Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
P.Adv Form TRC informatica S L.PDF

Overview

General Information

Sample name:P.Adv Form TRC informatica S L.PDF
Analysis ID:1579942
MD5:338659c5c845c1b4ee71d329afca0111
SHA1:674d363398114e54251bebcaa4318d4d1f1ffdc7
SHA256:e26f58e78aec2dae8304aed66550caa4beb14f8a030e5b68ce9820d107ce40a9
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

  • System is w10x64
  • Acrobat.exe (PID: 3840 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\P.Adv Form TRC informatica S L.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 4712 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5528 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1712,i,10649813687301408746,10568959059910481676,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean0.winPDF@14/51@1/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-23 10-22-08-492.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\P.Adv Form TRC informatica S L.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1712,i,10649813687301408746,10568959059910481676,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1712,i,10649813687301408746,10568959059910481676,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: P.Adv Form TRC informatica S L.PDFInitial sample: PDF keyword /JS count = 0
Source: P.Adv Form TRC informatica S L.PDFInitial sample: PDF keyword /JavaScript count = 0
Source: P.Adv Form TRC informatica S L.PDFInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System1
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579942 Sample: P.Adv Form TRC informatica ... Startdate: 23/12/2024 Architecture: WINDOWS Score: 0 13 x1.i.lencr.org 2->13 7 Acrobat.exe 18 66 2->7         started        process3 process4 9 AcroCEF.exe 109 7->9         started        process5 11 AcroCEF.exe 4 9->11         started       

