Edit tour

Windows Analysis Report
resume.pdf

Overview

General Information

Sample name:resume.pdf
Analysis ID:1640681
MD5:930fc7badacf1a19816a97775662ae54
SHA1:d950e144b4c5a3eaacd2d9ed22b4c63264f70426
SHA256:4dc9b0c20ea61d91d6a1b5bdce76fb5365de0762efb8f6c2925113c6a8950cae
Tags:JavaScriptJSpdfuser-FilipiPires
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
IP address seen in connection with other malware
PDF has an OpenAction (likely to launch a dropper script)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • Acrobat.exe (PID: 8004 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\resume.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 7292 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 576 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1572 --field-trial-handle=1592,i,11672229876952448517,8884072833912729515,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: resume.pdfReversingLabs: Detection: 33%
Source: resume.pdfVirustotal: Detection: 39%Perma Link
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 23.209.213.129:80
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 23.209.213.129:80
Source: global trafficTCP traffic: 23.209.213.129:80 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 23.209.213.129:80
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 23.209.213.129:80
Source: global trafficTCP traffic: 23.209.213.129:80 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 23.209.213.129:80 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 23.209.213.129:80 -> 192.168.2.4:49731
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 23.209.213.129:80
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 23.209.213.129:80
Source: Joe Sandbox ViewIP Address: 23.209.213.129 23.209.213.129
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: mal48.winPDF@15/32@2/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.8104Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-17 10-08-27-130.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: resume.pdfReversingLabs: Detection: 33%
Source: resume.pdfVirustotal: Detection: 39%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\resume.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1572 --field-trial-handle=1592,i,11672229876952448517,8884072833912729515,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1572 --field-trial-handle=1592,i,11672229876952448517,8884072833912729515,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: resume.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: resume.pdfInitial sample: PDF keyword /OpenAction
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System2
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer
Automated ExfiltrationData Encrypted for Impact
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1640681 Sample: resume.pdf Startdate: 17/03/2025 Architecture: WINDOWS Score: 48 15 x1.i.lencr.org 2->15 17 e8652.dscx.akamaiedge.net 2->17 19 crl.root-x1.letsencrypt.org.edgekey.net 2->19 23 Multi AV Scanner detection for submitted file 2->23 8 Acrobat.exe 20 68 2->8         started        signatures3 process4 process5 10 AcroCEF.exe 105 8->10         started        dnsIp6 21 e8652.dscx.akamaiedge.net 23.209.213.129, 49731, 80 TELKOMSEL-ASN-IDPTTelekomunikasiSelularID United States 10->21 13 AcroCEF.exe 2 10->13         started        process7

