImsLNkPlE99SNxAhUe/3
        MD5:065B91F2AAF0A199E1DAAB96F6351A57
        SHA1:08863FC469D23136B2F4BF69D042E6A62A2B5ECD
        SHA-256:16FF6883C5F82C914E914F69FC9357B0815BDEE278330B2633BA4DA2ED6EE2FC
        SHA-512:08536310161D2368FAA4757AFE3A898FB065179FBECD573F3AC82F6104E0EF8DEA5CD752AA845484C646F5D9AD7F42DD57C39B09F8869301D593F39D5B835E64
        Malicious:false
        Preview:p...... ..........^(.<..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):1233
        Entropy (8bit):5.233980037532449
        Encrypted:false
        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
        MD5:8BA9D8BEBA42C23A5DB405994B54903F
        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):1233
        Entropy (8bit):5.233980037532449
        Encrypted:false
        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
        MD5:8BA9D8BEBA42C23A5DB405994B54903F
        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):1233
        Entropy (8bit):5.233980037532449
        Encrypted:false
        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
        MD5:8BA9D8BEBA42C23A5DB405994B54903F
        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):10880
        Entropy (8bit):5.214360287289079
        Encrypted:false
        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
        MD5:B60EE534029885BD6DECA42D1263BDC0
        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):10880
        Entropy (8bit):5.214360287289079
        Encrypted:false
        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
        MD5:B60EE534029885BD6DECA42D1263BDC0
        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):243196
        Entropy (8bit):3.3450692389394283
        Encrypted:false
        SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
        MD5:F5567C4FF4AB049B696D3BE0DD72A793
        SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
        SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
        SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
        Malicious:false
        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.373713913014458
        Encrypted:false
        SSDEEP:6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJM3g98kUwPeUkwRe9:YvXKX40EZc0vNeGMbLUkee9
        MD5:36C1A5C3D4CAA7FA38F5F0C714764D2E
        SHA1:F3AD77FA6E03E24D48C3A884FFD2E343C58C65B6
        SHA-256:C1BCD6F606A0742AE981A7D47ABB2267EE181800E60EB16CD2FA38EA770998F5
        SHA-512:9053602DC2A3F5D1B47E9424C7FDD80BA976E6375DBFE4A1A0CD09F8C86D18D1FCE67727731F4A089AF581828F88136510E6CB9A11AA0CC4B5C452971562BBA2
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.322703473855263
        Encrypted:false
        SSDEEP:6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfBoTfXpnrPeUkwRe9:YvXKX40EZc0vNeGWTfXcUkee9
        MD5:CA8EC443DE98C15071ADBCBA977CD0CA
        SHA1:AF346690E9AF341E594AE6CDFBE205CB538FBAD8
        SHA-256:76E501651D96713FD29C575D4CFA38049EDCF3B77AA719607FA3C98F8709A1EB
        SHA-512:14A60F0874A5D72FA200AFAB468AF21099413BA9A42BF9A863E09C62CADE59F47BF3C68142EFFED3D5D2D0D6270189D17DF85CC7F3EBB2FB7F1D3738ADE2E884
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.300175723058891
        Encrypted:false
        SSDEEP:6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfBD2G6UpnrPeUkwRe9:YvXKX40EZc0vNeGR22cUkee9