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    high
    NameSourceMaliciousAntivirus DetectionReputation
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
      high
      No contacted IP infos
      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1579942
      Start date and time:2024-12-23 16:21:11 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 5s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowspdfcookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:9
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:P.Adv Form TRC informatica S L.PDF
      Detection:CLEAN
      Classification:clean0.winPDF@14/51@1/0
      Cookbook Comments:
      • Found application associated with file extension: .PDF
      • Found PDF document
      • Close Viewer
      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 23.218.208.137, 18.213.11.84, 34.237.241.83, 54.224.241.105, 50.16.47.176, 162.159.61.3, 172.64.41.3, 23.195.39.65, 2.16.168.102, 2.16.168.117, 2.16.168.105, 2.16.168.107, 23.218.208.109, 3.233.129.217, 23.217.172.185, 13.107.246.63, 4.175.87.197
      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
      • VT rate limit hit for: P.Adv Form TRC informatica S L.PDF
      TimeTypeDescription
      10:22:16API Interceptor3x Sleep call for process: AcroCEF.exe modified
      No context
      No context
      No context
      No context
      No context
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.164467922245119
      Encrypted:false
      SSDEEP:6:30L+q2P92nKuAl9OmbnIFUt8Ya1KWZmw+YajLVkwO92nKuAl9OmbjLJ:kL+v4HAahFUt8aW/+BLV5LHAaSJ
      MD5:9D431129AFBE6F3F2F52E7265AFA0E56
      SHA1:5FD4B099DA04145CA73EFB6336F8174987396854
      SHA-256:B4F509AEB96775F011B9C39BB9BAA5D2CEC38F583CD7E2A0C2FBF1C5D43BEEC8
      SHA-512:A09A15B0D990B6E0618B3058E9F970E7376898B9D1201C745A4EBCEBE7385882B9918501BBDC466FE082BC9CA0E3AEB92B9FAC0F487418AA7F4A53E5ED2F6296
      Malicious:false
      Reputation:low
      Preview:2024/12/23-10:22:06.256 153c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/23-10:22:06.258 153c Recovering log #3.2024/12/23-10:22:06.258 153c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.164467922245119
      Encrypted:false
      SSDEEP:6:30L+q2P92nKuAl9OmbnIFUt8Ya1KWZmw+YajLVkwO92nKuAl9OmbjLJ:kL+v4HAahFUt8aW/+BLV5LHAaSJ
      MD5:9D431129AFBE6F3F2F52E7265AFA0E56
      SHA1:5FD4B099DA04145CA73EFB6336F8174987396854
      SHA-256:B4F509AEB96775F011B9C39BB9BAA5D2CEC38F583CD7E2A0C2FBF1C5D43BEEC8
      SHA-512:A09A15B0D990B6E0618B3058E9F970E7376898B9D1201C745A4EBCEBE7385882B9918501BBDC466FE082BC9CA0E3AEB92B9FAC0F487418AA7F4A53E5ED2F6296
      Malicious:false
      Reputation:low
      Preview:2024/12/23-10:22:06.256 153c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/23-10:22:06.258 153c Recovering log #3.2024/12/23-10:22:06.258 153c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):338
      Entropy (8bit):5.1754947489971785
      Encrypted:false
      SSDEEP:6:38qM+q2P92nKuAl9Ombzo2jMGIFUt8YVZmw+YwMVkwO92nKuAl9Ombzo2jMmLJ:sqM+v4HAa8uFUt86/+lMV5LHAa8RJ
      MD5:62072559BFF713164B6AACBC71041A7B
      SHA1:F6B0543FBF2E85DD98AAAE3FEB2EA6E2F46B2DB7
      SHA-256:E0F27915B59A140F9644A4209AE71247335C5CEA5399CF8090A40F1BD19214ED
      SHA-512:47DC02A831915D5F3E49CD39D0924F2A6DEECE3A2BD789DACE614EDE2EF729CEA52D13E8E04AEA00BA7988AEF9DF162C16438A272456DD15D12AFF195CE3570E
      Malicious:false
      Reputation:low
      Preview:2024/12/23-10:22:06.255 198c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/23-10:22:06.256 198c Recovering log #3.2024/12/23-10:22:06.256 198c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):338
      Entropy (8bit):5.1754947489971785
      Encrypted:false
      SSDEEP:6:38qM+q2P92nKuAl9Ombzo2jMGIFUt8YVZmw+YwMVkwO92nKuAl9Ombzo2jMmLJ:sqM+v4HAa8uFUt86/+lMV5LHAa8RJ
      MD5:62072559BFF713164B6AACBC71041A7B
      SHA1:F6B0543FBF2E85DD98AAAE3FEB2EA6E2F46B2DB7
      SHA-256:E0F27915B59A140F9644A4209AE71247335C5CEA5399CF8090A40F1BD19214ED
      SHA-512:47DC02A831915D5F3E49CD39D0924F2A6DEECE3A2BD789DACE614EDE2EF729CEA52D13E8E04AEA00BA7988AEF9DF162C16438A272456DD15D12AFF195CE3570E
      Malicious:false
      Reputation:low
      Preview:2024/12/23-10:22:06.255 198c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/23-10:22:06.256 198c Recovering log #3.2024/12/23-10:22:06.256 198c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):508
      Entropy (8bit):5.047195090775108
      Encrypted:false
      SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
      MD5:70321A46A77A3C2465E2F031754B3E06
      SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
      SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
      SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):508
      Entropy (8bit):5.047195090775108
      Encrypted:false
      SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
      MD5:70321A46A77A3C2465E2F031754B3E06
      SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
      SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
      SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
      Malicious:false
      Reputation:moderate, very likely benign file
      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):508
      Entropy (8bit):5.047195090775108
      Encrypted:false
      SSDEEP:12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
      MD5:70321A46A77A3C2465E2F031754B3E06
      SHA1:5E7E713285D36F12ACFC68A34D8A34FD33C96B34
      SHA-256:344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
      SHA-512:E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
      Malicious:false
      Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:modified
      Size (bytes):579
      Entropy (8bit):5.032582435760348
      Encrypted:false
      SSDEEP:12:YHgLdvFzoqBWsB6um3RA8sq40SsBd2caq3QH7E4TfF+:YALtFJB7JsRdsEdJ3QH7np+
      MD5:BC1244A67D55E9A8538BFA2E2040EB48
      SHA1:478CB0DDAE73F6683B3C5153F2BA3979868B5FF8
      SHA-256:9BF42183BB3890BC85580A0E917487DCF7D53BC58D3E0B304D4ED8E189FF1840
      SHA-512:8F42933552607031AC7DB66D376ABBD6302F11C3E13F623C44BC363C2AD5A65B08BBF94B65BE4781B76222F005AAEA73CDF8318BA70584C4E958D3D7CBDD486E
      Malicious:false
      Preview:{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":2,"broken_until":"1734967640","host":"chrome.cloudflare-dns.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379527338806333","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):4509
      Entropy (8bit):5.241508830973213
      Encrypted:false
      SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUAfAnBMhImfYZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL2
      MD5:422CF260653579B032E130DC02F4E31F
      SHA1:2157EC6CCAC8DBF56E70240E2AA0F64978286763
      SHA-256:12B7B21F293575CD45267B9773292EDC20DDBCC43586026898AD6B3B8B0FA435
      SHA-512:8A63A4D59004BF037908CD4A31A54AEDDDA316F4984ED76FFC489F4F3E4E0CEF7BBE443AE23383C0A900215F170B156B3C9003710B332971292F460D43A51716
      Malicious:false
      Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):326
      Entropy (8bit):5.197881231472661
      Encrypted:false
      SSDEEP:6:3aM+q2P92nKuAl9OmbzNMxIFUt8Y5sZmw+Y5HMVkwO92nKuAl9OmbzNMFLJ:KM+v4HAa8jFUt85/+sMV5LHAa84J
      MD5:9CED6211BE5FD5F9237D99EFA525454F
      SHA1:3E6F4E4000C6FF53BB1C3F82B8517D7FF5053A36
      SHA-256:9334D016B9BA968B86D745F7B3556EFFDAEE77FD1465E2F14155C078C9768898
      SHA-512:E231278BED85FA2738B4FAC8F5851E4B079118CA364BB75A5E95439EFFDB409AD58C9E44B0F86E8DFE61B05367667DEF5ED8E913F309204B98E6C6C8550B9025
      Malicious:false
      Preview:2024/12/23-10:22:06.377 198c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/23-10:22:06.378 198c Recovering log #3.2024/12/23-10:22:06.378 198c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):326
      Entropy (8bit):5.197881231472661
      Encrypted:false
      SSDEEP:6:3aM+q2P92nKuAl9OmbzNMxIFUt8Y5sZmw+Y5HMVkwO92nKuAl9OmbzNMFLJ:KM+v4HAa8jFUt85/+sMV5LHAa84J
      MD5:9CED6211BE5FD5F9237D99EFA525454F
      SHA1:3E6F4E4000C6FF53BB1C3F82B8517D7FF5053A36
      SHA-256:9334D016B9BA968B86D745F7B3556EFFDAEE77FD1465E2F14155C078C9768898
      SHA-512:E231278BED85FA2738B4FAC8F5851E4B079118CA364BB75A5E95439EFFDB409AD58C9E44B0F86E8DFE61B05367667DEF5ED8E913F309204B98E6C6C8550B9025
      Malicious:false
      Preview:2024/12/23-10:22:06.377 198c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/23-10:22:06.378 198c Recovering log #3.2024/12/23-10:22:06.378 198c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
      Category:dropped
      Size (bytes):65110
      Entropy (8bit):0.6543637615523437
      Encrypted:false
      SSDEEP:96:A8FM2Cpb5+MSMLMx7K9NIxUhjXa/DMMWMMR:bm
      MD5:D95792C74ED2C2C2A92C459C73423521
      SHA1:D45AE6EB05FE40778C2F0B779B7C15E20D806917
      SHA-256:626C68CB32BED9CC3842C6A9E1B4EEC7C706E05DE881F97BB29DD136B29F70CF
      SHA-512:2C9F137B76C03E2D92DC974888AF049CE739E1A106932339F50230A4A6A0C8218378D593531A62D68B7F34BB930C34FEDD8BB66E12F38EB7443EC5AA66A5BA7A
      Malicious:false
      Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Certificate, Version=3
      Category:dropped
      Size (bytes):1391
      Entropy (8bit):7.705940075877404
      Encrypted:false
      SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
      Malicious:false
      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
      Category:dropped
      Size (bytes):71954
      Entropy (8bit):7.996617769952133
      Encrypted:true
      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
      Malicious:false
      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):192
      Entropy (8bit):2.7386214950254377
      Encrypted:false
      SSDEEP:3:kkFklHkNvfllXlE/HT8khBtNNX8RolJuRdxLlGB9lQRYwpDdt:kKxQT8o5NMa8RdWBwRd
      MD5:ED3F0E0D486FA3D59D1E88BD83475192
      SHA1:3426E29D9EB76809269E8EA6F01AC3D60EA32A9E
      SHA-256:CAE0819E2F3609E1951C3CD8C8C8A27FD9521B8B81BAA0D349C542C3436E4AAD
      SHA-512:94149EE49E5CF81037FACA33081AF54D7428E45FE713287C3DFE3348EDA52D296582DC796F152374427E440CCDA4DDCB57B3F9F9761B5A043AA9CCB9F66FF64C
      Malicious:false