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
resume.pdf33%ReversingLabsScript-JS.Exploit.Heuristic
resume.pdf39%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
e8652.dscx.akamaiedge.net
23.209.213.129
truefalse
    high
    x1.i.lencr.org
    unknown
    unknownfalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.3.drfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        23.209.213.129
        e8652.dscx.akamaiedge.netUnited States
        23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1640681
        Start date and time:2025-03-17 15:07:13 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 19s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:19
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:resume.pdf
        Detection:MAL
        Classification:mal48.winPDF@15/32@2/1
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer
        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 2.19.104.203, 2.22.242.11, 2.22.242.123, 54.224.241.105, 18.213.11.84, 34.237.241.83, 50.16.47.176, 172.64.41.3, 162.159.61.3, 2.16.100.168, 88.221.110.121, 23.199.214.10, 4.245.163.56, 23.56.162.204, 2.19.106.162
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, c.pki.goog, wu-b-net.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        TimeTypeDescription
        10:08:37API Interceptor3x Sleep call for process: AcroCEF.exe modified
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        23.209.213.129attach.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        cndx.com.emlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
        • x1.i.lencr.org/
        cv(german-v).pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        0015648458_ConfirmationLetter.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        1337.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        Factuur.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        https://get.massive.io/01JN12PB20H9XCNJVKSZRG7SN7?secret=QYVIesQUauQpWOAxGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        Ebizcharge-BonusSupport-request-approved.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        Invisalert Solutions Revised Billing Proposal for 2025.pdfGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        S-1-5-21-1518469996-3191111335-45363088-1001.tarGet hashmaliciousUnknownBrowse
        • x1.i.lencr.org/
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        e8652.dscx.akamaiedge.netf64da42c-e9a8-a0ac-437d-d14377da4643.emlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
        • 23.209.213.129
        attach.pdfGet hashmaliciousUnknownBrowse
        • 23.209.213.129
        nZsqQiT9Wr.lnkGet hashmaliciousUnknownBrowse
        • 2.19.105.127
        Elm City Communities-encrypted.pdfGet hashmaliciousHTMLPhisherBrowse
        • 2.19.105.127
        7ZSfxMod_x86.exeGet hashmaliciousGamaredon, UltraVNCBrowse
        • 2.19.105.127
        Dsyhre- approved on Wednesday March 2025.pdfGet hashmaliciousGabagoolBrowse
        • 72.246.169.163
        file_1741726008685.pdfGet hashmaliciousUnknownBrowse
        • 23.209.209.135
        MyProfessionalResume_Updated.exeGet hashmaliciousUnknownBrowse
        • 23.209.209.135
        cndx.com.emlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
        • 23.209.213.129
        FW 2025 Employee Retention Agreement e-Sign Memo Reff No0883XFDTX6373KVUQ.msgGet hashmaliciousUnknownBrowse
        • 2.23.197.184
        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDf64da42c-e9a8-a0ac-437d-d14377da4643.emlGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
        • 23.209.213.129
        hgfs.x86.elfGet hashmaliciousUnknownBrowse
        • 39.255.58.189
        arm7.elfGet hashmaliciousMiraiBrowse
        • 39.217.19.49
        hgfs.mips.elfGet hashmaliciousUnknownBrowse