        MD5:0CF89C1C11EDC1F04E18F19127D2CD27
        SHA1:7539C514DAD2B905B6C742D49EFBDDE884E7AA40
        SHA-256:30DC96D82D0EA16AACCEAFFFA058CDF16F0FDAB3C6928538991390638D20FA1D
        SHA-512:F73C972898DECFD9F2F621BEF10C32926A4DF8A8B85AD8F201062F9CB4E285BF9979BD7EE7DD88291FE2A26F4404A47FB6E4C8172900319E1375AE7C5FC348C9
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.3610875955849595
        Encrypted:false
        SSDEEP:6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfPmwrPeUkwRe9:YvXKX40EZc0vNeGH56Ukee9
        MD5:A61CD03FB08B07A796771506B857B648
        SHA1:28EDA9CC8F4B2693F2597C3F1BF2B0D35CE5813B
        SHA-256:C1DC1B703A6F249EB47BCE76C80033E0531773A2B3BA3F1AE2EC86ED78EA62DB
        SHA-512:02005559505A246B387EEA3DB1F975628E3C02CAED22B46B2ECBF3349FD206E7825FE4FD9DFE4DA9AD0501566275D2B36441ED0A384A16BAF3C6FA59508252B3
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1123
        Entropy (8bit):5.693737131958809
        Encrypted:false
        SSDEEP:24:Yv6X4nzvppLgE9cQx8LennAvzBvkn0RCmK8czOCCS7Y:YvdRhgy6SAFv5Ah8cv/7Y
        MD5:912F3BBA8942BA86B00A458F6FBB5BA5
        SHA1:20AB3AEE3981F2E3A4C081106AD188C7F29E0A78
        SHA-256:8BEB855521DFE813EFC8DCA47E56992995B4FB039EB03277BA5C7E9CD56B4BB5
        SHA-512:35A81D8B3F2AB0EB15B8CEB881EA2A2836315C11BB012DE35154588873A3D87D5D5629F42FB6C4669F9914A82BBC4F8542F737AD6DF5B5918BCC79CBF4C7BEC8
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1122
        Entropy (8bit):5.685627389111958
        Encrypted:false
        SSDEEP:24:Yv6X4nzvFVLgEwcp06ybnAvz7xHn0RCmK8czOCYHfl8zdBkY:YvdNFgSNycJUAh8cvYHRY
        MD5:5BCE874BB9D6447E9732F9F0EE2CC98F
        SHA1:59CDA6F65E1449CE199F6A45F080852CE91D85BF
        SHA-256:B7662EDDCC39C3CC9DFE304677D733505BD10A42256BC552ACD22CAB8B1E88D8
        SHA-512:2AD13D30448F6A97BDB61C303B9E7A42F55F932CBBE480F11FE217EF63093EBB4A972A20436EC276E58BA156FC254E2A999F5E83DA0A7119848BC1008ECEE852
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.3106272640174925
        Encrypted:false
        SSDEEP:6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfQ1rPeUkwRe9:YvXKX40EZc0vNeGY16Ukee9
        MD5:E38D0321AFDC0C699B6090FCA298914C
        SHA1:B4135C2DDA3F3FEAC9318618465655EEEDFE61D1
        SHA-256:17EEE783FF32E8C7F64DCCA2E9879BE4E3FFD36B166B205F0ADE179FB5900CD9
        SHA-512:EF5C64939702B0759EE6D39CFBD30ED5CC63B1048D675EAC0F014D7F9E2E76A25997657BBAFF7B39A5D5DA3E36B1171CD07681F6210C777F7C905BAB54C6BDF4
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1102
        Entropy (8bit):5.677126264340734
        Encrypted:false
        SSDEEP:24:Yv6X4nzvk2LgErcXWl7y0nAvzIBcSJCBViVkY:YvdMogH47yfkB5kV7Y
        MD5:04F3B961C96668FEA7075CDB4C7E6589
        SHA1:4D5251AD0D6F119DA4BF6ECBF09E1ADE6E37FE6C
        SHA-256:BC7CC96BF882DB8DED76404C8DD9BD07104EEAFA7EF9EB14CEDB89459FAC07D3
        SHA-512:38156758EA71C80FBC6BEA23E83C3D7251A3E8E78E874B724FE0BB956AA134E8D6D94EBB9E0CF8513E40E94E42339C17674BB7B32C8BE42061CE4F9776BF3771
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1164
        Entropy (8bit):5.702238781988155
        Encrypted:false
        SSDEEP:24:Yv6X4nzv0KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5kY:YvdMEgqprtrS5OZjSlwTmAfSKKY
        MD5:7E5132082507CA5B71CBDC45A2F773B7
        SHA1:AF3698B2EC8D9057491B626DEE11372DB4E36CD4
        SHA-256:076FD5797DD5813F5489516CD16F52AE06832B7123F0C0094EFC62067542F621
