Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
INV DATE 2024-10-10.PDF

Overview

General Information

Sample name:INV DATE 2024-10-10.PDF
Analysis ID:1528236
MD5:052eccd4d81f51a1e378f8783d53ca29
SHA1:2ad1980db04418a8acfc332801c62b59c9c6bdd6
SHA256:5f259b1fafa1326d6e0e2fd20241a66a14497c48944e7c7305aea7a960485422
Infos:

Detection

Score:20
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

AI detected landing page (webpage, office document or email)
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 5908 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\INV DATE 2024-10-10.PDF" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3144 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6616 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1768,i,14924749618235048181,3521255610170869817,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: Joe Sandbox ViewIP Address: 23.195.76.153 23.195.76.153
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: sus20.winPDF@14/36@0/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6660Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 11-17-15-179.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\INV DATE 2024-10-10.PDF"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1768,i,14924749618235048181,3521255610170869817,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1768,i,14924749618235048181,3521255610170869817,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: INV DATE 2024-10-10.PDFInitial sample: PDF keyword /JS count = 0
Source: INV DATE 2024-10-10.PDFInitial sample: PDF keyword /JavaScript count = 0
Source: INV DATE 2024-10-10.PDFInitial sample: PDF keyword /EmbeddedFile count = 0

Persistence and Installation Behavior

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentLLM: Page contains button: 'INVOICE TOTAL AMOUNT DUE: USD' Source: 'PDF document'
Source: PDF documentLLM: PDF document contains prominent button: 'invoice total amount due: usd'
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1528236 Sample: INV DATE 2024-10-10.PDF Startdate: 07/10/2024 Architecture: WINDOWS Score: 20 16 AI detected landing page (webpage, office document or email) 2->16 7 Acrobat.exe 17 72 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started        dnsIp6 14 23.195.76.153 NTT-COMMUNICATIONS-2914US United States 11->14

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
23.195.76.153
unknownUnited States
2914NTT-COMMUNICATIONS-2914USfalse

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1528236
Start date and time:2024-10-07 17:16:17 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 4s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:9
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:INV DATE 2024-10-10.PDF
Detection:SUS
Classification:sus20.winPDF@14/36@0/1
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .PDF
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 18.207.85.246, 34.193.227.236, 107.22.247.231, 54.144.73.197, 162.159.61.3, 172.64.41.3, 2.23.197.184, 93.184.221.240, 2.19.126.143, 2.19.126.149, 192.168.2.5, 23.219.161.132
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, wu.azureedge.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
  • Report size getting too big, too many NtCreateFile calls found.
  • VT rate limit hit for: INV DATE 2024-10-10.PDF

Simulations

Behavior and APIs

TimeTypeDescription
11:17:25API Interceptor3x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

InputOutput
URL: PDF document Model: jbxai
{
"brand":["Aston Carter"],
"contains_trigger_text":true,
"trigger_text":"INVOICE TOTAL AMOUNT DUE: USD",
"prominent_button_name":"INVOICE TOTAL AMOUNT DUE: USD",
"text_input_field_labels":["Contractor",
"Date",
"Type",
"Qty",
"Rate",
"Total"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"PLEASE REMIT TO: ASTON CARTER,
 INC. P.O. BOX 7410408 CHICAGO IL 60674-0408 UNITED STATES AMERIS BANK BOGGS,
 DAVID 3500 PIEDMONT RD NE SUITE 500 ATLANTA AL 30305 For Billing Inquiries Call Merton,
Stone at 866-887-0244 ext 904/489-3205 E-Mail: smerton@actalentservices.com Contractor Date Type Qty Rate Total Wallace,
Wesley A 09/28/24 REG 40.00 71.00 2,
840.00 INVOICE TOTAL AMOUNT DUE: USD 2,
840.00",
"has_visible_qrcode":false}

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
23.195.76.153Open 99 Restaurants Benefits Enrollment.pdfGet hashmaliciousHTMLPhisherBrowse
    DOC-72212087.pdfGet hashmaliciousHTMLPhisherBrowse
      [EXTERNAL] Complete with AdobeSignPDF_ Approve and Sign TRCOT.emlGet hashmaliciousUnknownBrowse
        Secured Doc-[uiC-22723].pdfGet hashmaliciousHTMLPhisherBrowse
          Secured Doc-[qnz-33059].pdfGet hashmaliciousHTMLPhisherBrowse

