Edit tour

Windows Analysis Report
Invoice Number INV132146-1.pdf

Overview

General Information

Sample name:Invoice Number INV132146-1.pdf
Analysis ID:1646734
MD5:786bb21da0bc0a7a90278e99818d59a9
SHA1:1b63a43223fa7a5d275d0b3631bee54fe8ca181c
SHA256:3f193b89c9274026c94b4da74272c7160f1c6f76d5a64594ebb66b103d1e38d2
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected landing page (webpage, office document or email)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • Acrobat.exe (PID: 6276 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice Number INV132146-1.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6448 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6776 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1568,i,5704828894387687914,10152428168615268147,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: Invoice Number INV132146-1.pdfVirustotal: Detection: 10%Perma Link
Source: Invoice Number INV132146-1.pdfReversingLabs: Detection: 25%

Phishing

barindex
Source: PDF documentJoe Sandbox AI: Page contains button: 'Open' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'open'
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.46.224.249:80
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.46.224.249:80
Source: global trafficTCP traffic: 23.46.224.249:80 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.46.224.249:80
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.46.224.249:80
Source: global trafficTCP traffic: 23.46.224.249:80 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 23.46.224.249:80 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 23.46.224.249:80 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.46.224.249:80
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.46.224.249:80
Source: global trafficTCP traffic: 23.46.224.249:80 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 23.46.224.249:80 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 23.46.224.249:80
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: classification engineClassification label: mal52.winPDF@17/24@1/53
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6372
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-24 03-10-28-545.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: Invoice Number INV132146-1.pdfVirustotal: Detection: 10%
Source: Invoice Number INV132146-1.pdfReversingLabs: Detection: 25%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice Number INV132146-1.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1568,i,5704828894387687914,10152428168615268147,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 200ACBDEE447AA8EEF305FD19DB50862
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1568,i,5704828894387687914,10152428168615268147,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Invoice Number INV132146-1.pdfInitial sample: PDF keyword /JS count = 0
Source: Invoice Number INV132146-1.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Invoice Number INV132146-1.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution
1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local System2
Non-Application Layer Protocol
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS Memory1
System Information Discovery
Remote Desktop ProtocolData from Removable Media2
Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
Invoice Number INV132146-1.pdf11%VirustotalBrowse
Invoice Number INV132146-1.pdf25%ReversingLabsDocument-PDF.Trojan.ScamX
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    high
    e8652.dscx.akamaiedge.net
    23.46.224.249
    truefalse
      high
      x1.i.lencr.org
      unknown
      unknownfalse
        high
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        23.51.56.185
        unknownUnited States
        4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
        3.219.243.226
        unknownUnited States
        14618AMAZON-AESUSfalse
        162.159.61.3
        unknownUnited States
        13335CLOUDFLARENETUSfalse