        SHA-512:4AD96B14220B185F585168ACCCDBD15953965321A35E49414D77A81D2C0853F539A05BA7C66C446D2F014F2930ADFECE8D8B1A1B14C54986D17CF6B6E6A179AF
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.314603321835047
        Encrypted:false
        SSDEEP:6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfYdPeUkwRe9:YvXKX40EZc0vNeGg8Ukee9
        MD5:2C69C0C62A871AC8CA448634C2E713E3
        SHA1:3CE41B923241B15897545D83B795647C9C201516
        SHA-256:A8F04D1D366D62B61B2AADFD14508423D9314763929C09B6E43322578EC0D61B
        SHA-512:1FF0E524348AB5AEB1236FBEC5AF7B01AEA2234A7CBBD6CB6794D326C95E91C5CDD169BAFC17DEB031CDA3624BB8C090E79D2D587B2564C42EB37B02A004B24E
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):284
        Entropy (8bit):5.300910795394452
        Encrypted:false
        SSDEEP:6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJf+dPeUkwRe9:YvXKX40EZc0vNeG28Ukee9
        MD5:F8625534024651CF82EEF2779FA15121
        SHA1:A7EFAEE2E3F7776866030D199A259E0D46D4D3D6
        SHA-256:42EACEBBEF6937E08CAA4C5CF88A579AB7120CE26C79A0EC0FDCB4991A603B50
        SHA-512:C3955A8CC7E78F2C41EDB40DFDCBEF63918B3116933A862B50D988846C83E54842DFDAD8B791A2FF3FD100F41BCDB53424D8DB778E66DE1D404E8DB350B2B844
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.298050053035816
        Encrypted:false
        SSDEEP:6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfbPtdPeUkwRe9:YvXKX40EZc0vNeGDV8Ukee9
        MD5:3A8E773CDE5A32D5DEEBAD70FA26B149
        SHA1:A97381C8F866CB08FA2A95DBBDB93E5C10CC4829
        SHA-256:8CB2C97DA38AE40FDDECCBE86C35C585B827C8F93313337EDC4B36FD5760AF93
        SHA-512:81B704C67BC5EB9F25E82D8AEA677AFD6869BCF33539F43F8E07BFCFA00EE72F8B00BC5F177940E0DB9D5AEEC9338291DE5869785462BE85509E77C831587627
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.302253887363725
        Encrypted:false
        SSDEEP:6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJf21rPeUkwRe9:YvXKX40EZc0vNeG+16Ukee9
        MD5:163799B569D2AA7D5DE52DA74CBC91E5
        SHA1:4A89A95458CED7A2107E54EBDB2BC1CF2CE0C41E
        SHA-256:0D1431D916C4249B9B5DD399FE4AABCAF69D1610D7BFF64C8B883CAEE0849698
        SHA-512:AD3D1CC6562A1FD3E29832886ABAB558F124618146C4131A1FB7A48F31459D6E2E7EAC1D944FA50C19C58766E67236B9B87D9C37037047F41678B4AB3097DADC
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1090
        Entropy (8bit):5.671656953452707
        Encrypted:false
        SSDEEP:24:Yv6X4nzvZamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BS7Y:Yvd9BgkDMUJUAh8cvM7Y
        MD5:EC5458E9A866864BDD3A9568BE7F3D3F
        SHA1:E9E01241D59910AB77D97D82952DBA06F463A4BD
        SHA-256:D53715743FF38C66C9E5C62623CE73BB90BA29820E5FBF3F1D76A1699F2CF2F6
        SHA-512:5E503CB4B800EE5BD380E79DDF6CBB676F0192A0EF6F74C26CA579DA1CC647F371A1EF13009DD8A3F822F6E8500F01848DD931C52F2B0AF0ED107D87C85A79C2
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.2774548321881385
        Encrypted:false
        SSDEEP:6:YEQXJ2HX8T0PT9VoZcg1vRcR0YLchoAvJfshHHrPeUkwRe9:YvXKX40EZc0vNeGUUUkee9
        MD5:041CF67101E99396D9CDD9DC04A6BF2E
        SHA1:0458CB49737B95F6D68F8A209E98D254B6BD9C13
        SHA-256:8F5F9F5001156490A453E75694AD3EED4342B0B00A1FA0098FD22A121BFC3FE4
        SHA-512:00FE4321C55382F64F9448993B103D0909ED852EC2DFB1FC34AE9D37870459C21F5890AA50EE732A2A8371DEBF95827834C1A70F8AC3DDD589D3057751D776D6
