Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Final-Payment-Doc#243414512.pdf

Overview

General Information

Sample name:Final-Payment-Doc#243414512.pdf
Analysis ID:1647371
MD5:50ecb9ff5a65893f2c9957c4535dbce1
SHA1:c3d35b941259ae9898dd4a83705e6e0cc5b58159
SHA256:56091ae2d7b7305877be530278a3ee3487ddab73dbb4cd26aa04e9aa8c6438e9
Infos:

Detection

Score:48
Range:0 - 100
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
Suspicious PDF detected (based on various text indicators)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 7008 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Final-Payment-Doc#243414512.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6224 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6192 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1740 --field-trial-handle=1568,i,3908935349301478340,2806000717914453746,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: PDF documentJoe Sandbox AI: Page contains button: 'REVIEW DOCUMENTS' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'review documents'
Source: Adobe Acrobat PDFOCR Text: docusign Accounts sent you a payment copy. REVIEW DOCUMENTS Dear User, Please find the payment copy above dated 03/24/2025. Thank you and have a wonderful day! Accounting Division Team Leader Powered by docusign DISCLAIMER: This communication contains confidential information intended only for the person(s) to whom it is addressed. Any distribution, copying or disclosure is strictly prohibited. If you have received this message by mistake, please notify us immediately and delete this message without reading or copying it. Unless explicitly and conspicuously stated in the subject matter of the above e-Mail, this e-mail does not constitute a contract offer, a contract amendment or an acceptance of a contract offer. This e-mail does not constitute consent to the use of sender's contact information for direct marketing purposes or for transfers of data to third parties, neither can be considered a recommendation, suggestion or proposal for investment in any financial mark
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49701 -> 23.39.37.95:80
Source: global trafficTCP traffic: 192.168.2.16:49701 -> 23.39.37.95:80
Source: global trafficTCP traffic: 23.39.37.95:80 -> 192.168.2.16:49701
Source: global trafficTCP traffic: 192.168.2.16:49701 -> 23.39.37.95:80
Source: global trafficTCP traffic: 192.168.2.16:49701 -> 23.39.37.95:80
Source: global trafficTCP traffic: 23.39.37.95:80 -> 192.168.2.16:49701
Source: global trafficTCP traffic: 23.39.37.95:80 -> 192.168.2.16:49701
Source: global trafficTCP traffic: 23.39.37.95:80 -> 192.168.2.16:49701
Source: global trafficTCP traffic: 192.168.2.16:49701 -> 23.39.37.95:80
Source: global trafficTCP traffic: 192.168.2.16:49701 -> 23.39.37.95:80
Source: global trafficTCP traffic: 23.39.37.95:80 -> 192.168.2.16:49701
Source: global trafficTCP traffic: 192.168.2.16:49701 -> 23.39.37.95:80
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: classification engineClassification label: mal48.phis.winPDF@17/41@1/63
Source: Final-Payment-Doc#243414512.pdfInitial sample: https://ekhlornzg.2e7web.com/
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-24 13-39-16-142.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Final-Payment-Doc#243414512.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1740 --field-trial-handle=1568,i,3908935349301478340,2806000717914453746,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 8A3A82CB1345A099FDC7496E755F569A
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1740 --field-trial-handle=1568,i,3908935349301478340,2806000717914453746,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Final-Payment-Doc#243414512.pdfInitial sample: PDF keyword /JS count = 0
Source: Final-Payment-Doc#243414512.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Final-Payment-Doc#243414512.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Final-Payment-Doc#243414512.pdfInitial sample: PDF keyword obj count = 63
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		3
Exploitation for Client Execution		1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive1
Ingress Tool Transfer		Automated ExfiltrationData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    e8652.dscx.akamaiedge.net
    		23.39.37.95
    		truefalse
      		high
      x1.i.lencr.org
      		unknown
      		unknownfalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        23.39.37.95
        		e8652.dscx.akamaiedge.netUnited States
        		16625AKAMAI-ASUSfalse
        23.199.48.153
        		unknownUnited States
        		20940AKAMAI-ASN1EUfalse
        23.203.104.175
        		unknownUnited States
        		16625AKAMAI-ASUSfalse
        199.232.210.172
        		bg.microsoft.map.fastly.netUnited States
        		54113FASTLYUSfalse
        18.213.11.84
        		unknownUnited States
        		14618AMAZON-AESUSfalse
        172.64.41.3
        		unknownUnited States
        		13335CLOUDFLARENETUSfalse