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            NTT-COMMUNICATIONS-2914USx86.elfGet hashmaliciousMiraiBrowse
            • 206.86.202.118
            na.elfGet hashmaliciousMirai, OkiruBrowse
            • 205.24.240.88
            na.elfGet hashmaliciousMirai, OkiruBrowse
            • 206.239.51.236
            na.elfGet hashmaliciousMirai, OkiruBrowse
            • 206.163.104.103
            na.elfGet hashmaliciousMirai, OkiruBrowse
            • 205.53.193.253
            na.elfGet hashmaliciousMirai, OkiruBrowse
            • 204.156.18.61
            na.elfGet hashmaliciousMiraiBrowse
            • 206.86.219.242
            na.elfGet hashmaliciousMiraiBrowse
            • 207.198.205.60
            na.elfGet hashmaliciousMiraiBrowse
            • 128.121.236.119
            na.elfGet hashmaliciousMiraiBrowse
            • 157.239.48.47

            JA3 Fingerprints

            No context

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.158027212841806
            Encrypted:false
            SSDEEP:6:XUaq2P92nKuAl9OmbnIFUt8AUfZZmw+AUfzkwO92nKuAl9OmbjLJ:Xfv4HAahFUt8AY/+AA5LHAaSJ
            MD5:ABA7CAB37E0345BC24792098A6755AA0
            SHA1:6CE9FB00C93A1A75E591AD4C2D6AED5A2F029509
            SHA-256:75798589997C6FC8612D623E91FEBEBB0D1C191A06835458B1518E4705E67E49
            SHA-512:1A5827C2C4F10216794A8AAF5FEA1DA99E547F31B1F6FC8B7FDEC4BFE9FE44DBD07C32B2F2F8B777BC0EBB9F6BEC149FABD4D36EB105E7F8F5D832FFB02E3A0F
            Malicious:false
            Reputation:low
            Preview:2024/10/07-11:17:12.830 7c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-11:17:12.832 7c4 Recovering log #3.2024/10/07-11:17:12.832 7c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):291
            Entropy (8bit):5.158027212841806
            Encrypted:false
            SSDEEP:6:XUaq2P92nKuAl9OmbnIFUt8AUfZZmw+AUfzkwO92nKuAl9OmbjLJ:Xfv4HAahFUt8AY/+AA5LHAaSJ
            MD5:ABA7CAB37E0345BC24792098A6755AA0
            SHA1:6CE9FB00C93A1A75E591AD4C2D6AED5A2F029509
            SHA-256:75798589997C6FC8612D623E91FEBEBB0D1C191A06835458B1518E4705E67E49
            SHA-512:1A5827C2C4F10216794A8AAF5FEA1DA99E547F31B1F6FC8B7FDEC4BFE9FE44DBD07C32B2F2F8B777BC0EBB9F6BEC149FABD4D36EB105E7F8F5D832FFB02E3A0F
            Malicious:false
            Reputation:low
            Preview:2024/10/07-11:17:12.830 7c4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-11:17:12.832 7c4 Recovering log #3.2024/10/07-11:17:12.832 7c4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):335
            Entropy (8bit):5.098641081567132
            Encrypted:false
            SSDEEP:6:Xd+q2P92nKuAl9Ombzo2jMGIFUt8A9hZmw+AWVkwO92nKuAl9Ombzo2jMmLJ:Xd+v4HAa8uFUt8A9h/+AWV5LHAa8RJ
            MD5:8C4F624E9F32EB81BB02A42B3FD3467F
            SHA1:346515C21AC021C991C2B4706CED1A57011F0774
            SHA-256:1D140AB1631326646E5CDEACAF2E28051CA94E9B42A423A9747B936D5F798D9D
            SHA-512:F6A97F46E2A4B5A250B1F023D67854307C1BA2B11CD16C21D7ACC23221BE85CE46FC9DA3B6F5920D297E832C5AB8A13C99FC3D84B0125C890CA61D4A98915E09
            Malicious:false
            Reputation:low
            Preview:2024/10/07-11:17:12.909 e2c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-11:17:12.910 e2c Recovering log #3.2024/10/07-11:17:12.911 e2c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):335
            Entropy (8bit):5.098641081567132
            Encrypted:false
            SSDEEP:6:Xd+q2P92nKuAl9Ombzo2jMGIFUt8A9hZmw+AWVkwO92nKuAl9Ombzo2jMmLJ:Xd+v4HAa8uFUt8A9h/+AWV5LHAa8RJ
            MD5:8C4F624E9F32EB81BB02A42B3FD3467F
            SHA1:346515C21AC021C991C2B4706CED1A57011F0774
            SHA-256:1D140AB1631326646E5CDEACAF2E28051CA94E9B42A423A9747B936D5F798D9D
            SHA-512:F6A97F46E2A4B5A250B1F023D67854307C1BA2B11CD16C21D7ACC23221BE85CE46FC9DA3B6F5920D297E832C5AB8A13C99FC3D84B0125C890CA61D4A98915E09
            Malicious:false
            Reputation:low