        199.232.214.172
        bg.microsoft.map.fastly.netUnited States
        54113FASTLYUSfalse
        23.46.224.249
        e8652.dscx.akamaiedge.netUnited States
        16625AKAMAI-ASUSfalse
        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1646734
        Start date and time:2025-03-24 08:09:45 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:14
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        Analysis Mode:stream
        Analysis stop reason:Timeout
        Sample name:Invoice Number INV132146-1.pdf
        Detection:MAL
        Classification:mal52.winPDF@17/24@1/53
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Exclude process from analysis (whitelisted): svchost.exe
        • Excluded IPs from analysis (whitelisted): 23.51.56.185, 3.219.243.226, 52.22.41.97, 52.6.155.20, 3.233.129.217, 162.159.61.3, 172.64.41.3, 172.202.163.200, 184.31.69.3
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):290
        Entropy (8bit):5.155398777867484
        Encrypted:false
        SSDEEP:
        MD5:694BF3F5AAEB3EA75D8BC3482757410A
        SHA1:60B027E80504113246BC8ECA784184A86034B1E3
        SHA-256:B5BF251108B20759B057A50B3389829B954A87A3CAA0640B277FE874A51F3D48
        SHA-512:B0F2D72CD6FEDDCE0FE9BAB52996947A8287FA8CA4C1E0AA0211070F70EB844D4F852CA391303BD349B058A04C30DEBFAD910151A22599BD6A741997DF0E8193
        Malicious:false
        Reputation:unknown
        Preview:2025/03/24-03:10:27.468 1a04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/24-03:10:27.470 1a04 Recovering log #3.2025/03/24-03:10:27.470 1a04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):334
        Entropy (8bit):5.187840486879328
        Encrypted:false
        SSDEEP:
        MD5:F256692B75FA3CD5DF54463761680FA9
        SHA1:BC39CF10DEA9CCD9D6851A8A99DE0C0EB72A2F82
        SHA-256:E4D6E5260E71F8DFA868FE0206571EAD3C09853145FDE55E9512E394D09804E2
        SHA-512:E04BE31957C456925ED4AF418D049C04193A302D3348408FDBAB6F9756160369FEA9C0E37DACA28DD5F47C0841B9BB994E118BE093138BF01FEFB3E26A47E745
        Malicious:false
        Reputation:unknown
        Preview:2025/03/24-03:10:27.386 1a94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/24-03:10:27.389 1a94 Recovering log #3.2025/03/24-03:10:27.390 1a94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):403
        Entropy (8bit):4.953858338552356
        Encrypted:false
        SSDEEP:
        MD5:4C313FE514B5F4E7E89329630909F8DC
        SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
        SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
        SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):402
        Entropy (8bit):4.986005727263751
        Encrypted:false
        SSDEEP:
        MD5:1EE616D83491BC7DD5D576D842013DAA
        SHA1:407BFDDEF1E2C9692237376E7A8E6F74D5B8CC82
        SHA-256:9BA19086B562D7CB2743D25B08235996471E6C4D704F93637543A9CCE174FB22
        SHA-512:D99DD823B5B488DADC9B210CD6081D1350B0A85C86CF0A65DC9121C99B4FA77BA892D2D8E147CF2A3A428BF74A3833D2BCD14F6887B58AD7A94B65C8920ECCF2
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387360232959559","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":98614},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):0
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:
        MD5:4C313FE514B5F4E7E89329630909F8DC
        SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
        SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
        SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):0
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:
        MD5:4C313FE514B5F4E7E89329630909F8DC
        SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
        SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
        SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4099
        Entropy (8bit):5.228296611937333
        Encrypted:false
        SSDEEP:
        MD5:84ACAE832203AFD8F879C05AEB03F408
        SHA1:0C9CDAFE5CD33C997BB026EE155A5D237E3866F0