        General Information

        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1647371
        Start date and time:2025-03-24 18:38:42 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:16
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        Analysis Mode:stream
        Analysis stop reason:Timeout
        Sample name:Final-Payment-Doc#243414512.pdf
        Detection:MAL
        Classification:mal48.phis.winPDF@17/41@1/63
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Exclude process from analysis (whitelisted): SIHClient.exe
        • Excluded IPs from analysis (whitelisted): 23.199.48.153, 18.213.11.84, 50.16.47.176, 54.224.241.105, 34.237.241.83, 172.64.41.3, 162.159.61.3
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
        • Not all processes where analyzed, report is missing behavior information

        Created / dropped Files

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):290
        Entropy (8bit):5.2757830973522015
        Encrypted:false
        SSDEEP:
        MD5:5F684F667A066DC3614D13161483D9E7
        SHA1:D2CBA2F2C962DD5C47CF3A980E29A9FF39B0AA5B
        SHA-256:4DAFCDE1EA271EA6B68590C89A8FAA584131DD1362973069D2F30E6B0A3C26DF
        SHA-512:11E11B812E977ADB36A91709BED891C5F5A11AD2CAAB8E65237559253516FDA352721CFE04BA9CB0FC4652A44D47FEB3603C41A04D0529190370A80E5F62AAF2
        Malicious:false
        Reputation:unknown
        Preview:2025/03/24-13:39:14.674 18bc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/03/24-13:39:14.676 18bc Recovering log #3.2025/03/24-13:39:14.677 18bc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):334
        Entropy (8bit):5.175648178061589
        Encrypted:false
        SSDEEP:
        MD5:62CA65E5369831489DADF4A3E0E68C75
        SHA1:12706B87523A0D2CDCAD101F7103A09F33E587E0
        SHA-256:ECF4394153F7FABF7118169B8B6A4A222C819E6A2E40AFACE4B93BF289750B36
        SHA-512:6CC881825D42353952051ABAC50AF7804C7C8E00A52B98CF7F19E820C9C6B3ECA83B962CB7CF4F6521F4230F54544FEF516A273AF77E2BA9D6891E12700B2B58
        Malicious:false
        Reputation:unknown
        Preview:2025/03/24-13:39:14.479 1910 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/03/24-13:39:14.493 1910 Recovering log #3.2025/03/24-13:39:14.497 1910 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3428c01a-d592-4e09-9d67-87b93a4136ea.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:modified
        Size (bytes):403
        Entropy (8bit):4.953858338552356
        Encrypted:false
        SSDEEP:
        MD5:4C313FE514B5F4E7E89329630909F8DC
        SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
        SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
        SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9db04870-b055-478c-a164-49dbe6ae846e.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):403
        Entropy (8bit):4.998027740685806
        Encrypted:false
        SSDEEP:
        MD5:65B459CA53C67CDC0178632415E94B02
        SHA1:47652F386B4B2771BBDDBEB52B86AD8E0D7F928D
        SHA-256:F9DE55B70572B0FC6D7FC76710065B4CD6AB0812049CDBC3CCE2963CE7141F16
        SHA-512:5F26E72238DEFBD1850EC03E0C911263DD0CB4BCCB56E261C6176232919005C0142EA947E9548614DFCACB60762CC8A83C11758DD3FA24D4CDFA4A8D224FABCD
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13387397966455043","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":109750},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):0
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:
        MD5:4C313FE514B5F4E7E89329630909F8DC
        SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
        SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
        SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF4b8408.TMP (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):0
        Entropy (8bit):0.0
        Encrypted:false
        SSDEEP:
        MD5:4C313FE514B5F4E7E89329630909F8DC
        SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
        SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
        SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
        Malicious:false
        Reputation:unknown
        Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4099
        Entropy (8bit):5.236275108588788
        Encrypted:false
        SSDEEP:
        MD5:E5F44AC251E0C14B983F86BC38552E3A
        SHA1:26FFD83FD8B1782CDA461373C426232F819F5727
        SHA-256:580A41406039934F122FA53CC2950A29C5257EE9043B0EC2330133FC4488D367
        SHA-512:415BD189F1BB85F7A72C54A61F7690D0692C314F3090D3B060006FFA96C8D311B356A747323C6F13C2BB3527BAA91001065F87A9E5B0F0B268868FA1C11D0782
        Malicious:false
        Reputation:unknown
        Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):322
        Entropy (8bit):5.202876604027605
        Encrypted:false
        SSDEEP:
        MD5:A080D0A7B50065AFE877B8F69293AB76
        SHA1:1D599AF7AE226B9512283A46DD8A63F1BD7D6AC6
        SHA-256:30C0EED568FA7F5C579C5C81A7885CF2ACA73F3263BF15701698598B7DEB5AE7
        SHA-512:3CC3343CD8C9243D72DC8871FF0F4270B8F1CFBC3DF2DC3B3778EF10A122BAFAEEA1AD40D10FDDB79455F950BC50A87B5D0B4AEADE84B182D083575754DFAB00
        Malicious:false
        Reputation:unknown
        Preview:2025/03/24-13:39:14.715 1910 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/03/24-13:39:14.716 1910 Recovering log #3.2025/03/24-13:39:14.719 1910 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250324173918Z-163.bmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