            Preview:2024/10/07-11:17:12.909 e2c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-11:17:12.910 e2c Recovering log #3.2024/10/07-11:17:12.911 e2c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\734f3dd5-c39e-481c-9c18-44507923aa88.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:modified
            Size (bytes):508
            Entropy (8bit):5.057386895832011
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqJDksBdOg2HpVOgcaq3QYiubxnP7E4T3OF+:Y2sRdsAddMHpVu3QYhbxP7nbI+
            MD5:99F6041A4E1D763DD210877B7EF73D37
            SHA1:0F9D9664C5A8292E4B5812B14E83FD17F693DE9B
            SHA-256:F00097630DE84CDF03072E627F8FA595F4443AFE6B1EE672F5E13083B8E79096
            SHA-512:D25A25FAFC664F6B5CBE227667DD375186AE77A7D1FF37451688F66920EE981BB4E9EF56E45168C61EB49B51B1B5A81F720C90B2F3981EB0242A86CD8746D03F
            Malicious:false
            Reputation:low
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372874245430340","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":231760},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):508
            Entropy (8bit):5.057386895832011
            Encrypted:false
            SSDEEP:12:YH/um3RA8sqJDksBdOg2HpVOgcaq3QYiubxnP7E4T3OF+:Y2sRdsAddMHpVu3QYhbxP7nbI+
            MD5:99F6041A4E1D763DD210877B7EF73D37
            SHA1:0F9D9664C5A8292E4B5812B14E83FD17F693DE9B
            SHA-256:F00097630DE84CDF03072E627F8FA595F4443AFE6B1EE672F5E13083B8E79096
            SHA-512:D25A25FAFC664F6B5CBE227667DD375186AE77A7D1FF37451688F66920EE981BB4E9EF56E45168C61EB49B51B1B5A81F720C90B2F3981EB0242A86CD8746D03F
            Malicious:false
            Reputation:low
            Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372874245430340","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":231760},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):4509
            Entropy (8bit):5.234732253771931
            Encrypted:false
            SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLU0NFZVgNTZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL+
            MD5:CF26DBAEB7F70786239354FA75271DEC
            SHA1:0D483414E2BDF454D7A58ABA6F59F2F3051262D2
            SHA-256:47D07B305FB1B0F6454957B05A316F85EE01DFD2361141B50B551FC61370E8D8
            SHA-512:92F1B639B869926BB0CBB93FF8C472B08008C9E42ECA4C7FB24E904F818C3568A42CBD35A9364517FEFDDB7CF0E13E08559AB62732538006AAD88A63ED3CBFE0
            Malicious:false
            Reputation:low
            Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):323
            Entropy (8bit):5.095045168182769
            Encrypted:false
            SSDEEP:6:g+q2P92nKuAl9OmbzNMxIFUt89ZZmw+9NVkwO92nKuAl9OmbzNMFLJ:g+v4HAa8jFUt8P/+PV5LHAa84J
            MD5:8EBC479429C4E9B397118229DEAE49F3
            SHA1:B88BC0684D4701D7BEA12194979471BF6DBC0391
            SHA-256:7BFB43EC061AC65DD6382A18BF77D9A53F883955BB07BB644B8DFF886614065D
            SHA-512:0694C16455BA0178DA9ECCC6021013A6DF4CF80595312EE2C66F172937B64AE6E10C7826E92AAB45EB7F6D8B2075A5475822ACB36D26D5161F970CC07D6572E0
            Malicious:false
            Reputation:low
            Preview:2024/10/07-11:17:13.031 e2c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-11:17:13.033 e2c Recovering log #3.2024/10/07-11:17:13.033 e2c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):323
            Entropy (8bit):5.095045168182769
            Encrypted:false
            SSDEEP:6:g+q2P92nKuAl9OmbzNMxIFUt89ZZmw+9NVkwO92nKuAl9OmbzNMFLJ:g+v4HAa8jFUt8P/+PV5LHAa84J
            MD5:8EBC479429C4E9B397118229DEAE49F3
            SHA1:B88BC0684D4701D7BEA12194979471BF6DBC0391
            SHA-256:7BFB43EC061AC65DD6382A18BF77D9A53F883955BB07BB644B8DFF886614065D
            SHA-512:0694C16455BA0178DA9ECCC6021013A6DF4CF80595312EE2C66F172937B64AE6E10C7826E92AAB45EB7F6D8B2075A5475822ACB36D26D5161F970CC07D6572E0
            Malicious:false
            Reputation:low
            Preview:2024/10/07-11:17:13.031 e2c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-11:17:13.033 e2c Recovering log #3.2024/10/07-11:17:13.033 e2c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007151717Z-158.bmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