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"d72484f7-bdec-44fc-81cf-68909485c21d","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1732370573157,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2817
        Entropy (8bit):5.124035848723945
        Encrypted:false
        SSDEEP:48:Y8YThsp74DyiNep9/+80ohGWvpgFub39YxfDpiMY:r+a2yvV+M1pvNcvY
        MD5:704EED59E0B343E392AD8D563537571B
        SHA1:85529A2A2A226BE9FFC141BF2E7AF4C9099E8BC8
        SHA-256:37AA3AB17A318180352071935FC982899CC0D403E40372D80E31E86A688ACA33
        SHA-512:95105AB59065850AC7D59E04C624E56486FF8D674CD311034FCA1018ADB9DFE774272CD1A5BFB24923513CB7C190707E7AC994C72B7204A904204B9D13EC4134
        Malicious:false
        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ae3a49e07e0ef39a01ed218178445f02","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732195207000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"4a3e02b63621f0d53b645003f626a4b5","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732195207000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"072d3cafda89604a6bc2b7469f5b2a4f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732195207000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"6579001272830840f5a9bd66e288ca40","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732195207000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"52c3532f7e5fd868dab4d2853c29a7e2","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732195207000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"d1f81f208d516a51a05977266a2142ff","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):1.1877571744626652
        Encrypted:false
        SSDEEP:48:TGufl2GL7msEHUUUUUUUUEhSvR9H9vxFGiDIAEkGVvpgF:lNVmswUUUUUUUUI+FGSItm
        MD5:3604F6083531DD39D79FD6310E11D7BC
        SHA1:879E48B56275306FCCA582D7883825222C3F2F4A
        SHA-256:950A03418382B63DF98F13573B5A791C2D434E670809EBCE5D151570CB844D58
        SHA-512:4008FABAF839026F704DD911994616ECB9F4F772E5F054A106F76C25E63AC87E8A7F04540EEF47B04F4D9F79B8130BEBB9CC8801828C68AEF083A56AA77FA649
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.6072348562439787
        Encrypted:false
        SSDEEP:48:7MGKUUUUUUUUUUEpvR9H9vxFGiDIAEkGVvXmqFl2GL7msf5n:7eUUUUUUUUUU2FGSItoKVmsf5
        MD5:EA513956192DECE08A2DDCAF9BEF9689
        SHA1:9DFBE2388B15B8B800B8267B8A98128A527F2C48
        SHA-256:A4E94021F0479368F63A799EA7C153E1A1AF672ED29DE8FB8A3B39C6B5B8EDCA
        SHA-512:C8997DEDF1083F9ABE2F788EE1CEBC285F6FB75571CDE54607900399908EFBBCFD4E5B5D482E9EE8EDBA8AF8A9AD216B7B13F11EECDC396880A1BB8CC9DF69F6
        Malicious:false
        Preview:.... .c.....x.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):66726
        Entropy (8bit):5.392739213842091
        Encrypted:false
        SSDEEP:768:RNOpblrU6TBH44ADKZEgOpeXl/RrV9isO03hgjdyniFPsYyu:6a6TZ44ADEOpe1/RrV9iO6sK
        MD5:C1DF16D302363483A9FDF28ED12A0E37
        SHA1:5A74CFB17C510E8086998EAEE31E85A2D10A02F3
        SHA-256:FE95768D3689CA5B43DA1F26748B99ADC5C70757727CF91E581E7C1E6C12E098
        SHA-512:68E939768C00A8AD1FA1275C37FCCFCC4BC95A2A67BE43BBF3E8ABD01A8C33A7349A09B16F8A313AEFCE8B339A8C366519111C2CA1B4E910C5AA505725177099
        Malicious:false
        Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.4965336456103326