        • 39.223.164.149
        hgfs.arm.elfGet hashmaliciousUnknownBrowse
        • 39.243.207.209
        attach.pdfGet hashmaliciousUnknownBrowse
        • 23.209.213.129
        sora.arm.elfGet hashmaliciousMiraiBrowse
        • 39.225.255.254
        hgfs.arm.elfGet hashmaliciousUnknownBrowse
        • 39.250.64.154
        KKveTTgaAAsecNNaaaa.mpsl.elfGet hashmaliciousUnknownBrowse
        • 182.15.47.235
        KKveTTgaAAsecNNaaaa.spc.elfGet hashmaliciousUnknownBrowse
        • 114.122.177.109
        No context
        No context
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.231420664278425
        Encrypted:false
        SSDEEP:6:iOG7rdIq2Pwkn2nKuAl9OmbnIFUto7riSVS9ZmwC7riSc0RFzkwOwkn2nKuAl9Oe:7G9IvYfHAahFUtoRVS9/CRc0RFz5JfHi
        MD5:C9F5BF7CD52AE8750193AD83BC339685
        SHA1:5116358BB9E9648F84D125521ED2433160F5D75A
        SHA-256:81699F5C8F45E008BC1B16494908989FFE0BCE150E2EBD7FFE625116407611C7
        SHA-512:B0378ED6D766B80C6E757EE14076081154425AEDA7225AC2F7D1D8DAB89C3E6CC1F6DB689033ACC03CD53DC3705A7B6956267141128350321EBE17926A5A2465
        Malicious:false
        Reputation:low
        Preview:2025/03/17-10:08:25.283 1c94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/17-10:08:25.370 1c94 Recovering log #3.2025/03/17-10:08:25.371 1c94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.231420664278425
        Encrypted:false
        SSDEEP:6:iOG7rdIq2Pwkn2nKuAl9OmbnIFUto7riSVS9ZmwC7riSc0RFzkwOwkn2nKuAl9Oe:7G9IvYfHAahFUtoRVS9/CRc0RFz5JfHi
        MD5:C9F5BF7CD52AE8750193AD83BC339685
        SHA1:5116358BB9E9648F84D125521ED2433160F5D75A
        SHA-256:81699F5C8F45E008BC1B16494908989FFE0BCE150E2EBD7FFE625116407611C7
        SHA-512:B0378ED6D766B80C6E757EE14076081154425AEDA7225AC2F7D1D8DAB89C3E6CC1F6DB689033ACC03CD53DC3705A7B6956267141128350321EBE17926A5A2465
        Malicious:false
        Reputation:low
        Preview:2025/03/17-10:08:25.283 1c94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/17-10:08:25.370 1c94 Recovering log #3.2025/03/17-10:08:25.371 1c94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):336
        Entropy (8bit):5.191625907236325
        Encrypted:false
        SSDEEP:6:iOG7rRIAQ+q2Pwkn2nKuAl9Ombzo2jMGIFUto7rmFEAgZmwC7rfAQVkwOwkn2nK3:7Gx2+vYfHAa8uFUtoGFm/CFV5JfHAa8z
        MD5:B96B39953894AFEB13EAD0A9B9F4CF4C
        SHA1:E5C4CD8AC55E7315CC7CAA97880017F4D7B5AEA3
        SHA-256:E7D95D1FDE46B1152976E63F6E51232DB1B79A76E5CD6AD3C4B4255107E5267C
        SHA-512:B772EDF3D760D101CA1988A6A3FC91AA21FAD1022DB21D4686DFA794DCDC89B9D95E9F22D2E61A57D6679ECFED391420AC239207EDC0EC92F46AC091886E023E
        Malicious:false
        Reputation:low
        Preview:2025/03/17-10:08:25.064 17bc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/17-10:08:25.069 17bc Recovering log #3.2025/03/17-10:08:25.070 17bc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):336
        Entropy (8bit):5.191625907236325
        Encrypted:false
        SSDEEP:6:iOG7rRIAQ+q2Pwkn2nKuAl9Ombzo2jMGIFUto7rmFEAgZmwC7rfAQVkwOwkn2nK3:7Gx2+vYfHAa8uFUtoGFm/CFV5JfHAa8z
        MD5:B96B39953894AFEB13EAD0A9B9F4CF4C
        SHA1:E5C4CD8AC55E7315CC7CAA97880017F4D7B5AEA3
        SHA-256:E7D95D1FDE46B1152976E63F6E51232DB1B79A76E5CD6AD3C4B4255107E5267C
        SHA-512:B772EDF3D760D101CA1988A6A3FC91AA21FAD1022DB21D4686DFA794DCDC89B9D95E9F22D2E61A57D6679ECFED391420AC239207EDC0EC92F46AC091886E023E
        Malicious:false
        Reputation:low
        Preview:2025/03/17-10:08:25.064 17bc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/17-10:08:25.069 17bc Recovering log #3.2025/03/17-10:08:25.070 17bc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):475
        Entropy (8bit):4.97196132533112
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqOesBdOg2HNcaq3QYiubInP7E4T3y:Y2sRdsldMH83QYhbG7nby
        MD5:311CB8F359A5DE5F523531C864578ED2
