Create Interactive Tour

Windows Analysis Report
1099-NEC.pdf

Overview

General Information

Sample name:1099-NEC.pdf
Analysis ID:1640804
MD5:b77cf9ae7bea425d8a5d42eacee9d226
SHA1:ee9c30b16aee8039e681b26c5d6297be6497c723
SHA256:1b1a8d3ff270bb9a5b3f1aa59453c3f7d509eaa65e4df517493d236b7acdb903
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
PDF has an OpenAction (likely to launch a dropper script)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • Acrobat.exe (PID: 6264 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\1099-NEC.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6448 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6684 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1580,i,5101753410508339001,15037025503006614073,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: 1099-NEC.pdfReversingLabs: Detection: 13%
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global trafficTCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global trafficTCP traffic: 23.209.209.135:80 -> 192.168.2.16:49699
Source: global trafficTCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global trafficTCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global trafficTCP traffic: 23.209.209.135:80 -> 192.168.2.16:49699
Source: global trafficTCP traffic: 23.209.209.135:80 -> 192.168.2.16:49699
Source: global trafficTCP traffic: 23.209.209.135:80 -> 192.168.2.16:49699
Source: global trafficTCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global trafficTCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: global trafficTCP traffic: 23.209.209.135:80 -> 192.168.2.16:49699
Source: global trafficTCP traffic: 192.168.2.16:49699 -> 23.209.209.135:80
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: classification engineClassification label: mal48.winPDF@17/42@1/63
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6352
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-17 13-48-37-768.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: 1099-NEC.pdfReversingLabs: Detection: 13%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\1099-NEC.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1580,i,5101753410508339001,15037025503006614073,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 5AF217393B83760FBC93A98F12C3B8C6
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1580,i,5101753410508339001,15037025503006614073,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 1099-NEC.pdfInitial sample: PDF keyword /JS count = 0
Source: 1099-NEC.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: 1099-NEC.pdfInitial sample: PDF keyword /OpenAction
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution
Path Interception1
Process Injection
1
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local System2
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS Memory1
System Information Discovery
Remote Desktop ProtocolData from Removable Media2
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
1099-NEC.pdf13%ReversingLabsDocument-PDF.Phishing.Generic
1099-NEC.pdf2%VirustotalBrowse
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    high
    e8652.dscx.akamaiedge.net
    23.209.209.135
    truefalse
      high
      x1.i.lencr.org
      unknown
      unknownfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        23.209.209.135
        e8652.dscx.akamaiedge.netUnited States
        23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
        34.237.241.83
        unknownUnited States
        14618AMAZON-AESUSfalse
        2.19.104.203
        unknownEuropean Union
        16625AKAMAI-ASUSfalse
        23.203.104.175
        unknownUnited States
        16625AKAMAI-ASUSfalse
        199.232.210.172
        bg.microsoft.map.fastly.netUnited States
        54113FASTLYUSfalse
        172.64.41.3
        unknownUnited States
        13335CLOUDFLARENETUSfalse
        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1640804
        Start date and time:2025-03-17 18:48:07 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:16