        Category:dropped
        Size (bytes):71190
        Entropy (8bit):2.53375772161049
        Encrypted:false
        SSDEEP:
        MD5:3EED32185516199D28CF59B312589915
        SHA1:EA4674AE81AAE910576202ADB61E7B4381FBA3A9
        SHA-256:7294F3DD30B07BCEE4650DC3F26B1E5E752044217C5C7C4CB777B8BE46E06A6B
        SHA-512:AA48043CB52B92B2D49097BB5F311193CBF548CABB041F5D04299C126D0E9CE2AE00F44329162E9942FFB16FEEE753EF87D795479322500A7FB78A765842A55B
        Malicious:false
        Reputation:unknown
        Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
        Category:dropped
        Size (bytes):57344
        Entropy (8bit):3.291927920232006
        Encrypted:false
        SSDEEP:
        MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
        SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
        SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
        SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
        Malicious:false
        Reputation:unknown
        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):16928
        Entropy (8bit):1.2147313964030493
        Encrypted:false
        SSDEEP:
        MD5:7DEF100A78FCDDF8A428C8FA2D69209E
        SHA1:6569571A8245A55EC00D13D44D46ECEACF8060DD
        SHA-256:1A699D94D6075D944C7DCDA291E6AFE0620E3B4A999297E5879A6E73D5BE31E2
        SHA-512:481407B3EB81A31DD1CCF06D6B3D152944A6E1C337F7F751C7E98197B4E597421EBD44A04D1F374C77ED43A712ECB192CE0A90392AC5CEBE587D8CB3DED428AA
        Malicious:false
        Reputation:unknown
        Preview:.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Reputation:unknown
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):73305
        Entropy (8bit):7.996028107841645
        Encrypted:true
        SSDEEP:
        MD5:83142242E97B8953C386F988AA694E4A
        SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
        SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
        SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
        Malicious:false
        Reputation:unknown
        Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.7673182398396405
        Encrypted:false
        SSDEEP:
        MD5:61F56761165DA0BA6D218B905F034A94
        SHA1:DC1662B6DDCAE70BBCEEB32B54E6148B9303B540
        SHA-256:C12FE548A91CF1144869DB307E05BD2C921C4E367F093F6362B8DEFD30BC07F4
        SHA-512:9D585889E9801DE277AD14E5C594C8DDB593BDA558F20D647A71A31D5909C160843314836D296C59CC3F61F39847D4AD287C168B9498668476D9FBC2C0FF80B9
        Malicious:false
        Reputation:unknown
        Preview:p...... .........[.....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):330
        Entropy (8bit):3.2871362927554135
        Encrypted:false
        SSDEEP:
        MD5:E6A302AFABC4616FE739A9FBBCBD1DD2
        SHA1:86E5277DA2A23E45FEAB078411A8A12DE084C53D
        SHA-256:A7953E6450428F0486B14E2CB037FBB53991565CC0FC7621059FC7DAA48211B5
        SHA-512:15C491A46C0980FC497B31242DE691CA6FA772ED5E8657A92BE4430CD59FACDB35255D9A879CDE8D39A166656BA61AE049FF188EFFE69A5AFA7AD720C2E7EB6A
        Malicious:false
        Reputation:unknown
        Preview:p...... ..............(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.391108215739229
        Encrypted:false
        SSDEEP:
        MD5:C23435BD657EE995E246A75C8720EAAE
        SHA1:738B07B7C6EAA5AB9510BC2CE535BBEBD914D5D0
        SHA-256:BA4B98525DB5590063EE6736AEF63280C748651FE5E6BD802D4662C5874FCD28
        SHA-512:33C4619126207AD7710F74F7A9256BCB5176BE0E19C5F7DFA36AD24347BD8A4546F560A9E922E6A1F30477EF636BEF7619C2F4BC955959D21F47B685B51B4BF4
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.340594853849948
        Encrypted:false
        SSDEEP:
        MD5:AD5F5C848E2F9E3A0E85C27DADC87C2F
        SHA1:99961F35ABD5DDFFA59AC6B46143D09B880FC35B
        SHA-256:075C1399F5FB6ED0B4246CFD3639CB965699E76282B39F64BDDAAD5BED7930FD
        SHA-512:6FAD2BE54F3D221E7C50A375C99C1EF4757BA603B89D6E9F52236D8154BDB3A56F35C66EAEB945656552BA5367C3854E408E2BFBEC6FDCEDE8D8962180599EA2
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.318854349207755
        Encrypted:false
        SSDEEP:
        MD5:501618DB92D35792C7924F056476D987
        SHA1:12AFE0438AD69DCBB2F2D201E73029604C85D883
        SHA-256:3A786DCFE06C06C1E11BDE5FE0F74CDF448CB91C1833E6A44109ED68DC083464
        SHA-512:E10E094CB442CC3F1EF9CD676FB3AED271019D0640E0A35920E0BFFBB2D72EDD95B4998CAA9B89A9400FDE061856830822A66A276E955C59149868F82B0F2516
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.380461907266963
        Encrypted:false
        SSDEEP:
        MD5:09E80E8709AC623176C33F1820DA058F
        SHA1:9FB661001502F9106C210D95459ED1DA5585C735
        SHA-256:A1768D9F67FB16702402E35F32124CEDFB9571D43CAAFD909173124F53816B3F
        SHA-512:BCBA264EDAE58FBB5AD0A7570BACFC6928B450D9740C70FE93D7BFCC1FCAB48889331A86C8199A071FD427A70536CCB2A1DC45AB8C8054F639C02F8F4D9BFA20
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2129
        Entropy (8bit):5.845199453657125
        Encrypted:false
        SSDEEP:
        MD5:F14E716AFB584BFA931A6ED6540DFCC9
        SHA1:AE8E5C9F728EE035E0E66E0359CB982B2E30189D
        SHA-256:3AD5B4EA225D013E49654DFC651ACD0550DA41B5EE0946099DE15B724FBD6648
        SHA-512:F4949D1037B440102D9CBBCD9A05B487D7107FB4DBE03BF077E83558909F2CBAA8E468BB85020C50B7B279E97D6A8D1E4DA055DB6687B3270689003F9D05EF18
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZWhhdmlvciI6bnVsbCwiY3RhVXJsIjpudWxsLCJjdGFVcmxUeXBlIjpudWxsLC