        SHA1:E774DC17BF4B2D4A7DFB0A5BF281A8C503BE1532
        SHA-256:4BE837D8A3963AD488E46E3BDD8E69AA5A26EEF3F46B2B64906861C44E187DA4
        SHA-512:B6BFFF8AB510E4A9E4E94580B375975403E9D88F78E365FEB612AC0EA2E0D19316DB00140ADB834373376C752299B26BA86C2CD6B59E6688A99C560B5D9EF79D
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386780517085191","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":135961},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):475
        Entropy (8bit):4.97196132533112
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqOesBdOg2HNcaq3QYiubInP7E4T3y:Y2sRdsldMH83QYhbG7nby
        MD5:311CB8F359A5DE5F523531C864578ED2
        SHA1:E774DC17BF4B2D4A7DFB0A5BF281A8C503BE1532
        SHA-256:4BE837D8A3963AD488E46E3BDD8E69AA5A26EEF3F46B2B64906861C44E187DA4
        SHA-512:B6BFFF8AB510E4A9E4E94580B375975403E9D88F78E365FEB612AC0EA2E0D19316DB00140ADB834373376C752299B26BA86C2CD6B59E6688A99C560B5D9EF79D
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386780517085191","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":135961},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4730
        Entropy (8bit):5.254890773708146
        Encrypted:false
        SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7u0rZk2O4Z:etJCV4FiN/jTN/2r8Mta02fEhgO73goR
        MD5:7DC5AA3EC29C1F6CF4D3B6D829AE1B06
        SHA1:241BC981B01D0839F14A851CC0707E3F4CDBD850
        SHA-256:1B8BDAD20170676AF871DE11940EFA01EF9758BF9D58DB7F76E03DF480014F65
        SHA-512:3335B830800B999A16AD799B341F6C54DFF672BF048D8E7F2D026DEE23507453F1BD1E1833BB29D7E7FE93D57180292E4CFB4497B0253704C855F6BFF0DD1F17
        Malicious:false
        Reputation:low
        Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):324
        Entropy (8bit):5.210223616629786
        Encrypted:false
        SSDEEP:6:iOG7ricHAQ+q2Pwkn2nKuAl9OmbzNMxIFUto7ric1AgZmwC7ricRuAQVkwOwkn2v:7Gl+vYfHAa8jFUto3/CCV5JfHAa84J
        MD5:744CF8C6F2462616C0B1B54E426C236A
        SHA1:FCB492792612E3AFF57B6DD39C29A8CEDBC3AF7E
        SHA-256:C534C31FA762309806D594A68874BD7A421E31F5D9C29EA3479879A5D5801C3E
        SHA-512:19684DA43BB7217781F23327FB6AB35C19B95E7AE306ABC931BE105F63000DAC2455423E66581D7CAF671B7B2999FA09A18E493A96CFF815C7DE10B055F920ED
        Malicious:false
        Reputation:low
        Preview:2025/03/17-10:08:25.391 17bc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/17-10:08:25.393 17bc Recovering log #3.2025/03/17-10:08:25.394 17bc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):324
        Entropy (8bit):5.210223616629786
        Encrypted:false
        SSDEEP:6:iOG7ricHAQ+q2Pwkn2nKuAl9OmbzNMxIFUto7ric1AgZmwC7ricRuAQVkwOwkn2v:7Gl+vYfHAa8jFUto3/CCV5JfHAa84J
        MD5:744CF8C6F2462616C0B1B54E426C236A
        SHA1:FCB492792612E3AFF57B6DD39C29A8CEDBC3AF7E
        SHA-256:C534C31FA762309806D594A68874BD7A421E31F5D9C29EA3479879A5D5801C3E
        SHA-512:19684DA43BB7217781F23327FB6AB35C19B95E7AE306ABC931BE105F63000DAC2455423E66581D7CAF671B7B2999FA09A18E493A96CFF815C7DE10B055F920ED
        Malicious:false
        Preview:2025/03/17-10:08:25.391 17bc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/17-10:08:25.393 17bc Recovering log #3.2025/03/17-10:08:25.394 17bc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
        Category:dropped
        Size (bytes):71190
        Entropy (8bit):3.1729315398407825
        Encrypted:false
        SSDEEP:384:DNEZNnCVLEzKSrMPAMX7AQ/7ntk92vQpnG7gh+:WTn4LuKoMoM8QDntkAS0
        MD5:CE37A740E2E585A7B4CF5CF286B5F0F7
        SHA1:4A7D16A05EDC72976E9328EFC7B4FDCF5C8E90A0
        SHA-256:435611E778F71FCAD24037EB53E47FDBB88BA6BE12F77DB14F77C9842A36C641
        SHA-512:DEDAE0FA4ED49B56C6BD219B82D4F80E0197872536ADBCD74B205FB7C616D70DFA1E55EA3250D45F7D001F1BB71BD126A51ED1D9A70792648147DE86A3EE4CB6
        Malicious:false