      Preview:p...... ........4..sNU..(....................................................... ..........W....Dr..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:modified
      Size (bytes):328
      Entropy (8bit):3.1501841598665044
      Encrypted:false
      SSDEEP:6:kKRN9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:uDnLNkPlE99SNxAhUe/3
      MD5:6B5AA5CD7D94D634A510ECA4D3DCC4B2
      SHA1:052E6830C7F736BD739FA6C5C2BB73C4969671B6
      SHA-256:2E915818389167B2760B61CFE5D83BD975A9FDCBEB1E54A9A073EC67311A2645
      SHA-512:2606B631086A2642ED479B4FF127BE1529227B84FCD33E3929E3104F38CEB980582DEF505716CA383CC305327D01DAE4DF7FD2FCED4AC964E6D5087CDAE2CF57
      Malicious:false
      Preview:p...... ..........5.NU..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):1233
      Entropy (8bit):5.233980037532449
      Encrypted:false
      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
      MD5:8BA9D8BEBA42C23A5DB405994B54903F
      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
      Malicious:false
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):1233
      Entropy (8bit):5.233980037532449
      Encrypted:false
      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
      MD5:8BA9D8BEBA42C23A5DB405994B54903F
      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
      Malicious:false
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):1233
      Entropy (8bit):5.233980037532449
      Encrypted:false
      SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
      MD5:8BA9D8BEBA42C23A5DB405994B54903F
      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
      Malicious:false
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):10880
      Entropy (8bit):5.214360287289079
      Encrypted:false
      SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
      MD5:B60EE534029885BD6DECA42D1263BDC0
      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
      Malicious:false
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):10880
      Entropy (8bit):5.214360287289079
      Encrypted:false
      SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
      MD5:B60EE534029885BD6DECA42D1263BDC0
      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
      Malicious:false
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):227002
      Entropy (8bit):3.392780893644728
      Encrypted:false
      SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
      MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
      SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
      SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
      SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
      Malicious:false
      Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):295
      Entropy (8bit):5.339795649013964
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJM3g98kUwPeUkwRe9:YvXKX1ix1YpW7O/8sGMbLUkee9
      MD5:CECB26DADE3907B80C45347B1FFC2321
      SHA1:E33274C651902DD0A48D370C5D85F1EF65B74427
      SHA-256:82AE6283F2B5313E5E898858FF873493B37480CB63AFE4C704BF5389957CE864
      SHA-512:6B57024D92552FD1D3EA3510340340E3FB98536CE1A8A107F738833CBDE35A0A7BFA213971179013F44642336AFF808527748CE3211358943680FC2E18CFD279
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.277045360268896
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfBoTfXpnrPeUkwRe9:YvXKX1ix1YpW7O/8sGWTfXcUkee9
      MD5:579478C941278C52B3A73915DDC86F31
      SHA1:9F931EE67A1FBFC52562A0687D1B1C61C313B807
      SHA-256:C512603EBC2F20692A38447F46F74A3BA1BCE480E4A8B5A705D1C5C936BA1ABE
      SHA-512:145773A3FE6908BC973DA0C32358845BCD91AB406784AB571502BFA19C8144E30DFCE2173FA8A58212FC904325339D1B3A6BEFC0EC06B2E6F0DA31B352EF32E6
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.255079189160315
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfBD2G6UpnrPeUkwRe9:YvXKX1ix1YpW7O/8sGR22cUkee9
      MD5:3FA9DEE3592F2958D7DE56E81A1CC4C9
      SHA1:A649E632D324FB6437797127407755EC2449FBF8
      SHA-256:6D0454CEF7AD0BB784C9C170E481BEB8C245F0F166CE44AE8110EC9EA37026DE
      SHA-512:E58C3CF891F9452F9B31EB1B6AB3C4A9D4008C87C5BE594909F30AB1B42819FA9F9FF02EC03AA77202F2F2A5436ADBAD48EE4C8EA71F84FEFD66CD0CE260451D
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):285
      Entropy (8bit):5.31786158851691
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfPmwrPeUkwRe9:YvXKX1ix1YpW7O/8sGH56Ukee9
      MD5:2F6C0D433AFFC824551F1C5DC210ED1B
      SHA1:7894323B5905192FE0C592D4C26EDBC9626C91FE
      SHA-256:F3174275D3F80DEE6D606906E2A98EFC8DAE44DAE96807F0E4CEBCE5F351DE8D
      SHA-512:629CAE2C295F008E06DED72CCEDFE0DBA0EAC3AF0BB945E7D195FE4BCB420DFE15044AE4ED83E0371159660E0547D3AEE9003D1F4ADEAA6A49460AC40D91D1D8
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1123
      Entropy (8bit):5.685778581599014
      Encrypted:false
      SSDEEP:24:Yv6XMwiO/spLgE9cQx8LennAvzBvkn0RCmK8czOCCSq:Yvbnxhgy6SAFv5Ah8cv/q
      MD5:CD25258D6AEB74B9D1EDADEF7F91C22E
      SHA1:A76C3C1C33F4C086E4384038339242FC501CA2EB
      SHA-256:494800D0E223026EB044A9E6FAA10DC0BB429412E06460D12B45E95BFFF99564