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.329391490227523
        Encrypted:false
        SSDEEP:
        MD5:46D22F13EA47AFDEC8A6F77BD6A6D859
        SHA1:4E04131BA4AF9DB0C462B4182EEDC8416580AC5B
        SHA-256:E22DEFB8922EAF0B64C61FFF6717F367EEE0C1ED0D3D8ACC50F5A8A79B9E7C3B
        SHA-512:966F9E227AD230FE1231D95045A5F86F31C1D3D941DCE00E37E882AC12C1CCBF1629B02DD084030D58794D98259C5DFD31722ABBC55F586AE9F7E599B511571D
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.331393950167724
        Encrypted:false
        SSDEEP:
        MD5:806086507018D2212BB8B5396066864B
        SHA1:5C85914816AADEA006FF181D1D96B0754A023E54
        SHA-256:AF745AAC1F3533305A0F5E8015CA2DDCDCBA411CE2CF8B0B83E7BCD698097C0C
        SHA-512:D526DAEC90F43761E3D194415A5415B131A34B27DF4A899748BC30F10F9E7CEF21F7F4806EE443FFFC15D2343CFA1832FD9F34BCFA79F9D4CE9F35707BD35084
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2080
        Entropy (8bit):5.831345497554568
        Encrypted:false
        SSDEEP:
        MD5:BFF83C240D0AEA926EA17E652BEB8E11
        SHA1:0F7F297C53B2E45D52B12ED75C8625BF9DFA9B92
        SHA-256:89DA0D7D69A34B37F292F2ED7B68FF9DF890A25A8CCB41BEFB0BF545CC6EB19C
        SHA-512:B7AE0438494801117C79AAB68638F1E1DF39A753D182753599590B582935B8F238BD2699FD7FF5FC04B3D757FF57FD2A296C348FDBFDB9B3CD727391E77BD9BE
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGFkYXRhIjp7InN0cmluZ01ldGFkYXRhIjp