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8hlO:Qw946cPbiOxDlbYnuRKV
        MD5:3D405EB0E53037D6E09A5B86823805E1
        SHA1:C94697F53196D96923C9548113E753154B7FC422
        SHA-256:AFBA6FAD672928D2C15D217A5EE85DE61B2FE097D257DF22E4F79D237985C560
        SHA-512:ABDF0DA9B6498E6B7E98029AC28B6B436CA6503D4BF8C5F40212DEF2FEF7AF27642F031DB032CCE496D79AEA14D85DB84AF575B8E4341310BEB584B2BF090344
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.1./.1.1./.2.0.2.4. . .0.8.:.2.0.:.0.4. .=.=.=.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.345946398610936
        Encrypted:false
        SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
        MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
        SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
        SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
        SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
        Malicious:false
        Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15114
        Entropy (8bit):5.3721336592635005
        Encrypted:false
        SSDEEP:384:ZzPWXDiGumlFEO+KQfdF8C0BwjMehuObSRoMG+ZiM+vsSThemJFLU/UNoa4/SIAR:edI
        MD5:FD92ED35B7CDA21EFAAA39728B1CCACD
        SHA1:17142E61D509D81002160199FD96AE83E6A510CD
        SHA-256:95E278A9B0AC6552A13D80680C2B897E79E38D07A10B5025AA53CBD0C4D8A29A
        SHA-512:A7CD217CD2F83BC9016C193BF1662A83AC5977A39FF21F067F390B8BFCA01273093597DC9048A950F168BA71A158564636255AAE6BE9BA2AEE51F325A4EB0394
        Malicious:false
        Preview:SessionID=1e1b954f-42fc-407d-8cdd-3c3381bb64c7.1732195199044 Timestamp=2024-11-21T08:19:59:044-0500 ThreadID=2472 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=1e1b954f-42fc-407d-8cdd-3c3381bb64c7.1732195199044 Timestamp=2024-11-21T08:19:59:059-0500 ThreadID=2472 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=1e1b954f-42fc-407d-8cdd-3c3381bb64c7.1732195199044 Timestamp=2024-11-21T08:19:59:059-0500 ThreadID=2472 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=1e1b954f-42fc-407d-8cdd-3c3381bb64c7.1732195199044 Timestamp=2024-11-21T08:19:59:059-0500 ThreadID=2472 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=1e1b954f-42fc-407d-8cdd-3c3381bb64c7.1732195199044 Timestamp=2024-11-21T08:19:59:059-0500 ThreadID=2472 Component=ngl-lib_NglAppLib Description="SetConf
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29752
        Entropy (8bit):5.3964135711706955
        Encrypted:false
        SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rc:g
        MD5:F36CF0B80F5613F931C9B166919304F3
        SHA1:A039C62D009B1EDD3FBED5D25DC2A9EB7CBC402A
        SHA-256:4C78A429038828CE51147DBE33F391D936D326B62505525C8124DDC2BFCC3F74
        SHA-512:207153BECC39B584BFB773B484AD46532675401F68CEED1FC4877DCE13F4A73DC8B07326592F4D1BA5439C98DD74300A958C29D910362C3C8F52F3B2A0809FBE
        Malicious:false
        Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/rwYIGNP4mOWL07oBGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:TwZG6bWLxBGZN3mlind9i4ufFXpAXkru
        MD5:95F182500FC92778102336D2D5AADCC8
        SHA1:BEC510B6B3D595833AF46B04C5843B95D2A0A6C9
        SHA-256:9F9C041D7EE1DA404E53022D475B9E6D5924A17C08D5FDEC58C0A1DCDCC4D4C9
        SHA-512:D7C022459486D124CC6CDACEAD8D46E16EDC472F4780A27C29D98B35AD01A9BA95F62155433264CC12C32BFF384C7ECAFCE0AC45853326CBC622AE65EE0D90BA