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        Analysis Mode:stream
        Analysis stop reason:Timeout
        Sample name:1099-NEC.pdf
        Detection:MAL
        Classification:mal48.winPDF@17/42@1/63
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Exclude process from analysis (whitelisted): SIHClient.exe
        • Excluded IPs from analysis (whitelisted): 2.19.104.203, 34.237.241.83, 50.16.47.176, 54.224.241.105, 18.213.11.84
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
        • Not all processes where analyzed, report is missing behavior information
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):290
        Entropy (8bit):5.2353164163401
        Encrypted:false
        SSDEEP:
        MD5:76FB1F3C9BD0011294D1A65720B1AE09
        SHA1:1806AAAC0E2CF5C8407E7D8EB52B6AFA7B5D77CD
        SHA-256:43081666AE22784F24B4C918D127AED2A38F46922574C2739AB168A3DD882105
        SHA-512:5E5CD74D10D0795D063D20F4C56B53B6CEE9E6ED235F826595832D5BAF78D3FD9D0C029D21E3CAD02BA4ED3F329A09D8E2A59816DEA075278D9110B32DC89BBF
        Malicious:false
        Reputation:unknown
        Preview:2025/03/17-13:48:38.435 1988 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/17-13:48:38.438 1988 Recovering log #3.2025/03/17-13:48:38.438 1988 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):334
        Entropy (8bit):5.18699483763827
        Encrypted:false
        SSDEEP:
        MD5:6E9C3B3B66A8F6A98C52918CBEE723E7
        SHA1:468208DC34BCC75DEED35055395B85877385A1BF
        SHA-256:8D4E11A6B955727180257490CB734223D2F0D66CBAB72B194D435C804B3845F9
        SHA-512:C8F2225C73A75766C1F8EA677522F6E2E9DE5130628D3CE36192D32D4878A0BE7FDC5E3CAC689DF0DF95A27B6346AB4C9AA14595674281F6D24F975CF24F0D49
        Malicious:false
        Reputation:unknown
        Preview:2025/03/17-13:48:38.342 1a40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/17-13:48:38.345 1a40 Recovering log #3.2025/03/17-13:48:38.346 1a40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):403
        Entropy (8bit):4.953858338552356
        Encrypted:false
        SSDEEP:
        MD5:4C313FE514B5F4E7E89329630909F8DC
        SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
        SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
        SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):403
        Entropy (8bit):4.987029717098883
        Encrypted:false
        SSDEEP:
        MD5:ABF47203BCA9A24EC6E1ADA3F4E50B29
        SHA1:A43335E8DD77776E4A661AFCFE4CDDF226435D8E
        SHA-256:1C839358A0A132742D50423F4A4B37F4B1B341AC8AA399A16A24D6461FD2BE77
        SHA-512:2EEF7DA5945E01AEC77357E6493C72F8311A748E3F8B7372638AA762F1FA560F347A160EE5B67978B2F60D750729FD3485258F535F28B20986D6CBDE54720DD9
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13386793728138380","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":124599},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):0
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:
        MD5:4C313FE514B5F4E7E89329630909F8DC
        SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
        SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
        SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):0
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:
        MD5:4C313FE514B5F4E7E89329630909F8DC
        SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
        SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
        SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4099
        Entropy (8bit):5.231812377897927
        Encrypted:false
        SSDEEP:
        MD5:5778D0E780E3B02283A981D8ECC9A188
        SHA1:0FEE5B6BE2B2DB7CDE4116517D43AC724FCB2BA7
        SHA-256:98E9D154EBCC3B04278202C1D73926B62F6DA3046E66D66E079BAEB89186EECD
        SHA-512:5CA38E2AA2B32867BE1206E1B0C3F978B834BAC0EFA86DC26AAC62BC97392BCA18E88E35D490140AAAA1544E4654D1396186EDF117E4E6EE9824C1DB98BB8BEC
        Malicious:false
        Reputation:unknown
        Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):322
        Entropy (8bit):5.209464313501848
        Encrypted:false
        SSDEEP:
        MD5:9980686456BE6AA01506CA4EBDC37B14
        SHA1:8D90D5F04FB757A672672FAC9D60AAAEBA987FE1
        SHA-256:4CBDFAC41B819A9A55544A471B5F609965EF301E9AC261EF03C638D1CE76F993
        SHA-512:2D3A3FCFA33CCCF6486A02EA398C555B1F1EACCF91D88AF264CE45E208DE97241E6B0A4E608977DEF31A8F236B3265600201D50E8FD8EB2E3A848B81F01CC2CB
        Malicious:false
        Reputation:unknown
        Preview:2025/03/17-13:48:38.472 1a40 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/17-13:48:38.473 1a40 Recovering log #3.2025/03/17-13:48:38.476 1a40 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
        Category:dropped
        Size (bytes):65110
        Entropy (8bit):2.286948423009873
        Encrypted:false
        SSDEEP:
        MD5:F2D04FC7A5B3A3F5D795433F876C1D05
        SHA1:F531731CE1EA6EAA621D814F5B48F0EDAFE4D40E
        SHA-256:CFB2609F69F47D8AF19851AF2D636907F0FECE08D0E49C71E408F3FB5FEFFBF5
        SHA-512:94AB3CA3EF6D90DAF96DB2D4F0868FCB11D54F0CB2B4DB39F41CF32154B0B38000CDDA02D9F4FE41F7B1CF484414A993F8343398B7CAAA93F312C7786D74DEE1
        Malicious:false
        Reputation:unknown
        Preview:BMV.......6...(...k...h..... .........................$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"!.$"
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
        Category:dropped
        Size (bytes):57344
        Entropy (8bit):3.291927920232006
        Encrypted:false
        SSDEEP:
        MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
        SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
        SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
        SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
        Malicious:false
        Reputation:unknown
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):16928
        Entropy (8bit):1.2136676166591915
        Encrypted:false
        SSDEEP:
        MD5:AE43FF6684669212707BF1844615BA1A
        SHA1:B4415F5EBA749C186D73E79C353CFC9963AF7CF9
        SHA-256:E914D8E4D6C0C9EEF066E8AD0467E7061F51F8FFC03C83DD5E97C9211B6AB163
        SHA-512:36E4BDDE7E26C9074669C8FE57201DD52851F725A3854A0087A8EE738C489DEFC3C4CE49895B4C3B45FEC21229A894C56F21372C291DDB3F77F43489B0776D5B
        Malicious:false
        Reputation:unknown
        Preview:.... .c.....)>.c........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Reputation:unknown
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):73305
        Entropy (8bit):7.996028107841645
        Encrypted:true
        SSDEEP:
        MD5:83142242E97B8953C386F988AA694E4A
        SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
        SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
        SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
        Malicious:false
        Reputation:unknown
        Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.756901573172974
        Encrypted:false
        SSDEEP:
        MD5:65F170B101940FE93C9BA3EA0F94C206
        SHA1:0C042EB6AD209ADF0EF2244632418B5F6763804A
        SHA-256:D9AFC4E83BCE0D3053CF44BC5B50BDCF7976E25825C696B030A37C55294E214E
        SHA-512:0AF9475EAEC517438324C4724280CA21C57B3BB775408683EF00FD9FB4F5833C48E5BDB28AE9E8F92105E39B6A0BD165AE070CC571FFE135758D23587737C0A4
        Malicious:false
        Reputation:unknown
        Preview:p...... ........3.+.d...(....................................................... ..........W....A...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):330
        Entropy (8bit):3.273411065443351
        Encrypted:false
        SSDEEP:
        MD5:204161AEA3BDCAC7D4C08B41E11D8C1E
        SHA1:D4E2B3B287F83A273E7D55FED7D48696E027A8F0
        SHA-256:29471700416B01E7ED57FC6F51B76CE9EC54BB929A445D76F2C215E47E4FBC22
        SHA-512:E50FC6FDB38B404153E48E988F1E59C1E7D7F497353897BBC95BAB3ACD8239E528B8586B2212F66CD8A99E3B15F74718FE4A3530F4264D01CF0DAD35FD064F58
        Malicious:false
        Reputation:unknown