      SHA-512:B684B74269E5C0AFAE9C4A9E20E4F2A3591B87032C1586932C6A47211AD5E6743C342B38D1007FCB2465C6F9CBBEB1C8428C3A82C7D0C37B90626B409B75102A
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.261711370652775
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJf8dPeUkwRe9:YvXKX1ix1YpW7O/8sGU8Ukee9
      MD5:31F50BE75C0B2F50C1026119BB685207
      SHA1:DC7B3ACF1336D3D5AE29B43F32A7FDDAC0D2127C
      SHA-256:3C45B4A0E5B7590D5135D9D8107355EEB17B90D9393F2D3F13D24471DAD9219B
      SHA-512:B3F55F9AA6BF306407783642E6978584BE1E5625A71C5A07D73D7234EAE4EF84BC5970FA96405211000F68574EA0AE0412399EB90DBDF41B70E739951F699EFC
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):292
      Entropy (8bit):5.262164895438321
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfQ1rPeUkwRe9:YvXKX1ix1YpW7O/8sGY16Ukee9
      MD5:E4A1A479777B6B52E06BBD8FAE5C7E1D
      SHA1:BFFA9D1D2006B90D040BE495CE5F08CDF4EDDB51
      SHA-256:98D37604D4C805354A72644DACE41132A39452603A49720CD3068FEFA99EC60E
      SHA-512:8270E2BC84624C1DA842A41FF2EB9700B05100F4A5153FF599A17B48A692AC2813F0CBA9BB706BBEEECB5A58936A4F87AB58494BCD05A974C5D9F6EFAB84B4FC
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.2830993622664035
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfFldPeUkwRe9:YvXKX1ix1YpW7O/8sGz8Ukee9
      MD5:610304F9C1B8799705C91ACC90893C78
      SHA1:FAE7FA412EF7C445F8B43E17BD9CDF67E1DEDA15
      SHA-256:3862AABC2AF9CEE3CABDAE8E663CE168D75B8130721C8F9D4F4DBABE10BE01B5
      SHA-512:19E5EFB4FEF4B1D472B9F1B757BD817FB80DC68977082D638D4F3F375A2F705F388E8686242866DB9DB5303B8E03B54E0CC92BD7CC3621B7632D6DAB333E5005
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):295
      Entropy (8bit):5.290831638612789
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfzdPeUkwRe9:YvXKX1ix1YpW7O/8sGb8Ukee9
      MD5:D5A5165685A71E6F30A452FD48666670
      SHA1:9EBE1C32F360945D3E7284F4B4AC9D9565AFE775
      SHA-256:6B800844A7FF61B9A36A838E634B9DB181C62960685B0627AB52AD1E346DF863
      SHA-512:F7C0FF983EB9980FCDF84DC3175CC5C504FCFA6A42EEE22757DC230242B18A03C1985B0E6C86C409B957CF64F36F2F98D9545378EEF2F2C8D0F5B53D7362DF6F
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.270276998851291
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfYdPeUkwRe9:YvXKX1ix1YpW7O/8sGg8Ukee9
      MD5:DEAB7DBA5AFD23C6C005FEE0A6D28330
      SHA1:4E350A75016EF9CE1469A6966203C85CB1C4FEA7
      SHA-256:856943C7E93695366EF18CDE51FDF59AC8CFC28D5AD2674A31023131D9E6AC9B
      SHA-512:609A9B5F1DCA977D498E05BBBF8FBCB3A881955200220CDAC10BFCFA75B454EE2057F443D54805A38FA2710B3C658C18C6AC860B8B37C641F13F58421128D547
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):284
      Entropy (8bit):5.25638543302088
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJf+dPeUkwRe9:YvXKX1ix1YpW7O/8sG28Ukee9
      MD5:B177846450DCA1FF32C459249F96EFA7
      SHA1:E1D6D5BCB7D02C6768800C44BDABF02E8A6C6E58
      SHA-256:C8AA5F2287EED433CE31EF0C0AFB3C059B91D8099944334DF29902A32015072F
      SHA-512:06DA913CD94FF3BDAA363F2964B78CED2FA8BA03E61A17637C95B7A45773672B5905EEEB38872BEF4F0D06044DF48F19803A45729B34DD2682DDB973565203C7
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):291
      Entropy (8bit):5.25402837831999
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfbPtdPeUkwRe9:YvXKX1ix1YpW7O/8sGDV8Ukee9
      MD5:C7525C7855BCFFA80675F3270197971E
      SHA1:1A56F8E54ECA3C2B93E265906501322FE7DBCFAA
      SHA-256:B81D3F0D5AB88E3B6573789549D4D0AA495D73579621934BF97F77A2C6E8699E
      SHA-512:AAA664F7658B8447D56EC6E3F51D5FCF983D2A33D9B7907168A06A932CBEF6971972B893EF1C62B5165F9CD470B146F5E2EBF1EBB70380E8AE8EA051B95B830D
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):287
      Entropy (8bit):5.2546404367902815
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJf21rPeUkwRe9:YvXKX1ix1YpW7O/8sG+16Ukee9
      MD5:EEAA833F6854AB82F2F3FDCDA16C13D7
      SHA1:C25AD26486C67A21167030B7730BE98830B24074
      SHA-256:2DD3180410764310ACBA37DD97B32EB1DA25E0156FB1B3101D0F165CAA58B2AC
      SHA-512:AA8DF42FC275028B39C01C43543CFDC9B232BA27B4757E8648A3CB8DBC5FF559BF7271D6F7DEC82C75AB75DF548ECB2F38C3DE27F3616040FAE4B3B68D0A86D7
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1090
      Entropy (8bit):5.658657376659423
      Encrypted:false
      SSDEEP:24:Yv6XMwiO/YamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSq:YvbndBgkDMUJUAh8cvMq
      MD5:D95535F62379BDD220B90E2AB00001E7
      SHA1:3DFFE2F1B6B5C540B21743CCA967EA38056A9205
      SHA-256:53B861CAC6FF6FCA7B0DBFC7C5505489A79586D99277B6D5D88483548CC12AE2
      SHA-512:611D1418D48171831F3E256CA7F6B1884134EC4CE90197CB998764FCE58D9E0D450164A37F034C30431920C95ECF8738F58E0720B9F02625671E5F2EA720AFA9
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):286
      Entropy (8bit):5.2300811433013035
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJfshHHrPeUkwRe9:YvXKX1ix1YpW7O/8sGUUUkee9
      MD5:5302B904901E30334270DE3ECB62CA78
      SHA1:7CACFB61C94A09BDE74E68465EB2F67C6EF081BB
      SHA-256:A3B57B739A7A0A3A67BAD9EFB5074869C084EA56B98F55418A54858C8AE35228