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        File type:PDF document, version 1.4, 2 pages
        Entropy (8bit):7.671715282969651
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:BRNB4220046D2EC_004113.pdf
        File size:354'784 bytes
        MD5:a3b90129336364fe04a62672bec5bac2
        SHA1:de0d07aff56bc86c34e47c87f6aca19123828437
        SHA256:6580703f8adcba9ad7214b8d5be3ec7091351a8f1c0dea71024183adf2f5d486
        SHA512:26646c1cad60e603744d15e65b2b31936083559bdb95995a10dd19f5087fd3fa22c773c6028ded7b7ebfb2e5d19416169c9be35ed41bf54dfe84f7add846373a
        SSDEEP:6144:DB29i/v6p5TCq2jVCELPIV3jZvoirOGt68v1jPmwIBPk5exzYLw8lmEK04xRIE4g:N5/SPeqAVCELPIdj68NjPHOp9LKHWv4g
        TLSH:E674F163CC912903A9A5D7FDBF42AFED3F21B61D26B0736121815ECF3D64211AD89139
        File Content Preview:%PDF-1.4..%@PDF0123456789 1..3 0 obj..<<.. /CreationDate (D:20241121110243+01'00'').. /Creator (Brother Scanner System : MFC-L6800DW series).. /Producer (Brother Scanner System Image Conversion).. /ModDate (D:20241121110243+01'00'')..>>..endob
        Icon Hash:62cc8caeb29e8ae0

        General

        Header:%PDF-1.4
        Total Entropy:7.671715
        Total Bytes:354784
        Stream Entropy:7.668194
        Stream Bytes:352810
        Entropy outside Streams:4.910331
        Bytes outside Streams:1974
        Number of EOF found:1
        Bytes after EOF:
        NameCount
        obj15
        endobj15
        stream4
        endstream4
        xref1
        trailer1
        startxref1
        /Page2
        /Encrypt0
        /ObjStm0
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0

        Image Streams

        IDDHASHMD5Preview
        4746613313131410bf034166678b69e1c7504ccc4fc546e88
        10746653734f27220f3408c1415b0a423fda8e81969a58e7ea
        TimestampSource PortDest PortSource IPDest IP
        Nov 21, 2024 14:20:06.770392895 CET6082153192.168.2.41.1.1.1
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Nov 21, 2024 14:20:06.770392895 CET192.168.2.41.1.1.10xdddeStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Nov 21, 2024 14:20:06.996792078 CET1.1.1.1192.168.2.40xdddeNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
        Nov 21, 2024 14:20:08.778096914 CET1.1.1.1192.168.2.40xe919No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
        Nov 21, 2024 14:20:08.778096914 CET1.1.1.1192.168.2.40xe919No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

        Click to jump to process

        Click to jump to process

        Click to dive into process behavior distribution

        Click to jump to process

        Target ID:0
        Start time:08:19:55
        Start date:21/11/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\BRNB4220046D2EC_004113.pdf"
        Imagebase:0x7ff6bc1b0000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Target ID:1
        Start time:08:19:56
        Start date:21/11/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff74bb60000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Target ID:3
        Start time:08:19:56
        Start date:21/11/2024
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2096 --field-trial-handle=1564,i,18300350310385928855,1257340988202054605,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff74bb60000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        No disassembly