        Preview:p...... ........._.d...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Reputation:unknown
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):0
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Reputation:unknown
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.376857786720243
        Encrypted:false
        SSDEEP:
        MD5:83C34E026CDEE8ECECE3FB7B91AF8F76
        SHA1:D0E233008710238514A97562D8229E3AF68F3575
        SHA-256:054AC50DBF72C1C66E1FE5CAC7FDA801AE53DBA966B94D545D2EC7D662BEC90C
        SHA-512:8B1C888D14D938735C4E78AC17D4246BA655E802AEE70EF062E5B0AD19E4B87804C0DDAE2AFEE447A08910E62D4CB38CE199697938999EC8304E3268ADBB8A81
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.3244634531241815
        Encrypted:false
        SSDEEP:
        MD5:AAC065A802AE81101643B9410C6EAFDD
        SHA1:E42F38673C70896239712FE0548C67410A9F0436
        SHA-256:A50FB4D89286813C9BC6D1FCAAC1FBB6929BCEBF1F451393CC4BA62A65361245
        SHA-512:DB00B65DA5309B2F4E6F83CD85DF75D8FADDD2E78C0229D1205A09A598AAADCBA7D4D8DCC95ED891CEA71B51FFDEC59C7929B069F3B8334C5AE74FD4770CADD7
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.30328452816978
        Encrypted:false
        SSDEEP:
        MD5:E1B9F8497976DF37677CF575BA71C1EB
        SHA1:00191E202AD7B37028EA0B4167A08715844018C1
        SHA-256:98AAAD01615362525F71952AAB63A39404ABFA374E4F55081F72B758449ACE10
        SHA-512:C8BE1C00BA54087DEDEC43CE316A18C321F77F0E311355EA743CB15E7D15C91F8E76DF428AD864D488250F67ED41446FF7BEC443221A1B9FEEA9DC8638C34022
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.365711463194679
        Encrypted:false
        SSDEEP:
        MD5:B3670A9F8D98ED74E6F1FE7CA769701C
        SHA1:755848C287C8163679BA73ED125E56EEA17776E0
        SHA-256:4302914CE2BA231375BB2DAC511B6C95CBB475450FA97F97F7F0661136B6BD4F
        SHA-512:B6DEC402393E535FFB4465CF0849FC84FE6AF0582214CDB63E5386A753AFA9F06BED834E1107C0F0290028095A87F9FC5BEB8AB69D61CA219CC5A4343292ACE2
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2113
        Entropy (8bit):5.8407317113260095
        Encrypted:false
        SSDEEP:
        MD5:FDB24AF5973F834ABABC29D58F65F6FF
        SHA1:0C38EDD7E60939A2E0C73509C07AF941CA85CAF0
        SHA-256:9B07A2563A73FAEC0585B06992D6365D4ECAA5954ACEF05E440C16AFE81E8807
        SHA-512:37AAF67F6EEAE7935A62B8CB9B1862764062367F6AB10BB03AACFC4CB3748A9B98D71A7A9C023CFF08FFDE79EC0A29A87ADF17F540DEE7006C6CE5D590BC04D6
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.312214076797873
        Encrypted:false
        SSDEEP:
        MD5:7B65B98506679C5311ED1DA8B0B05B65
        SHA1:39A9D47D9134D7C70E7D269D2F7BFA0FA0963664
        SHA-256:B19F1A919EFB96D5844ED552AD0384F828120B8B123A17BF5A53D1E4277D70C7
        SHA-512:EA88908B2272D51B723F850C7D4C359221234271E1BFF8FB754C75F6077D53A12C15B7CAAC6B47DF2AA195F774EDD622C8986A5020AB0D8EA8A1AA3EA9BE7F3C
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.314157217740227
        Encrypted:false
        SSDEEP:
        MD5:1EC139495F4B15A8B3F3835DAFB80079
        SHA1:63F7FA077B1AC4A6FE6F84430828C4FCC7A43AED
        SHA-256:6279027B016966FDC7B8DCF2CD1181920FAC719A901B4DAD16E046C7BA60C031
        SHA-512:1FD37A64FD019B5F35D9AF33D3838678F4692FD70BAF9F3B3425C7C3235D6CC39E7465D3899392279FF090B77531653292FCB74EF4503CB26E0FB38D48376D8D
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2064
        Entropy (8bit):5.82198532224348
        Encrypted:false
        SSDEEP:
        MD5:4BE4D05803A91D15DC853FD7E735128C
        SHA1:E533F2CA65C84B3F6DD02F64B6972974AD161A15
        SHA-256:293CDC38D1CC7D12A81587D96E65D0B73D64CF20C02448C25E35C80031524AE2
        SHA-512:50FC8DC3AA9F9E373A22A323BB08B1922A3E6E1FE168E0A41085D8077D8ED34E8A16BAB6A4572DA2DA3FBED17AE41B898A17A61071E7AEACF4AE2AB6A1BCA4CC
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.337500804914369
        Encrypted:false
        SSDEEP:
        MD5:A9D0378DAB2D93D2190E5D045C40F483
        SHA1:2F4514AF17F551F018F2283E6447222276162DC7