            Category:dropped
            Size (bytes):71190
            Entropy (8bit):0.9982362239128421
            Encrypted:false
            SSDEEP:192:BNkO+cvPxUj6MHi8c1Cc0SLMEsaUtkzMHdkdaMu/OFzIa2QPSY:PjvPxUj5PSL/7RMHdk06FzYQPz
            MD5:AA406CA87B23F8310E43BA690F14F6FB
            SHA1:CDA99EE901A2DDDC7FA859D4A855020C71CEC4FC
            SHA-256:66E65398C8CA5D1DB60CB6AE6DCD1C2E91C910DC55D9CB09F8030EF6AAFF8F16
            SHA-512:762B1EC2A56722F7AE7EEC18A391BC3DAAC4466DEEA4D3AE15C72D909B985B28C32B615C9F1C53F972ADD1A1BAF9EAD1FA96760BE98A6747BC27ADCC960AFB55
            Malicious:false
            Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 4, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 4
            Category:dropped
            Size (bytes):57344
            Entropy (8bit):3.2934188940827513
            Encrypted:false
            SSDEEP:192:PedRBsVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:Pemci5H5FY+EUUUTTcHqFzqFP
            MD5:BBFA5ED2704FE584F26033420BE55E6E
            SHA1:721D72E0E80AE53C1BC0A79F19CDB73A41F0CBCF
            SHA-256:B4A7592156EEDCE97F36DD1B259A9D68F7C52E5DAC303EEC39E83A0F97DFF0C4
            SHA-512:1E904E5AC771798121DAFA026B79C06A6AEEC2476751C6FA059EE0D31E1D319D5416FE8AFC896109C201429D1795323A5052E6A2F7D43664E8E33CD4CBD3F5B1
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):2.2101063057330013
            Encrypted:false
            SSDEEP:24:7+tJiTwKssWqLKzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9m:7MsEqOmFTIF3XmHjBoGGR+jMz+LhQ
            MD5:41E3C663EC023873DF3A9336143CCB89
            SHA1:32361CDC824211A7A6A725B0AD55952C598A975E
            SHA-256:DDBF596B30FB46CF8AE50B4161541673793AF60D1575F41CB8AE8FE020929015
            SHA-512:BC9EDAB1AEEBC5D86F9155986E71668AB519C3F5178AE8C550DAC600BEBCC1C20BE006D065A120FE2870F350D3E35BED23F1E28F72AE3E4924D464643F1E7EC4
            Malicious:false
            Preview:.... .c.......r.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Certificate, Version=3
            Category:dropped
            Size (bytes):1391
            Entropy (8bit):7.705940075877404
            Encrypted:false
            SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
            Malicious:false
            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
            Category:dropped
            Size (bytes):71954
            Entropy (8bit):7.996617769952133
            Encrypted:true
            SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
            Malicious:false
            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:dropped
            Size (bytes):192
            Entropy (8bit):2.7569015731729736
            Encrypted:false
            SSDEEP:3:kkFklOpqhp9+klfllXlE/HT8kjzvNNX8RolJuRdxLlGB9lQRYwpDdt:kKXpq0kmT8opNMa8RdWBwRd
            MD5:504AD14E71101E45D3B8CD50AF1FB93B
            SHA1:E0E0E1F4F3CD5ECC6EB7AD3A313DC106C7EC6DE0
            SHA-256:481325EE9AAC702808B8FDB544261DD9DB25CE18D864230E2F45368BF2307625
            SHA-512:DDD5B918E6F1EEFD2C9972BE67186E47458BC33E0ADDD16ED08546CB7AC38094D48FDD23ACC79C9A94940584CED0F26E1B471F3D74082EF9B776DCFEEF76BCE4
            Malicious:false
            Preview:p...... .........L......(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:data
            Category:modified
            Size (bytes):328
            Entropy (8bit):3.1440865988908953
            Encrypted:false
            SSDEEP:6:kK9F9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:VsDnLNkPlE99SNxAhUe/3
            MD5:2C327D6D3CC5A5135FD0BF2040BD04F3
            SHA1:3AF907B1B513E24AE360B4B6F99FED1C7FB7D8AB
            SHA-256:3CF89169E034CF8C62575EBD6D86A7A1E2F30AE153E342F0B89FEC7BC5DCD6F5
            SHA-512:3EED7BDCABB5606AC8580D66F1F2ABBAFE93A0DFE5B4108AB641B0FA78B46AC21C21AD1FA47D43FFDF2F824469BA0176C39B0E5CF53316581C38E78D60132434
            Malicious:false
            Preview:p...... .........U](....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6660