      SHA-512:916F6391BC34B0C21AA7FB7739738B804C18875411E89F2A60C40AF57C8FAEF579DA9602DBDF6D57010C2988507FFC7F257A0A8DDD4D88820F55A076DFAC275C
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):282
      Entropy (8bit):5.247737902369069
      Encrypted:false
      SSDEEP:6:YEQXJ2HXR7RIxeVx+FIbRI6XVW7+0Y1Qw8DoAvJTqgFCrPeUkwRe9:YvXKX1ix1YpW7O/8sGTq16Ukee9
      MD5:09C192550B37728417828BDDAF12F24D
      SHA1:993B75B233E7890DA669D292C7AF67A71F8C421E
      SHA-256:66F9A53307F085A9452FADD66CA3E5D46CEA6BC998A1ED0C473A1B4BC1ACDF2F
      SHA-512:BEBAABB7439B2016EAA50A0AA2DB322156CC74DDB493DAD0CD147E0D941F33F716DB0DFAA06E40C4E05C1F219D30E3BA4F3EEF6B615E49B50230D8A12045470E
      Malicious:false
      Preview:{"analyticsData":{"responseGUID":"dce7677c-e5c4-4471-b33d-bfec72397599","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1735144486543,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):4
      Entropy (8bit):0.8112781244591328
      Encrypted:false
      SSDEEP:3:e:e
      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
      Malicious:false
      Preview:....
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):2814
      Entropy (8bit):5.138953130620453
      Encrypted:false
      SSDEEP:24:Ye5IVAamyayrMHq7EKHJhx2K2baT61r9gjP1j0SoHA1CM2ixQ2LSyCfvxo3b75vp:Yro6rHnNT66P5kA1XNxQ0gvxo3vl9zzX
      MD5:B11EDAAAB4DB0ECB0B1703A0AD7A0006
      SHA1:00726DB97D50AF5EF41E2451A5424BFCDC00A3DC
      SHA-256:D1BF0E225014785A71387F94915FE49255708FBF1C59098857C72E7215A9CF25
      SHA-512:E1B70177504956DBC089F8FF496DB09AF8BE65AE3647F72A8FCC51FA443440F9A4DD94BE9E4EB8AB9BC05C9E1597965005AF81B730D4B93B30B15489A340183F
      Malicious:false
      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3f17922c9e9d60a7b95763b318c8a2e2","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734967336000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ce9a55f93d90563dc22fb34ed9b177df","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734967336000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"bc3b133241ec8e2f6e4189bd3135ee8f","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734967336000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"bac9879b796b852c56719992c85d2fc0","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734967336000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"3de75b732b26a83259241f2cf394e354","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734967336000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"62748706f30629b85f580ffa716f7e2b","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
      Category:dropped
      Size (bytes):12288
      Entropy (8bit):0.9843836272890555
      Encrypted:false
      SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sp2cZm4zJwtNBwtNbRZ6bRZ45cZmF:TVl2GL7ms6ggOVplZxzutYtp6PDZ+
      MD5:6909A25ED821D46FFAF474F91B11DD55
      SHA1:B5E3ADE060816213F9A95963C4A63CEB4456613A
      SHA-256:8497AEEC2D2824E42E3225DC1F89EC24927E381F092A7B7ADD23A0B1B01412E3
      SHA-512:CF0C5B78436F52C4D5834B106C844DD1B161E1064D539C400078EA4EE5673F3D526602E64E1F2357577656C458E7DDE75CE8604F6985BBA68F441EA480155F9F
      Malicious:false
      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):8720
      Entropy (8bit):1.3391147551084948
      Encrypted:false
      SSDEEP:24:7+tcAD1RZKHs/Ds/Sp2cZmPzJwtNBwtNbRZ6bRZWf1RZKgqLBx/XYKQvGJF7ursI:7McGgOVplZqzutYtp6PMxqll2GL7msI
      MD5:8B4D7A9CD571AAF6FA59A1EB0F7E2B5B
      SHA1:D2832221C63503DE9F262744BCB2766C63EA2D82
      SHA-256:65EC9DD55E58237E8FA6FFD0399EE66192B81221047AE14D90747D0BBF141A21
      SHA-512:B74C69FE98177E514DAA0688C483678488C60B1F453DAA4FF8FB6DDB7B972BB86DD39B18527EFF0B2CC25CD5181058AA99C6C7CD31B3F6B8DDCAAE2847A5FFE4
      Malicious:false
      Preview:.... .c.......].......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):66726
      Entropy (8bit):5.392739213842091
      Encrypted:false
      SSDEEP:768:RNOpblrU6TBH44ADKZEgIfvNlcUcKN8sUP4ORn3ZFUhqiUYyu:6a6TZ44ADEIfFlFTN8DdUheK
      MD5:4F98FCC4821409022C520CFB8CE4B356
      SHA1:E5BCB371F28711C69E4B684BBB81D4D066964F9A
      SHA-256:EEABAEF9594E1A0BF3689D8F7C91D0DBC774E82A6B28DB6A84E6F0903AEA89B2
      SHA-512:3A99AE1A7685DAFED55D2992F7795D31B2498FC1E31CBC49FE5BE4CC8321E59A1E6EB07FBD139FE79F431EE9AB4DB416D856730BD9BBD372934BAEFD525E04A6
      Malicious:false
      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
      Category:dropped
      Size (bytes):246
      Entropy (8bit):3.488233466829981
      Encrypted:false
      SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8rOlAadNGlrCH:Qw946cPbiOxDlbYnuRKDlcrw
      MD5:399770E7A61C2B4205AD273AF6DFE9BB
      SHA1:FF22032F5C2A32A6A1AF8B143F0A8472F8FBB01C
      SHA-256:8A1C97981EB7BA8B41BD082C55692966C38EC3BF0603D382E273E15C74F37E31
      SHA-512:2B0BC116704E021B017BC9C2F9E4FE34C463E91A3D5096881FC77B1765BBCF61DFC14078D23303D3FB6E9CC25F3DA572FA963C21EB6FA8288D5AF63E167888CB
      Malicious:false
      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.1.2./.2.0.2.4. . .1.0.:.2.2.:.1.3. .=.=.=.....
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with very long lines (393)