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.3551943782864475
        Encrypted:false
        SSDEEP:
        MD5:DC7FFB75C8D82BA5B134D1D1A6A03BE5
        SHA1:AE9303153522A9B6E9FAE0F71AA119E57B64C6DC
        SHA-256:3F5F2EC235542DA8D2CD3EBE2DAFFBCB6257BB69E2822C5C01002B647AE88F0F
        SHA-512:E3C7349C4EF9B25EBF9AF1B839AE2A9200F5D56475A1D9288B0065F63CC28A943E7C3AAD395FFF6B7E5D14FEED9D7A0D86377F77E692BEE1D4D2963D207AF602
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.335975989175615
        Encrypted:false
        SSDEEP:
        MD5:740532EAE795248EF96EABD8A53E52BD
        SHA1:4092D1C4D34AA0A2AEE73A7252E35C4FA6414179
        SHA-256:3A3486A33CA0ADC43AAB8288E0C23BD1A69E1EB1A0BDED254C2C8D32C861859B
        SHA-512:D55430EA85A05E65AA710EF3680575945403AFC39C5F0B7A5E24613EB96E95C53D114B73251BA706F54E0E6D92A2783312E604D982911F628591F2BC0CE4CB78
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):284
        Entropy (8bit):5.322659742089607
        Encrypted:false
        SSDEEP:
        MD5:B1432E52180A70DC454D31388E8AFA66
        SHA1:C6CE853F9DA9AEE9D422C2813582122661FA933A
        SHA-256:60633542C4B4D9D06DC80C6F48DEC883686B5B71B05E57DF120F836EC642A0B2
        SHA-512:A0D2F5B1F14A2ADA5BD5B88C80E22CB8498A54BE8FE80774AC47B5FDDA3F3829213C79AD3E936C75C79A19027C5AAD90FE3258959C96C1F3D5142F0BF1AB582F
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.319275829191913
        Encrypted:false
        SSDEEP:
        MD5:BBDC22F40416AC642A7D9093BE6B4C69
        SHA1:4C2AA32C55A6CF2CDD018D4018E06B794EACAE29
        SHA-256:CA686ABD9F066BCDEAA58ABD16D639F3D64B701B2708736C44137BC241B7E4FB
        SHA-512:9B343493052E9819916E4BE65709E0DEBD5CD8411D97670F817E26478E79BCBEDFF60A269A67B6BC092DF195317C554F53D1471738773E6B5CC7BDBD6E8664E7
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.322505360830012
        Encrypted:false
        SSDEEP:
        MD5:2A38A40B360EE50F593E8199232E5580
        SHA1:33C5C4CE8EDCB431C9527AB30EAFB34C4176A6B2
        SHA-256:F9F1D1203F341BBC0B883D59BCD143A9BE4740DBA4A853B5035AEAFAE01B826E
        SHA-512:01FBAA747C27BFA5963F27DF3DDE8492E66D1C33A8514206F6BE4E68B539645501F17EEC85AE7B77683533A65EE0EC439925E7AFD56BF54AFA2D01CE91FCD672
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2028
        Entropy (8bit):5.844794602150537
        Encrypted:false
        SSDEEP:
        MD5:6F014C144B8925D91F0F466DCB2914A4
        SHA1:1DF9886009EA01A9EBAD7D6F7929FE74BE378573
        SHA-256:140A5ED2258C486ACD89D5D17082A2D6FD8E8C6531C4AEDA2339CFBDBB52707A
        SHA-512:1258986DDFE753B0C0FE76FB6F34FA3F3E49E74ADF3A8A09B3DA61D39556064DF958287095E01B857E3DBC2456C75D692F5015D0871FAC3722991582054B5E4D
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJhY2tpbmdJZCI6bnVsbCwiX21ldGF