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):185099
            Entropy (8bit):5.182478651346149
            Encrypted:false
            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
            MD5:94185C5850C26B3C6FC24ABC385CDA58
            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:PostScript document text
            Category:dropped
            Size (bytes):185099
            Entropy (8bit):5.182478651346149
            Encrypted:false
            SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
            MD5:94185C5850C26B3C6FC24ABC385CDA58
            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
            Malicious:false
            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):4
            Entropy (8bit):0.8112781244591328
            Encrypted:false
            SSDEEP:3:e:e
            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
            Malicious:false
            Preview:....

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:JSON data
            Category:dropped
            Size (bytes):2145
            Entropy (8bit):5.069812983464617
            Encrypted:false
            SSDEEP:24:YFuyT3QJGm27XHZ2LSCt7aZna0TNpnayGZmmuBJvbZW4xCZqu20Z+nZO8ZMCCDxN:Y1TAwmWXZYEtoitbRCwu20wD+JliWxao
            MD5:96B18D23D5B4D31F1753C332652B0F49
            SHA1:BE21C723706652FC6EA8800E3A13140A9415CB01
            SHA-256:BEC5D48ACEC447535504C5030ACB396994D58FB1E655C6462496568530149D8F
            SHA-512:55C2FCEE5FE3767E47253F1433473D21475B7C543DD991AAA90620F8E68F1F8DA5BE9F00D504B172BE712E1D2BB7AB811AAF54D015FCD3BA0C69B29E957B1189
            Malicious:false
            Preview:{"all":[{"id":"TESTING","info":{"dg":"DG","sid":"TESTING"},"mimeType":"file","size":4,"ts":1728314235000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"d550de899f04b5f1cb01c3a7438d5d96","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1696428962000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cfa45c7829b86b94abc8cd788add6752","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696428962000},{"id":"DC_FirstMile_Right_Sec_Surface","info":{"dg":"2dd86d6e5f99203c47dd099f6b5e82b8","sid":"DC_FirstMile_Right_Sec_Surface"},"mimeType":"file","size":294,"ts":1696428955000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"3ef850c86adcfefa30feaf6c5c1404b1","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1696426848000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"955b63af1bb125ce44faeb9a35adb91d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1250,"ts":1696426848000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg"