        SHA-256:02A20069522EDD8E321ACE9CB258776E7F815E33BF111D8154EF3389C8CC4B75
        SHA-512:798EE2F6106E4165C6BA654E0553247F2E4F60B154A56AD1005DFF5659761D3033893C49820E6CFB181DEDD270D70ED19110A26460647789626CF328AB06694F
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.318227280146619
        Encrypted:false
        SSDEEP:
        MD5:63760BA8C0F2FFFCD3739D1F6DEDE1F4
        SHA1:B740D54A46BBC7FD6C00D2ABC13F73E18AC8BA79
        SHA-256:F5969CE47D69B98131CCD51C8736A714A6387848FCAA727A4FFF4DE39EF3F458
        SHA-512:FE7D7A5A588B9A97F2161F1ED17E860961F8A1245AC0EC31C83D099BEBB2DF391FCE92D41A7287367D23F55CD72DA4277C49E2186D6EBC6EEC56660017E8BCF7
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):284
        Entropy (8bit):5.305179909409436
        Encrypted:false
        SSDEEP:
        MD5:034F56CD5ECA9BE53434B1C269324F03
        SHA1:A0643D0218F235EDB8858908C3EE1727DEA63FB6
        SHA-256:E629F34024738D8507362DCB8B425C9E65EE487DEB76A7996751E3747D2C4173
        SHA-512:8910D4CC49BEF15481701E720B80F9B75D917B3507EE87E7804832EBE1644158C440D5933241CF26FEB2C18DE0A057257EDE474EACB85131363FEFAA6D55944B
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.301649104417413
        Encrypted:false
        SSDEEP:
        MD5:17A72B240924C37FA49009AC27FB3864
        SHA1:41C023F3A569141CB3DB121D65A14C420EFAC38C
        SHA-256:E00D386DC750058F2F33E14C8AA0D9AB7EDAFC0748CAC06E173303C58124E360
        SHA-512:CC90D17FC304A314943723ECBB1A64E58616AF5634C7E2DB6837F0B2BFDC9BB6545EF67FEFB25CB94527FA1DA7A5DFE9D4780FB8267E9A21DFF22F6E7F345C80
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.304968336896809
        Encrypted:false
        SSDEEP:
        MD5:38C564F143E51C6EEA0E10301F423BF6
        SHA1:976B669A9F86CC17DA454980D3289CD32966BADE
        SHA-256:2CD594D9144B733F711212EC564D3496AE931C8A16D14C8956B64DA374F40677
        SHA-512:5137FFCBB030D3CD8E90B86DE9747146C820278DB077903AC7666B35FEA13DDBC927BD2674E433FE431824AF6EE23493469CD960CD51337158139783EABB7F3F
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2012
        Entropy (8bit):5.835601666206011
        Encrypted:false
        SSDEEP:
        MD5:1722EF0AB659ACCEA05145684C9C2279
        SHA1:1443CF7EB42C71D2DEB124AB139C771B1E071F03
        SHA-256:4BA63C7BF6F66295F88CD6749B3613DED3495AF69BE95E9ADE16DDF13283BA32
        SHA-512:AB20133349BE4EE1921BD421AEAA459D226A3C7275B342C07C31119A776A50EDBF712A7185E9011617BBD5A2918626B1F209F97175AB8513523A81A2B8BF18F2
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.281264186467303
        Encrypted:false
        SSDEEP:
        MD5:412ECEDFDD99EE0CD1C64499341A9880
        SHA1:B577B5CDFA41B797CBA41E9F9F4A76100596EB8C
        SHA-256:12F593041BE63FA8FB7A68FAEB5BBABD6BC1624D635B84893978C2559B788DF2
        SHA-512:0AEB3CE33D77747EBF36749221EB9DB9060C391B1FEF31A7F48D5301BC72D513B6023FE585D8483A3112CC82E085E703E8860909FC25260126862C84C28C1B6C
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):282
        Entropy (8bit):5.28756299899114
        Encrypted:false
        SSDEEP:
        MD5:AB50564B5D4C6E7BF6A7C8FDD5DB2053
        SHA1:09D9B390A53BD15696D07E60FA6518808C83AA80
        SHA-256:097A03697E02927E1F0D32BBF24323BC0CABC8F12111AF710B4F03FE96C9A5C1
        SHA-512:7B940A9E946955E71F2F38A05D8F56C605D6CA3833EDEB6AB83062C39F7EA03D18DE246102F33BABD81F4C855AC4075866F9605C7208046E4FF7CFBAB35E0A64
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"45ed7b99-7e1c-42b6-92b6-22de8c61a5f6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742410887407,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Reputation:unknown
        Preview:....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2815
        Entropy (8bit):5.129414817958812
        Encrypted:false
        SSDEEP:
        MD5:1C65B6A23215AC32EC38CC7882702D72
        SHA1:8F347E7F168E83AF2AD3C6B3BD8D228AB9D1EBE4
        SHA-256:D145209DA16A76A6B3AA5F7AD2431B661AEA8060DC9544321DDBDA33BBEE940F
        SHA-512:84624BA53D1B95C695E82B7B551E5198B4D866577AFC98838689FEE497CC894AED13DD858727B7532B281F793045228A906A3D8CF59A8FF565CA025EE894313D