        SHA-256:14274E9064FB1ECAAC075BDA90E1FC90946C5FED381FA17EEBF859D77BA18382
        SHA-512:761E5A78740CD77E7777B875A78C6521F9F6E85B17C99BD08BBDFB50083765217DAD190639163D5FE55488C00940AE4766EB87F889D00818D4B3D15237008656
        Malicious:false
        Reputation:unknown
        Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):322
        Entropy (8bit):5.175106866320774
        Encrypted:false
        SSDEEP:
        MD5:3A9DF27681F3CE59BD55805EC5B84B4A
        SHA1:8625D2B61395EE2843B155C9D3ABA46549936270
        SHA-256:2355E8BC7434F768AA0D9FD526D0F11CDADB763708F0ABF95C5D8A0B4C4AFA0A
        SHA-512:93682D882BD255C45816087593B38BE210A864D4C7F3FC581C64D37B10361E50A6AEBBB2C4667B3C0C62FE4B6DB4DFA0A5881BB26F9002E4CE3C35A79A436FAB
        Malicious:false
        Reputation:unknown
        Preview:2025/03/24-03:10:27.503 1a94 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/24-03:10:27.505 1a94 Recovering log #3.2025/03/24-03:10:27.506 1a94 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 164 x -126 x 32, cbSize 82710, bits offset 54
        Category:dropped
        Size (bytes):82710
        Entropy (8bit):1.2272662388702138
        Encrypted:false
        SSDEEP:
        MD5:98F06D06F95BE5918A05315393F18BDF
        SHA1:37E3683B0A201DB8E67E2341002E04152E145A9C
        SHA-256:DEBA64094F095542C8C7D2FD63C311A724D644802201B8CF3660B531CFCAE3F2
        SHA-512:80A45505F1B613B6172A32F52BC8C8AFE3DF8412499AD08116B356B8E081AA70F41A39144F4B91C10A5CD14F26943C34DF48E22A19AE1D0A6FEC63B42B255C01
        Malicious:false
        Reputation:unknown
        Preview:BM.C......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
        Category:dropped
        Size (bytes):57344
        Entropy (8bit):3.291927920232006
        Encrypted:false
        SSDEEP:
        MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
        SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
        SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
        SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
        Malicious:false
        Reputation:unknown
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):16928
        Entropy (8bit):1.212995931888481
        Encrypted:false
        SSDEEP:
        MD5:8D68976F3D774CC83375D81085027DCC
        SHA1:499AFEC243539B9BFA6305C478D1383A37AD3D96
        SHA-256:B005E1597605114BA00A54AFB2C0BCC4CCDDE4E6EFE15EB8E1D2D8006C24FCED
        SHA-512:DECFF01BC378985B7CDCB4AA250F2862226A51DB9E8A205C153F4CCC77B535C0A7CC66C42124D9241620F2351C9678B20A54F327B1D1FCB2DC82860EC9B06A38
        Malicious:false
        Reputation:unknown
        Preview:.... .c..... ..x........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):73305
        Entropy (8bit):7.996028107841645
        Encrypted:true
        SSDEEP:
        MD5:83142242E97B8953C386F988AA694E4A
        SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
        SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
        SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
        Malicious:false
        Reputation:unknown
        Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):330
        Entropy (8bit):3.2810756866948076
        Encrypted:false
        SSDEEP:
        MD5:B862AD66B14CE49F1415B1BB446D05D1
        SHA1:24779B8F059ACE4AE4EF8725679B8A7970F15404
        SHA-256:A33FB9FE61AB4CB01D3219B8A1FAC49F0CE8FE19D3C3B8485A4AB5D0A24E8D81
        SHA-512:1AD1EFEC2B829E73DE76FF7E834EBB8AEC9A74942C185940A25D24BAAA49749071B04B92C51B1B467E97D197AE0F2927E8C89820F3571AACB59C9E4A4EDDD2B4
        Malicious:false
        Reputation:unknown
        Preview:p...... ........y.*...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):185099
        Entropy (8bit):5.182478651346149
        Encrypted:false
        SSDEEP:
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Reputation:unknown
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):0
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:
        MD5:94185C5850C26B3C6FC24ABC385CDA58
        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