        Preview:BM........6...(...u...h..... .........................G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..................................................................................................................................................................................................................................................................................................................G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..G1..................................................................................................................................................................................................................................................................................................................G1..G1..G1
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
        Category:dropped
        Size (bytes):86016
        Entropy (8bit):4.445016818775081
        Encrypted:false
        SSDEEP:384:yezci5tIiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rvs3OazzU89UTTgUL
        MD5:09F719F374F4A7BF006D97438684E195
        SHA1:5FF8A89A0704324CC6489418782B5C1122FAE966
        SHA-256:FE0E6C8CCD3FE0446BFCC5D20E5FB72E984F302BA256B98EEC9DFA5698340279
        SHA-512:46E57AB2A7A0F93EFB1DA3C50133AB717A6D1857BD7E33B4DB164FBAEE6CC8CE28A14FA42E2C120E27CD4F6026FEB69EEEB3DDD7846C42702C5F69860E2D6AF7
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):3.7740207882347723
        Encrypted:false
        SSDEEP:48:7M2p/E2ioyVYioy9oWoy1Cwoy1kKOioy1noy1AYoy1Wioy1hioybioyqoy1noy1x:7xpjuYF/XKQTmb9IVXEBodRBku
        MD5:640FBB354AB917205509A4FAAA35F019
        SHA1:2F04AF00442554DD5D5E2E8CBE6D8750752D3B1F
        SHA-256:E5186B94A7E4BEDC62261A4D3EBF2D706F448B9B2DE4636D32142873E96E2F27
        SHA-512:0E3A6F9B9A1661C8A2228BDD66C870AE38472D3DE291749F7B84AFB1D3088D4BC11F07A6132D0F066E671AA905C0DD95553A301B1232F89A705F17482377D92C
        Malicious:false
        Preview:.... .c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):73305
        Entropy (8bit):7.996028107841645
        Encrypted:true
        SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
        MD5:83142242E97B8953C386F988AA694E4A
        SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
        SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
        SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
        Malicious:false
        Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.746029011189199
        Encrypted:false
        SSDEEP:3:kkFkl0vhfllXlE/HT8k+Xh/tNNX8RolJuRdxLlGB9lQRYwpDdt:kKtv6T8HJTNMa8RdWBwRd
        MD5:0818C4309A705F50E768B3E9A5EEF6F8
        SHA1:9AC6217EE24919090E69D62F4A9F1CAD4F280F6F
        SHA-256:D254922A5C144896442513822E1C0BEFD7E9E9DCC90B800751E55B59F041D483
        SHA-512:63EBAC7C3A7C01B3F94DD0A2C84BE7D50FFDF80EA654A40A2ACDE8890B322476FA597E00665426F25F90945E3F99865BA38AC72B061D9E978FAD16C165F9E2A9
        Malicious:false
        Preview:p...... .........;..F...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):330
        Entropy (8bit):3.1650403202001045
        Encrypted:false
        SSDEEP:6:kKMbmcvSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:kbmCkPlE99SNxAhUeq8S
        MD5:8B4A3A378634153C3C92CEA8C40F2597
        SHA1:566010244EC685B8E295E02A24BF665246E583DF
        SHA-256:10485B6D7C26F9C13D830582BB2E0938B2F2788A5BCC8E5804C55DE255F9E925
        SHA-512:A324CC95549A5126C5F366B3620B2004255549BDFD396F8AE40B824C642D20C9DD693936C9598BB586F9E9ECD05F77E39ADDD76743F0E685743AA6559646805A
        Malicious:false
        Preview:p...... ........oy.8F...(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):244540
        Entropy (8bit):3.3415042960460593
        Encrypted:false
        SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwggErRo+RQn:yPClJ/3AYvYwgrFo+RQn
        MD5:758B42992DDFC41CB5E57069C621B54A