        Malicious:false
        Reputation:unknown
        Preview:{"all":[{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"1d3f491b0f3566421a9bdb269644915f","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2012,"ts":1742233722000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"c2391039cd6b304945c475086e5168bc","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2113,"ts":1742233722000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"6b1547cf818c2bd29a078303e4de5bba","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2064,"ts":1742233722000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"231bc0dee600e68e749bbae17969ebae","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742233722000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"0379fc8296bf694a1f926f2d9627db46","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1742233722000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"0546b5bb56baa559796a757305749571","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file",
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):0.9888396234248434
        Encrypted:false
        SSDEEP:
        MD5:6FA0635663CF04A92616BB0F45BD854D
        SHA1:A93FF61D451F601D86D30D93167D20FDEF7B8254
        SHA-256:9712B52F0217AA39F33C9EE20B5E83B3D8B1863BAAC1CD996110A8DDA9989DBD
        SHA-512:E2A697631CE5018528A193651B7F2F4F08F310F6042B9CE474D251DC4683947CCF27ADCE80D23ADCCDB967B944ACFD2DBA81B04AD92FF4195FFA3D6AA9086EBA
        Malicious:false
        Reputation:unknown
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.3430879221421368
        Encrypted:false
        SSDEEP:
        MD5:9C5B8CF7713CD0CDC5876CF7D40C6080
        SHA1:99D488D780F365766ECE9EAF8A725A23F41D86D0
        SHA-256:FCFE9112C7189E1F4FDC689D458E8C04739C9BC75420B1BD27C6EE4392BFE160
        SHA-512:0E3620BEAD97B8447DA5E55D8DE62B5AF7751DDBA9E9A8C09A9067B6805C80AB50198B2225C1AEB7E37A72E62B47BA696EE303773DCED27FC93C2E6F36EA942A
        Malicious:false
        Reputation:unknown
        Preview:.... .c.....T.7?......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.534010397435022
        Encrypted:false
        SSDEEP:
        MD5:3C91249FD3ADDA8231BA929DFE951735
        SHA1:5E8F5BB86B8F146A7DADBBD60E5B289DC67A2E82
        SHA-256:C44E1D9AE514305CB06055438DD75F1998FAC61B18A436B25D56FED814CCE1C9
        SHA-512:3E952328EF44EAB1A34AB04BC045F03778138C0E6E6090815CB47CDC72BB5CBAB02959111A23A72D5627A238639A5F04943E9276125DC3F398C4EEF11142E1C3
        Malicious:false
        Reputation:unknown
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.7./.0.3./.2.0.2.5. . .1.3.:.4.8.:.4.2. .=.=.=.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.353642815103214
        Encrypted:false
        SSDEEP:
        MD5:91F06491552FC977E9E8AF47786EE7C1
        SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
        SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
        SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
        Malicious:false
        Reputation:unknown
        Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15114
        Entropy (8bit):5.369246755424175
        Encrypted:false
        SSDEEP:
        MD5:5EC36C145A73DD9AAEF3E74E13C55FAB
        SHA1:383A91EDA796DE6B3FE363397C2F7D14BBE4C856
        SHA-256:6E5EB5227CE7AD5FAE2481664A4BC30A204586414246D181311B29574B8EAEEB
        SHA-512:CD7A3E0ED51C47A09ED5AA88101FAF3E1CD4C6EA7570A56135F2AFAD8DF261E3EF04D4060503B10FD5E3AF170712C8691FB283F5D1FA3B97AD8EDE5E0A092E4B
        Malicious:false
        Reputation:unknown
        Preview:SessionID=7fae8258-ce13-434b-996d-3dadc4698979.1742233717781 Timestamp=2025-03-17T13:48:37:781-0400 ThreadID=6488 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=7fae8258-ce13-434b-996d-3dadc4698979.1742233717781 Timestamp=2025-03-17T13:48:37:782-0400 ThreadID=6488 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=7fae8258-ce13-434b-996d-3dadc4698979.1742233717781 Timestamp=2025-03-17T13:48:37:782-0400 ThreadID=6488 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=7fae8258-ce13-434b-996d-3dadc4698979.1742233717781 Timestamp=2025-03-17T13:48:37:782-0400 ThreadID=6488 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=7fae8258-ce13-434b-996d-3dadc4698979.1742233717781 Timestamp=2025-03-17T13:48:37:783-0400 ThreadID=6488 Component=ngl-lib_NglAppLib Description="SetConf