        Malicious:false
        Reputation:unknown
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Reputation:unknown
        Preview:....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2145
        Entropy (8bit):5.08170182397696
        Encrypted:false
        SSDEEP:
        MD5:200D41CF0E1DE4339B279A0583128780
        SHA1:C02029FAA8AF991886648749E92B53108C3D4E2A
        SHA-256:8569924AAA1E458114DD95567C35F4A8A5BF9979A0F91CFD4B7701EC964D7535
        SHA-512:887CE5AA6AE59048F3CFBC3B6E260EE56C9EDE71FE4A2BD123F85DBA73ED0CA9F27D24855E24BFB4F6047A738DAE594AE34037D84A48DC98D5A969DF7C4966C0
        Malicious:false
        Reputation:unknown
        Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1742800229000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f44756c6e08822e64c0e471a2499e34d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696585148000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e8f53b6740aba22a83a1a569cebedbcc","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696585148000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"cc1faa6a0c714f2f0c497731f1772fa2","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696585143000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"ab062dea95f25ef019cc2f5f5f0121d4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696583346000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"65580efad4bc88b91040ff50d71bfae9","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1255,"ts":1696583346000},{"id":"DC_Reader_Edit_LHP_Banner"
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):0.9878615041014948
        Encrypted:false
        SSDEEP:
        MD5:29A904C73D090CAF40190AB146A995A2
        SHA1:E7754052D2352565F66CFDFA46B978F794785605
        SHA-256:1F0A6852F9A46719AD912411E3D03DB45EC6E5266620134F789C94AFC1B2F3A3
        SHA-512:32335F54780444852A1A03C354DCE9951023BED4307B55173151A89E2947D1528F8A058359CD3E0D0C0EA2BF341F30C10BEA7E4424509E23B7AD5264C6881E36
        Malicious:false
        Reputation:unknown
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.3431125339371008
        Encrypted:false
        SSDEEP:
        MD5:8F9A1B912198C19F3800219E5DD728A8
        SHA1:0045E98C76CD1F817733FBB9EE03A07668C24312
        SHA-256:B7975D74695BCFD52F2346233AC99D2C747023B018B51BE0115E58C7DD92236C
        SHA-512:CB020115F0D5BCFCD5D45196984E8A8E39C92089E9A47907D2CFFB594DDED811ADA9D401B3B7D96A342EEDA71CA76E23EC923FD1099A7D21A230A5DD97FFFD64
        Malicious:false
        Reputation:unknown
        Preview:.... .c.....X.9.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.5146815864506182
        Encrypted:false
        SSDEEP:
        MD5:29C3746B0AF6D81C0D361F3FF58A3B31
        SHA1:1D9BB74F5816B6A0C643AACFE7326A2DA77C62FE
        SHA-256:FDC4EE27442DCD2D9B9A0E9CE3893F49B03D15FF8BDE7C65BFBE4094B62CEDAB
        SHA-512:4D79E9A5B42B255D41DFA06C730C7F13DB7862466152605F67C53FA416A4ADB56AC6B0C8E247BAB2BF2585B4D5C6DC9AABCBE77119D92976BBCF47CF1E2ACE39
        Malicious:false
        Reputation:unknown
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.3./.2.0.2.5. . .0.3.:.1.0.:.3.3. .=.=.=.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.353642815103214
        Encrypted:false
        SSDEEP:
        MD5:91F06491552FC977E9E8AF47786EE7C1
        SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
        SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
        SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
        Malicious:false
        Reputation:unknown
        Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15114
        Entropy (8bit):5.318186591948002
        Encrypted:false
        SSDEEP:
        MD5:A68245AB492DA8EFACC1E7BF088FBE4E
        SHA1:23F434152CFCF898F0148279233705C35BD0AFF8
        SHA-256:ABD63FA9E80634D62965336CD87BD2E7219CB14568FD5885F7C2BA11DE318004
        SHA-512:9A1EAB56DF1DC62F6271A1B3F959DC40E6655252E035DFC2119A828B740F0D27855D0F5C4930E44C2F551986D604F0F7D5556BFE3B707D2BBF56A0E5B5CE4295
        Malicious:false