      Category:dropped
      Size (bytes):16525
      Entropy (8bit):5.376360055978702
      Encrypted:false
      SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
      MD5:1336667A75083BF81E2632FABAA88B67
      SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
      SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
      SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
      Malicious:false
      Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with very long lines (393), with CRLF line terminators
      Category:dropped
      Size (bytes):15114
      Entropy (8bit):5.372230021741286
      Encrypted:false
      SSDEEP:384:9M6hyMzR+LjNpa9ArhEhrgBgdgYgsgHgONOV9DoTEg6yCINeZoAZ5yhEP8P671tL:rUG
      MD5:E8927A3E921230DDC8912830E3FD161F
      SHA1:BB2B7673B51A0E6526EE85D5AC1B4BCE4A594B0A
      SHA-256:E5462543C4ED0BAA42AEA1A8A72CCB08DE4D79F2A9E5441E7E5CDFB5F3AF970A
      SHA-512:4833AFAF916D22C4FAE693FAEBDF9A91A0BD705F3CA21FE3C710DA273F3BD5B7AC70397E5120BAC3894E93645D7EEDE1E8BA3D6E36756E0FB1C4F88F1C5ED3BE
      Malicious:false
      Preview:SessionID=4b02b73d-9f4a-48fa-8695-982168484af0.1734967328519 Timestamp=2024-12-23T10:22:08:519-0500 ThreadID=7388 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=4b02b73d-9f4a-48fa-8695-982168484af0.1734967328519 Timestamp=2024-12-23T10:22:08:539-0500 ThreadID=7388 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=4b02b73d-9f4a-48fa-8695-982168484af0.1734967328519 Timestamp=2024-12-23T10:22:08:539-0500 ThreadID=7388 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=4b02b73d-9f4a-48fa-8695-982168484af0.1734967328519 Timestamp=2024-12-23T10:22:08:539-0500 ThreadID=7388 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=4b02b73d-9f4a-48fa-8695-982168484af0.1734967328519 Timestamp=2024-12-23T10:22:08:539-0500 ThreadID=7388 Component=ngl-lib_NglAppLib Description="SetConf
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):29752
      Entropy (8bit):5.392586544639601
      Encrypted:false
      SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbO:S
      MD5:D7F6045F0551B4EE93BBA98CAF9E2DB4
      SHA1:45EF57EBF40FCC2EE5C46B0F34D37F7EB2844738
      SHA-256:28A3546AD377AD64E8F006AD56C9D6E8D73DE127F6EE8ACAA7054C1A4D5754FF
      SHA-512:D2648FF3F46026B569F62B500BDD14779193BB054C8EDEF5B15A976E26282EA0318A972093477F98E29DA846B57E6B0208F31543F8A17060B6E71F8A5AC68D0F
      Malicious:false
      Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
      Category:dropped
      Size (bytes):758601
      Entropy (8bit):7.98639316555857
      Encrypted:false
      SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
      MD5:3A49135134665364308390AC398006F1
      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
      Malicious:false
      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
      Category:dropped
      Size (bytes):1407294
      Entropy (8bit):7.97605879016224
      Encrypted:false
      SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
      Malicious:false
      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
      Category:dropped
      Size (bytes):1419751
      Entropy (8bit):7.976496077007677
      Encrypted:false
      SSDEEP:24576:/xA7ouWLaGZ7wYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVuWLaGZ7wZGk3mlind9i4ufFXpAXkru
      MD5:13F55292D0735B9ABD4259B225D210FC
      SHA1:810CC5D545BFA11D2825F6E1DFA69176794DA7EC
      SHA-256:8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6
      SHA-512:4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA
      Malicious:false
      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
      Category:dropped
      Size (bytes):386528
      Entropy (8bit):7.9736851559892425
      Encrypted:false
      SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
      MD5:5C48B0AD2FEF800949466AE872E1F1E2
      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
      Malicious:false
      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
      File type:PDF document, version 1.6 (zip deflate encoded)
      Entropy (8bit):7.083483043085971
      TrID:
      • Adobe Portable Document Format (5005/1) 100.00%
      File name:P.Adv Form TRC informatica S L.PDF
      File size:17'340 bytes
      MD5:338659c5c845c1b4ee71d329afca0111
      SHA1:674d363398114e54251bebcaa4318d4d1f1ffdc7
      SHA256:e26f58e78aec2dae8304aed66550caa4beb14f8a030e5b68ce9820d107ce40a9
      SHA512:5cec36d10a5bc0658c1ec4be8d77cc1a1688db2e1db0f6a054c783838ebe67e972522ab67b111e69f54045c640f0818a468a68a46197508fd0869d4f130d3994
      SSDEEP:192:NC0ctplGtjqFAUW4Bk7M/IPFua4cbhGbjd68UsnImzRySXD8TeOuIc5aco5YP:opwtj6AUPawwRhGc8UsnIm3ITIIcQc7
      TLSH:1F728FADCF353141D817673DAC9D78A58E9250DBA5D024313A2C8EDF2FD0E835A522EB
      File Content Preview:%PDF-1.6.%......89 0 obj.<</Filter/FlateDecode/First 467/Length 987/N 62/Type/ObjStm>>stream..h..V.j#I.....$.3.......'vb.O.mw....7....x.:s..=j..`R...'.%..I%.+PA.R....d.Y..X...-.&.C.?.....\b2L^...d.Dbq+..D"N....... .B.@..<YO1....%.(...H +$8...........:.X .
      Icon Hash:62cc8caeb29e8ae0