        SHA1:D0C28AF6CF1BD2208DA97DEDE57F6C78CEC98DCD
        SHA-256:55DF75758DD6CA825ED2DC9380EDC8469351191308C34CACFC44205197ABD25D
        SHA-512:437918372167A402005A728DCBBEF7B3A9580B794AD6A948A435C9D57C1672ACC1B7376E2A09113B66600EF5049D23625174256565BC639125A2F2BD07928926
        Malicious:false
        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2145
        Entropy (8bit):5.066158471476206
        Encrypted:false
        SSDEEP:48:Yl2sL0/EY0bMSlMtCM5mMOpiMAW0MretMSMmkaMY:Bv/SYtt55V6AWLre6JmkhY
        MD5:8BEC052DAB036DABFEAEF1613E6BCD64
        SHA1:9CA7BD8B4C5ABA49B89A054992B9D52550D9A09B
        SHA-256:5F0CF87F0B98D0D0A6AEC7691A69227DCF116243CD5E97CE35B5CA531D46265A
        SHA-512:000CA601907CD0AC16BBB6CDFC87FCC027B9B2AC10D72B715494E3B9AE740E80D89B634177082A150EFA0650E74BDD91DBB35EAFBCFC40DA9AC8D4B440F8C026
        Malicious:false
        Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1742220508000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"23c88c8acf166d9fda5ae4d83df3db72","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696420889000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d5fa85f4cf271b5fa75367efd1b392fa","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696420884000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"7c2ad79e375e3ea39f82a389e8a5841f","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696420882000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c3af48ba3dee086edbbf20dff46c7ee0","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696333862000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"7101e009d8bf8920d0a3dd3f5dc75ebc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696333862000},{"id":"DC_Reader_Edit_LHP_Banner"
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):1.1883080422906038
        Encrypted:false
        SSDEEP:48:TGufl2GL7msEHUUUUUUUUBtSvR9H9vxFGiDIAEkGVvpNZ:lNVmswUUUUUUUUH+FGSItn
        MD5:85B6E58B37849084E8B7381776EA5CA8
        SHA1:1A0C8687F341CC4C216217D1DA37317E0EF09F4D
        SHA-256:299EC7B6BF1665B2014BEBF4B329BF651D7B4E3669CF5192634B0CEBF56AE8F3
        SHA-512:2B4FC5422335B87BE5275EFE69DAD47596129B4E1F871BB676156981C817AC95BD0ED9870ACC79ECFECBD9D9E8D678FAA2EC49986683BB9593FEE3DD280CA26D
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.6091198662068373
        Encrypted:false
        SSDEEP:48:7MLKUUUUUUUUUUBVvR9H9vxFGiDIAEkGVvlhqFl2GL7msv:7xUUUUUUUUUUrFGSItdKVmsv
        MD5:A7A532305911756B05268B499A96FF64
        SHA1:A1E31A5EBC734110D8FE604B931E005211929FEC
        SHA-256:12887BE9951F27C7873976C15FA428C83820FF2BBB7FC52692FBB81DD406C641
        SHA-512:41EC15E26E95BBB3F3C8921EBBEA16724F09383CE475350CB363205A90225F913B11672183E8AEE74663BB737A4625967F0433690ABDCD6491C667FE34C83942
        Malicious:false
        Preview:.... .c.....-.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.5197430193686525
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8NlEdNclrCH:Qw946cPbiOxDlbYnuRKdclrw
        MD5:1BA9275768340DDDB08510DE024F1B5C
        SHA1:C839CEC8D99B49C19984619E9A48346450DC5886
        SHA-256:C301B2FBD3DA3DD285AA5BC5F3D53B4B306BB81E4D8BCF66997BED8AFD5ACDEB
        SHA-512:638EBD8D760DB0E57DE01B6270C3D50AD2BABE6E45678D01D5301DAF1D5BEAABBBAE96BA487889A9CB4DC3F33475EE84A3F6C3428D06FFAF8D2FE9ED91FCCA84
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.7./.0.3./.2.0.2.5. . .1.0.:.0.8.:.3.3. .=.=.=.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.345946398610936
        Encrypted:false
        SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
        MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
        SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
        SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
        SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
        Malicious:false
        Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15114
        Entropy (8bit):5.314811756405892
        Encrypted:false
        SSDEEP:384:Epz8l8u8tPLPsC11CUCNCjCNOCAC8CyC5Qbmumi4k4wlhl1l2lHl5LzCzOzQGahM:oG/
        MD5:57266448D68B76DDC8BD1C5F0CB0D767
        SHA1:1CF7012F4D4D1B7F94F2B596BF28C91A9341FA24
        SHA-256:92780B613DF959F5A547C3BCB962B7593A5C484A9C19DD50EDB099C7DDBDC4BA
        SHA-512:0235F58CD65006B1267ADDACE8C8636C00F0824962431347750969575C271ABAF0A027870515EDB9FDB4A705F35B52EBAC94E05AC31A51A8F797401C4D02D6D6
        Malicious:false
        Preview:SessionID=be0d5fbf-4e18-4004-add7-7eb78c2beb86.1742220507146 Timestamp=2025-03-17T10:08:27:146-0400 ThreadID=7384 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=be0d5fbf-4e18-4004-add7-7eb78c2beb86.1742220507146 Timestamp=2025-03-17T10:08:27:147-0400 ThreadID=7384 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=be0d5fbf-4e18-4004-add7-7eb78c2beb86.1742220507146 Timestamp=2025-03-17T10:08:27:147-0400 ThreadID=7384 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=be0d5fbf-4e18-4004-add7-7eb78c2beb86.1742220507146 Timestamp=2025-03-17T10:08:27:147-0400 ThreadID=7384 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=be0d5fbf-4e18-4004-add7-7eb78c2beb86.1742220507146 Timestamp=2025-03-17T10:08:27:148-0400 ThreadID=7384 Component=ngl-lib_NglAppLib Description="SetConf
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29752
        Entropy (8bit):5.3909356054969635
        Encrypted:false
        SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rz:/
        MD5:4DB10460E714EC921037C9AB2CCC97E0
        SHA1:13E68ED7DC89B5FBDCB99EB4341374021B7297B0
        SHA-256:0D31BE0341B738E37E64C0EA5DA463B99F76CCC30F1C36577035997F7DB20367
        SHA-512:07DC4D3617C14E848ABA91A6B521FFDFFE11512DD706384CC515E6E3125D99BA7FAB75ECBB48375CCC0DC709D2B18CFD4E5E6DF37779D6722917EBCCB3C0871B
        Malicious:false
        Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/VRaWL07oXGZ4YIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:tRaWLxXGZ4ZGh3mlind9i4ufFXpAXkru
        MD5:41034A6B023B6BB9C723DA146E190954
        SHA1:22C95166FF8A1C4D2AAC25B75D804CEBAAA6ACF2
        SHA-256:52BB8B0CA62248721986D650004C11ACCB0C988B6FBA645D9B4E3557CA87A15D
        SHA-512:6F8CD54BBB750E32FEBD78895F433CCF0C553C56E6B7DDEA03E3EA36ED283084CF6EA6FA8999162999D184B0F04B6E6DAB7F6FC27648EE517F744D7E8DBC8AAD
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):24
        Entropy (8bit):3.66829583405449
        Encrypted:false
        SSDEEP:3:So6FwHn:So6FwHn
        MD5:DD4A3BD8B9FF61628346391EA9987E1D
        SHA1:474076C122CACAAF112469FC62976BB69187AA2B
        SHA-256:7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
        SHA-512:FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
        Malicious:false
        Preview:<</Settings [/c <<>>].>>
        File type:PDF document, version 1.4, 0 pages
        Entropy (8bit):7.978595472729409
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:resume.pdf
        File size:216'375 bytes
        MD5:930fc7badacf1a19816a97775662ae54
        SHA1:d950e144b4c5a3eaacd2d9ed22b4c63264f70426
        SHA256:4dc9b0c20ea61d91d6a1b5bdce76fb5365de0762efb8f6c2925113c6a8950cae
        SHA512:585d5d16ed27e2e647d94bb7ce053ea4cb73c40a1ccad7502cb71d066b82fc17b605d23c2d04e25521e1785471a3fa678e26caee8d1075f271f69268042236e6
        SSDEEP:6144:BahViqwtQgMGSsMoca/wuLQY7tXirGLz6VMgt:Be2QOSsPJPLQY7krGazt
        TLSH:45241258E9E1CF937FC116DAFD66C34E07DBFE0960CC6A00A1A4F806E6A1D248E714D6
        File Content Preview:%PDF-1.4.%.....1 0 obj..<<./Subtype /Form./Type /XObject./Matrix [1 0 0 1 0 0]./FormType 1./Resources .<<./ProcSet 2 0 R./XObject .<<./Im0 3 0 R.>>.>>./Length 39./BBox [0 0 556 719].>>.stream.q.556.029 0 0 719.037 0 0 cm./Im0 Do.Q..endstream .endobj..2 0
        Icon Hash:62cc8caeb29e8ae0