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29752
        Entropy (8bit):5.424658700516149
        Encrypted:false
        SSDEEP:
        MD5:7BC9FC0918FBBEB4921FAEC29EF70148
        SHA1:D0614919C8D04A2B48722665F1E2841318174F2C
        SHA-256:EE68B31528893F263C1658AB3D976837B4A8CA93507A7AC68E1ACC5A89FB287B
        SHA-512:A7CC8DFB99BD93388D4098FC9537DCC1A080D832A1620BEFBBFB7BD2D0D8BFA711BCD70B80A05C056E579011A5E3F16CA6D5C91D2013CB8DC5EB8C95F69A6D8B
        Malicious:false
        Reputation:unknown
        Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Reputation:unknown
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:
        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
        Malicious:false
        Reputation:unknown
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:
        MD5:732C4E8507E4D875CFE981D71D21E2DD
        SHA1:E7D7F6AD262BD324742DC268F3A5B500AB2EA283
        SHA-256:7D24D933CAD1A56D78F9CA6AB4F0CE2481BE9AFA663B64EE177BF6E2E1B18715
        SHA-512:C51FCF5C69D56F6555CFFE1D13946B379D06E5C6DA721A5764DAD63E6215C9C3B868CC20D328A1C1B691661AFC27509C0D6C90F36F05885EBC1C48F648E509E8
        Malicious:false
        Reputation:unknown
        Preview:...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=*.R........4..(WCMQ..u]]R...R......5.*..N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]|..7;.5....^..7(.E..@..s...2..}..j....*...t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...z*Bs|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5|:bj[.._R{gi...^
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:
        MD5:F6CACB4A8F3328CA8C06812420C0337E
        SHA1:184589C5954FE73E4DF5569A0D0E2F85189917DF
        SHA-256:91E9A938AF33129F4DD910E38980BEAC9C64982E76458D75B92CB03B0FBCDFD6
        SHA-512:78D790967B665A9EC54C92ECB89336A67D8ED7B385B25AC465A28F31BF88D7DFC1A2FAE4791BEE33E48CE5EF783C1C9169D1C905E9CFCA090FF54C71335FA0A0
        Malicious:false
        Reputation:unknown
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        File type:PDF document, version 1.5
        Entropy (8bit):5.6861504822482205
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:1099-NEC.pdf
        File size:40'895 bytes
        MD5:b77cf9ae7bea425d8a5d42eacee9d226
        SHA1:ee9c30b16aee8039e681b26c5d6297be6497c723
        SHA256:1b1a8d3ff270bb9a5b3f1aa59453c3f7d509eaa65e4df517493d236b7acdb903
        SHA512:8ddab66e3a4259d1900016267f71f0bb727b6304c7ece1d4529cfd32eb55f25d013dd839828e86829b4d029741331e674e612e3051430481a4b631914018f26a
        SSDEEP:384:PXwVVcX8YbmWG3cdW0nwcP3r+8cQe1nva3:/xMYbWWjPCTQe1i3
        TLSH:C70392174C0D8E539068C7E4BF861D5C3B662A1EEC8279FF346E4ECA7F681525C8912B
        File Content Preview:%PDF-1.5.%.....2 0 obj.<<./Metadata 4 0 R./Names <<./JavaScript 5 0 R.>>./OpenAction 6 0 R./Pages 7 0 R./Type /Catalog.>>.endobj.4 0 obj.<<./Length 2866./Subtype /XML./Type /Metadata.>>.stream.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpme
        Icon Hash:62cc8caeb29e8ae0

        General

        Header:%PDF-1.5
        Total Entropy:5.686150
        Total Bytes:40895
        Stream Entropy:5.609810
        Stream Bytes:39823
        Entropy outside Streams:5.381436
        Bytes outside Streams:1072
        Number of EOF found:1
        Bytes after EOF:
        NameCount
        obj7
        endobj7
        stream6
        endstream6
        xref0
        trailer0
        startxref1
        /Page0
        /Encrypt0
        /ObjStm1
        /URI0
        /JS0
        /JavaScript1
        /AA0
        /OpenAction1
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0
        IDDHASHMD5Preview
        1307d0d00fc000000095b5ec6c3030a06ad34666be16194964