      General

      Header:%PDF-1.6
      Total Entropy:7.083483
      Total Bytes:17340
      Stream Entropy:7.104252
      Stream Bytes:14679
      Entropy outside Streams:5.533814
      Bytes outside Streams:2661
      Number of EOF found:1
      Bytes after EOF:
      NameCount
      obj22
      endobj22
      stream10
      endstream10
      xref0
      trailer0
      startxref1
      /Page1
      /Encrypt0
      /ObjStm5
      /URI0
      /JS0
      /JavaScript0
      /AA0
      /OpenAction0
      /AcroForm1
      /JBIG2Decode0
      /RichMedia0
      /Launch0
      /EmbeddedFile0

      Image Streams

      IDDHASHMD5Preview
      780000000000000000fa92cc5ea908033dc86111c7973bf46e
      TimestampSource PortDest PortSource IPDest IP
      Dec 23, 2024 16:22:14.934237957 CET5425153192.168.2.51.1.1.1
      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
      Dec 23, 2024 16:22:14.934237957 CET192.168.2.51.1.1.10xb3deStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
      Dec 23, 2024 16:22:15.267401934 CET1.1.1.1192.168.2.50xb3deNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

      Click to jump to process

      Click to jump to process

      Click to dive into process behavior distribution

      Click to jump to process

      Target ID:0
      Start time:10:22:05
      Start date:23/12/2024
      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\P.Adv Form TRC informatica S L.PDF"
      Imagebase:0x7ff686a00000
      File size:5'641'176 bytes
      MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      Target ID:2
      Start time:10:22:05
      Start date:23/12/2024
      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
      Imagebase:0x7ff6413e0000
      File size:3'581'912 bytes
      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      Target ID:4
      Start time:10:22:06
      Start date:23/12/2024
      Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      Wow64 process (32bit):false
      Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1712,i,10649813687301408746,10568959059910481676,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Imagebase:0x7ff6413e0000
      File size:3'581'912 bytes
      MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
      Has elevated privileges:true
      Has administrator privileges:true
      Programmed in:C, C++ or other language
      Reputation:high
      Has exited:true

      No disassembly