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.2986217825553075
        Encrypted:false
        SSDEEP:
        MD5:844CB5D09B4C45C9AC0EA1A866388BD8
        SHA1:3E63EB696B4B077449045E5959C3E7777591143B
        SHA-256:0365CEDE3BFEC9A0B9C7E2CF69C2867D8DCCB4105D9E31DC9B71804D6DB5550B
        SHA-512:6583B7EF5F10FAC46CCCCDD79DC44BE4954789EA6EC2AED7FCE5A8B802F2395804E24F5A4B31C77C1225F6E5E8F82E34758FF2F644A079841B9D231787F3F883
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):282
        Entropy (8bit):5.307059127337611
        Encrypted:false
        SSDEEP:
        MD5:D533603D9DCF889181A4E9C427B2A7BC
        SHA1:EFDF1623ED4D53F49AE83B9BCAFAE0D0CA444204
        SHA-256:4102BA7332F9478E9609A12C4BC12376E93E9D115F30AB9B2028208D7F78F9B8
        SHA-512:D8C7608E0B0340F859A43862C03A6F2AC691AD54A94C67ED686E35F62CE28C7AFBEB03D0F4AFA5D1C941A1E30888CAF687F749940A9657EC28B2B514067653AD
        Malicious:false
        Reputation:unknown
        Preview:{"analyticsData":{"responseGUID":"244c68c5-d52f-46b7-8748-f531b356e94d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1743017808560,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Reputation:unknown
        Preview:....