        Reputation:unknown
        Preview:SessionID=844ad232-dee0-4afa-acdd-23f757131fbe.1742800228564 Timestamp=2025-03-24T03:10:28:564-0400 ThreadID=2548 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=844ad232-dee0-4afa-acdd-23f757131fbe.1742800228564 Timestamp=2025-03-24T03:10:28:566-0400 ThreadID=2548 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=844ad232-dee0-4afa-acdd-23f757131fbe.1742800228564 Timestamp=2025-03-24T03:10:28:566-0400 ThreadID=2548 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=844ad232-dee0-4afa-acdd-23f757131fbe.1742800228564 Timestamp=2025-03-24T03:10:28:566-0400 ThreadID=2548 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=844ad232-dee0-4afa-acdd-23f757131fbe.1742800228564 Timestamp=2025-03-24T03:10:28:567-0400 ThreadID=2548 Component=ngl-lib_NglAppLib Description="SetConf
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29752
        Entropy (8bit):5.417127675425859
        Encrypted:false
        SSDEEP:
        MD5:5ECF1D8F930EAEA73A279EDAA3AC6469
        SHA1:815072B6784E8F5D4C8189F91672ACE2D5F5E0C9
        SHA-256:B9554A6CCEEC216469ACD5C9EEBED16D453D64CE02937C7C138B32ED496E3660
        SHA-512:410AA673EE44429F32E2EAE0E5D31D4EA13ACB62DA71BC7522A94CD4B763EBC63F9E420F97DB96F6FF0F7D07B81630A7C023DCED4EBCBCD2AEDB4114B4DBFC4C
        Malicious:false
        Reputation:unknown
        Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:
        MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
        SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
        SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
        SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
        Malicious:false
        Reputation:unknown
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Reputation:unknown
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:
        MD5:00F89861500816F019B189EFEFB5726B
        SHA1:FE8E77FAE826B5B965E08EEEDBC902F5D9F970E5
        SHA-256:4C3FB25DCFB4C329159C076F6CA0865B5C355E52DB3C0CB213806A0018AED0EB
        SHA-512:D880C0469B8BDA1F2CCEF6DA0CF7E87365F059A48BBCC2B4B7FA61A9FFC9BE8264EAC592287831E827783D59B6C74D15BD57DD9D0236145F7CFB799B516A0D72
        Malicious:false
        Reputation:unknown
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Reputation:unknown
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
        File type:PDF document, version 1.6
        Entropy (8bit):7.929661539673598
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:Invoice Number INV132146-1.pdf
        File size:52'893 bytes
        MD5:786bb21da0bc0a7a90278e99818d59a9
        SHA1:1b63a43223fa7a5d275d0b3631bee54fe8ca181c
        SHA256:3f193b89c9274026c94b4da74272c7160f1c6f76d5a64594ebb66b103d1e38d2
        SHA512:5a2eef7c1a61b777c644b15e38070b3ffe358e69785a235b9cfa440ddc403bd509c786c843eb0d60063d14d2a560badd8df12c9cd9c060891766a444d2a46649
        SSDEEP:1536:oaZC54j2Aup+lgekiqCAltX3/MCgPnTn9d6:HZCSaAusSi+XvjETn9d6
        TLSH:DB3302BCA895CC9DDEA459F62440438E42DFAC379FD617312ECBE3419E8930AF584DA4
        File Content Preview:%PDF-1.6.%.....2 0 obj.<<./Lang <FEFF0045004E002D00550053>./MarkInfo 4 0 R./Metadata 5 0 R./PageLayout /OneColumn./Pages 6 0 R./StructTreeRoot 7 0 R./Type /Catalog./AcroForm 8 0 R.>>.endobj.5 0 obj.<<./Subtype /XML./Type /Metadata./Filter /FlateDecode./Le
        Icon Hash:62cc8caeb29e8ae0

        General

        Header:%PDF-1.6
        Total Entropy:7.929662
        Total Bytes:52893
        Stream Entropy:7.929453
        Stream Bytes:51803
        Entropy outside Streams:5.201380
        Bytes outside Streams:1090
        Number of EOF found:1
        Bytes after EOF:
        NameCount
        obj9
        endobj9
        stream7
        endstream7
        xref0
        trailer0
        startxref1
        /Page0
        /Encrypt0
        /ObjStm1
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm1
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0
        IDDHASHMD5Preview
        3211313038394f373699a66323ff5e1bcbb778db6bfb3b60cf