        General

        Header:%PDF-1.4
        Total Entropy:7.978595
        Total Bytes:216375
        Stream Entropy:7.979552
        Stream Bytes:214105
        Entropy outside Streams:5.059198
        Bytes outside Streams:2270
        Number of EOF found:1
        Bytes after EOF:
        NameCount
        obj20
        endobj20
        stream6
        endstream6
        xref1
        trailer1
        startxref1
        /Page1
        /Encrypt0
        /ObjStm0
        /URI0
        /JS2
        /JavaScript3
        /AA0
        /OpenAction1
        /AcroForm1
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0
        IDDHASHMD5Preview
        3000000000000000099004603b53a96dd2f1abe47a983d3d9

        Download Network PCAP: filteredfull

        • Total Packets: 7
        • 80 (HTTP)
        • 53 (DNS)
        TimestampSource PortDest PortSource IPDest IP
        Mar 17, 2025 15:08:37.922615051 CET4973180192.168.2.423.209.213.129
        Mar 17, 2025 15:08:37.927577972 CET804973123.209.213.129192.168.2.4
        Mar 17, 2025 15:08:37.927660942 CET4973180192.168.2.423.209.213.129
        Mar 17, 2025 15:08:37.927757978 CET4973180192.168.2.423.209.213.129
        Mar 17, 2025 15:08:37.933080912 CET804973123.209.213.129192.168.2.4
        Mar 17, 2025 15:08:38.549935102 CET804973123.209.213.129192.168.2.4
        Mar 17, 2025 15:08:38.549956083 CET804973123.209.213.129192.168.2.4
        Mar 17, 2025 15:08:38.550012112 CET4973180192.168.2.423.209.213.129
        Mar 17, 2025 15:08:48.410603046 CET4973180192.168.2.423.209.213.129
        TimestampSource PortDest PortSource IPDest IP
        Mar 17, 2025 15:08:37.911751032 CET5510653192.168.2.41.1.1.1
        Mar 17, 2025 15:08:37.919199944 CET53551061.1.1.1192.168.2.4
        Mar 17, 2025 15:08:54.575344086 CET5883553192.168.2.41.1.1.1
        Mar 17, 2025 15:08:54.583444118 CET53588351.1.1.1192.168.2.4
        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Mar 17, 2025 15:08:37.911751032 CET192.168.2.41.1.1.10xd2f5Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
        Mar 17, 2025 15:08:54.575344086 CET192.168.2.41.1.1.10x906eStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Mar 17, 2025 15:08:37.919199944 CET1.1.1.1192.168.2.40xd2f5No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
        Mar 17, 2025 15:08:37.919199944 CET1.1.1.1192.168.2.40xd2f5No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
        Mar 17, 2025 15:08:37.919199944 CET1.1.1.1192.168.2.40xd2f5No error (0)e8652.dscx.akamaiedge.net23.209.213.129A (IP address)IN (0x0001)false
        Mar 17, 2025 15:08:54.583444118 CET1.1.1.1192.168.2.40x906eNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
        Mar 17, 2025 15:08:54.583444118 CET1.1.1.1192.168.2.40x906eNo error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
        Mar 17, 2025 15:08:54.583444118 CET1.1.1.1192.168.2.40x906eNo error (0)e8652.dscx.akamaiedge.net23.209.213.129A (IP address)IN (0x0001)false
        • x1.i.lencr.org
        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.44973123.209.213.129807292C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        TimestampBytes transferredDirectionData
        Mar 17, 2025 15:08:37.927757978 CET115OUTGET / HTTP/1.1
        Connection: Keep-Alive
        Accept: */*
        User-Agent: Microsoft-CryptoAPI/10.0
        Host: x1.i.lencr.org
        Mar 17, 2025 15:08:38.549935102 CET1236INHTTP/1.1 200 OK
        Server: nginx
        Content-Type: application/pkix-cert
        Last-Modified: Fri, 04 Aug 2023 20:57:56 GMT
        ETag: "64cd6654-56f"
        Content-Disposition: attachment; filename="ISRG Root X1.der"
        Cache-Control: max-age=66011
        Expires: Tue, 18 Mar 2025 08:28:49 GMT
        Date: Mon, 17 Mar 2025 14:08:38 GMT
        Content-Length: 1391
        Connection: keep-alive
        Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
        Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUX
        Mar 17, 2025 15:08:38.549956083 CET509INData Raw: a9 bc b2 a8 50 d0 0c b1 d8 1a 69 20 27 29 08 ac 61 75 5c 8a 6e f8 82 e5 69 2f d5 f6 56 4b b9 b8 73 10 59 d3 21 97 7e e7 4c 71 fb b2 d2 60 ad 39 a8 0b ea 17 21 56 85 f1 50 0e 59 eb ce e0 59 e9 ba c9 15 ef 86 9d 8f 84 80 f6 e4 e9 91 90 dc 17 9b 62
        Data Ascii: Pi ')au\ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj


        050100s020406080100

        Click to jump to process

        050100s0.00204060MB

        Click to jump to process

        • File
        • Registry

        Click to dive into process behavior distribution

        Target ID:1
        Start time:10:08:22
        Start date:17/03/2025
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\resume.pdf"
        Imagebase:0x7ff63e5c0000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

        Target ID:3
        Start time:10:08:24
        Start date:17/03/2025
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff7273d0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

        Target ID:4
        Start time:10:08:25
        Start date:17/03/2025
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1572 --field-trial-handle=1592,i,11672229876952448517,8884072833912729515,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff7273d0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        No disassembly