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
            Category:dropped
            Size (bytes):12288
            Entropy (8bit):1.0035038802300882
            Encrypted:false
            SSDEEP:48:TGufl2GL7msvgOZZApZhnZAuwlZaXlZ8lZBZ/jZt:lNVmsIOZOpnnO5oCDxr
            MD5:A14B00516A84FC8A96A9C7C9B102598E
            SHA1:519AEAF3592CB1729927EF2C1EE1DD5EAEF91B5E
            SHA-256:A8DF9EE9B6B8D4D5721A5A30C90E71384484DE71025677DDEE652B43D3FC6F4F
            SHA-512:7365785EA367DBDB77AEA1280183040A13ED80544E7D1DAC61D5B089849FEC1BBA4338E25BDA0D3E61A0AB836632910F03BEC3DE2FCD7D8A990ED2D736052459
            Malicious:false
            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:SQLite Rollback Journal
            Category:dropped
            Size (bytes):8720
            Entropy (8bit):1.3686255507734744
            Encrypted:false
            SSDEEP:48:7MCgOVplZhnZAuwlZaXlZ8lZBZ/jZIqFl2GL7msP:7WOVplnnO5oCDx+KVmsP
            MD5:97C5324FADA512B8FE11B16FD3D08E41
            SHA1:3ED94FE2CECA1AF130FBC5EE1E792892DDF35B74
            SHA-256:162A9E3B6BC4BE634CB4E1CBFC5D9DE67AC30ED06440F330E8000EDF30CA03CD
            SHA-512:88F02283F9AF9F958E8E41DBCD28A7EC4B97071A3D776D5B81DEA8B7F68D8D1C504C72570CDB250698EE031FB24827CFACA979780A8C70B9DD0D5A2945FB6E0B
            Malicious:false
            Preview:.... .c......*.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#...z.>.....}.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\MSIe4887.LOG

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):246
            Entropy (8bit):3.4841540457826223
            Encrypted:false
            SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqPlYH:Qw946cPbiOxDlbYnuRKT5YH
            MD5:A1EC6FFA96695A6CEE634879002C459E
            SHA1:32492C4C489E395096A46D4C81C2740455CE2191
            SHA-256:7D681923FAFF3E1F35E299AEAC2A2573376AA1A745D654DF8405A366C4B1FA5E
            SHA-512:E9E573779B898BDD400599A3099A876C5931436A7138E4E31EF44D0FA077FDE0C145770975A3004B041BFBF5A0FE2E2E1C9CC611A0961F364D0070F8DF255519
            Malicious:false
            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.1.:.1.7.:.2.0. .=.=.=.....