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2815
        Entropy (8bit):5.138053079507695
        Encrypted:false
        SSDEEP:
        MD5:7273AC163D2408B206E6305C4D087AF9
        SHA1:6F94BA3845BD76BD6BCE3875B7BE4BB1DC7DA013
        SHA-256:0509A075A71CD28F5969D027A89868D7F71F413D2731EE96AD53BF782F636B60
        SHA-512:4C160E0B2B39743FDD2296CCA5A0B1A2BBE6D22E3B21C8E8690FD6BEC075313A5F5572851D8C97176992910AA6417943B587A584F2F1B01E3D6A463B7299835B
        Malicious:false
        Reputation:unknown
        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"441f3dff0d0c76a9cfc6122b042753d8","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1742837958000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"288de35338e9b97cb9d3d9ddf9b0a361","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2028,"ts":1742837958000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"4272fc20a0178dd0fc536fb1e81f0782","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2129,"ts":1742837958000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"9a94f049566890cfe3c7eb6d6dcb142e","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2080,"ts":1742837958000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"7c6dcfccf50ca78c98e8a3d720f87978","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1742837958000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"8f935a630ae200216215f71c5fe0f382","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):0.9889142456955509
        Encrypted:false
        SSDEEP:
        MD5:E8B8813AA397571930DF22EDF2F0AF8F
        SHA1:6DD989628D1574EA0008B38542B6EE61F1871413
        SHA-256:3417B96570247B27F2B9090F77FB15385AA3ED18C7A50D43E8978F5821751315
        SHA-512:8825FC2510028500DDBE409C9B0A9160E86AC4EA80A0A4532ABEB63850F766178667CB34BFF21FD960E17483021349EA046F1148462C0D1CACCCA5DC525EF7FC
        Malicious:false
        Reputation:unknown
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.3421196119760717
        Encrypted:false
        SSDEEP:
        MD5:5A6EB3D077A2162D0597CD6966578377
        SHA1:2EB58CD28C9EF12F87F56396A5DC8A2A3F5E37B4
        SHA-256:45036A37B09CB8CA5A6711C9608C1E52F50E914C1979E6DEC8321FDD85F3BCD1
        SHA-512:C0E36BE957D1C9265381AAB86A7BB2DCEC71C5AEB5F4F2015C0826EDFD2B8C8DBA324A968F5DA88C96921BB4D9A6A60BB47A39A43B97368184A6815CA56DBB19
        Malicious:false
        Reputation:unknown
        Preview:.... .c......GN.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Temp\MSIa7603.LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.524398495091119
        Encrypted:false
        SSDEEP:
        MD5:ECB0331DC5E671FE632DF695EC5E3D81
        SHA1:1BEE3C9BD604B841A696E4466919DF7497A169E0
        SHA-256:198D2EE341769DA93064D1665253C768F33E8C1AE665601F2330F3F462A7177A
        SHA-512:6EA7A3D4FE96A313B2CDD2A4EC71301CF8378E20A7C20F264AE51AC9F5B32037B974682407CB492B9A2CF3D097F4A78274B3AD1766297367EEFD52335394ECFE
        Malicious:false
        Reputation:unknown
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.4./.0.3./.2.0.2.5. . .1.3.:.3.9.:.2.1. .=.=.=.....

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-03-24 13-39-16-142.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.353642815103214
        Encrypted:false
        SSDEEP:
        MD5:91F06491552FC977E9E8AF47786EE7C1
        SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
        SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
        SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
        Malicious:false
        Reputation:unknown
        Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15114
        Entropy (8bit):5.349033637791505
        Encrypted:false
        SSDEEP:
        MD5:EB5B2CDE564D871AF5B140031549773D
        SHA1:C5F6F4BBB16537E65D9847E51C3417B764C60681
        SHA-256:D49A315264A688BA0C2B355A682955A095CE398341346EC6601B9BAF31D65E19
        SHA-512:EAFF0CD11CE3CC1EA42C9733264B5D09D5B0EBDB3FDF28B15A6D5F4F79D8C79E351E225406A42C60233A3CBBF51E978F604D45DDBA96B2DDE3B8AFBA1B294B81
        Malicious:false
        Reputation:unknown
        Preview:SessionID=728f585a-9e59-45c2-9781-2eef752d61ea.1742837956153 Timestamp=2025-03-24T13:39:16:153-0400 ThreadID=6216 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=728f585a-9e59-45c2-9781-2eef752d61ea.1742837956153 Timestamp=2025-03-24T13:39:16:155-0400 ThreadID=6216 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=728f585a-9e59-45c2-9781-2eef752d61ea.1742837956153 Timestamp=2025-03-24T13:39:16:155-0400 ThreadID=6216 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=728f585a-9e59-45c2-9781-2eef752d61ea.1742837956153 Timestamp=2025-03-24T13:39:16:155-0400 ThreadID=6216 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=728f585a-9e59-45c2-9781-2eef752d61ea.1742837956153 Timestamp=2025-03-24T13:39:16:155-0400 ThreadID=6216 Component=ngl-lib_NglAppLib Description="SetConf

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29752
        Entropy (8bit):5.423527945150846
        Encrypted:false
        SSDEEP:
        MD5:0D73EB29B05BB50EA9C2F87437064121
        SHA1:9541DC6BC30C17C03D927C0C7F1810DF06262356
        SHA-256:A3D7C929FEEB45C6C661B2375E0BD0F287117320D8B2E2CD9253EBA99E063D35
        SHA-512:D8B9AE757D10FBEDAA2A19B5239D14B4D74E963B433CEF636A7876BD94A0410D5D942C1CC8929ED00E57F90E9270A1D267AC634E774DEF7307977F4BF47352F2
        Malicious:false
        Reputation:unknown
        Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

        C:\Users\user\AppData\Local\Temp\acrocef_low\51c5319e-fcae-4ded-a54b-ca599f8ab4a0.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:
        MD5:41EF2DA482E9E37E9F44C763CA22D091
        SHA1:CEDE4E555D41EA8577A66D77E8CBF84ADFFB9839
        SHA-256:14411719CA954470A6603FF9DBE057D7D3396594BD57662C91CA8D21ED302896
        SHA-512:3DA47F41BC7F4533DB61CFBF3BDA7477B7B0660312BE7CDA468B64028B6E6EC144B9E8760EBB8EA08FF888770C851670A41E7F213E182FB602C3F67F86E96A56
        Malicious:false
        Reputation:unknown
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\8039f22a-9add-49d0-bd22-a8ab7ec0b63b.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Reputation:unknown
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

        C:\Users\user\AppData\Local\Temp\acrocef_low\8ebd75e2-0990-4e6e-be75-5161f6c84448.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Reputation:unknown
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

        C:\Users\user\AppData\Local\Temp\acrocef_low\f756597d-e5ac-4475-b133-d414529411aa.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:
        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
        Malicious:false
        Reputation:unknown
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        Static File Info

        General

        File type:PDF document, version 1.4, 1 pages
        Entropy (8bit):7.944956638900619
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:Final-Payment-Doc#243414512.pdf
        File size:103'957 bytes
        MD5:50ecb9ff5a65893f2c9957c4535dbce1
        SHA1:c3d35b941259ae9898dd4a83705e6e0cc5b58159
        SHA256:56091ae2d7b7305877be530278a3ee3487ddab73dbb4cd26aa04e9aa8c6438e9
        SHA512:5c0f3e77c3453599d9854456762f6dcb8a48bffdb1de19375d249a99144b509ff2a36f99a10062bfd7b82654d445d00da3876af1d2d32979aa7dfffa114102c9
        SSDEEP:3072:j/ZSC1sGVfShNHfg5C7CQVXl2ZM9tz83a74r2Ta8VKFNtm9X:1p1Tf5Q7CgV48Mq4VSKFNE
        TLSH:E0A3E179F905ED5DFA98C866A73D388D8E6CB23B1FDC7055042A0D55E900B687B322CE
        File Content Preview:%PDF-1.4.%.....1 0 obj.<</Title (8MF0-LXOT0C-KUQ3)./Creator (Mozilla/5.0 \(Windows NT 10.0; Win64; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) HeadlessChrome/134.0.0.0 Safari/537.36)./Producer (Skia/PDF m134)./CreationDate (D:20250324162515+00'00')./Mo

        File Icon

        Icon Hash:62cc8caeb29e8ae0

        Static PDF Info

        General

        Header:%PDF-1.4
        Total Entropy:7.944957
        Total Bytes:103957
        Stream Entropy:7.995248
        Stream Bytes:93792
        Entropy outside Streams:5.197584
        Bytes outside Streams:10165
        Number of EOF found:1
        Bytes after EOF:
        NameCount
        obj63
        endobj63
        stream14
        endstream14
        xref1
        trailer1
        startxref1
        /Page1
        /Encrypt0
        /ObjStm0
        /URI2
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0
        IDDHASHMD5Preview
        4000000000000000079d3dc8689f1c4946b373c9fda32b7e9
        60000000000000000775b9ef77ebc06454487b7a167b4b69a