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9691e3i_1phpnrp_550.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
            Category:dropped
            Size (bytes):144514
            Entropy (8bit):7.992637131260696
            Encrypted:true
            SSDEEP:3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
            MD5:BA1716D4FB435DA6C47CE77E3667E6A8
            SHA1:AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
            SHA-256:AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
            SHA-512:65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
            Malicious:false
            Preview:PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..|....,.A.....Z..a<.C._..../G|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9e65nr8_1phpnro_550.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
            Category:dropped
            Size (bytes):144514
            Entropy (8bit):7.992637131260696
            Encrypted:true
            SSDEEP:3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
            MD5:BA1716D4FB435DA6C47CE77E3667E6A8
            SHA1:AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
            SHA-256:AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
            SHA-512:65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
            Malicious:false
            Preview:PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..|....,.A.....Z..a<.C._..../G|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 11-17-15-179.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393)
            Category:dropped
            Size (bytes):16525
            Entropy (8bit):5.376360055978702
            Encrypted:false
            SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
            MD5:1336667A75083BF81E2632FABAA88B67
            SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
            SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
            SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
            Malicious:false
            Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with very long lines (393), with CRLF line terminators
            Category:dropped
            Size (bytes):15114
            Entropy (8bit):5.363617230518761
            Encrypted:false
            SSDEEP:384:q9bQZQiQBQPQshPDhEhZh7heQh7hsh5hmhnbabWb8OIOJONOGOnO7N3O3u3E3SGz:qNe/WKLRDmfxEQpW3IJOSIVwgrYueeUn
            MD5:25B770006E93270DE6DB366A9F09E6FA
            SHA1:080F7BF531999E6DBD8B433826227391882E2603
            SHA-256:D8B2F28678751DBC54D00BC326CA4DFD2C44F187D22375E4C4A7EDAC159D0BF9
            SHA-512:EE6EDE198472370382F616F317F22AD6D794D5E1CD4C51E38B8CD2A57D44B19F8F3628B305711CBBC73CEB1203E601309F979FD97DCDEA38AE35E8DB3D087E3A
            Malicious:false
            Preview:SessionID=eb1cf40a-96fd-4c9b-aa2e-ddfc5d0bb5c3.1728314235198 Timestamp=2024-10-07T11:17:15:198-0400 ThreadID=7456 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=eb1cf40a-96fd-4c9b-aa2e-ddfc5d0bb5c3.1728314235198 Timestamp=2024-10-07T11:17:15:199-0400 ThreadID=7456 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=eb1cf40a-96fd-4c9b-aa2e-ddfc5d0bb5c3.1728314235198 Timestamp=2024-10-07T11:17:15:199-0400 ThreadID=7456 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=eb1cf40a-96fd-4c9b-aa2e-ddfc5d0bb5c3.1728314235198 Timestamp=2024-10-07T11:17:15:199-0400 ThreadID=7456 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=eb1cf40a-96fd-4c9b-aa2e-ddfc5d0bb5c3.1728314235198 Timestamp=2024-10-07T11:17:15:199-0400 ThreadID=7456 Component=ngl-lib_NglAppLib Description="SetConf

            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):29752
            Entropy (8bit):5.399930340351063
            Encrypted:false
            SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbF:h
            MD5:7C14A043D1FB7BF30F89A30B8EFC97D1
            SHA1:A5A26B388E3201DC2B073EBB453518872C47417F
            SHA-256:8F74AF9A40F3D005B031455D0BB8F0AC8077B345C49DE99BA221896D88C9FD08
            SHA-512:F7E267AE87A28371994A5534A25519E1A926D70EFB9FB73D5E6ED3725E59A4F6A66BAA65EA925098FA06A7AAFE255B506CE285F71F53CC956E3D29CB07D46971
            Malicious:false
            Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

            C:\Users\user\AppData\Local\Temp\acrocef_low\0e480909-4257-4ad5-906a-1d77329f9a7c.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
            Category:dropped
            Size (bytes):1407294
            Entropy (8bit):7.97605879016224
            Encrypted:false
            SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
            MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
            SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
            SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
            SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
            Malicious:false
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\3c40730a-9f93-4717-9862-a3ea68901a2b.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
            Category:dropped
            Size (bytes):758601
            Entropy (8bit):7.98639316555857
            Encrypted:false
            SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
            MD5:3A49135134665364308390AC398006F1
            SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
            SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
            SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
            Malicious:false
            Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

            C:\Users\user\AppData\Local\Temp\acrocef_low\5574cda6-c6e4-426d-8b3b-d5e14d87c46b.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
            Category:dropped
            Size (bytes):1419751
            Entropy (8bit):7.976496077007677
            Encrypted:false
            SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
            MD5:18E3D04537AF72FDBEB3760B2D10C80E
            SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
            SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
            SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
            Malicious:false
            Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

            C:\Users\user\AppData\Local\Temp\acrocef_low\a2ac9ed3-ee4e-451c-977f-0f4fc3dfc41d.tmp

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
            Category:dropped
            Size (bytes):386528
            Entropy (8bit):7.9736851559892425
            Encrypted:false
            SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
            MD5:5C48B0AD2FEF800949466AE872E1F1E2
            SHA1:337D617AE142815EDDACB48484628C1F16692A2F
            SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
            SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
            Malicious:false
            Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ASCII text
            Category:dropped
            Size (bytes):24
            Entropy (8bit):3.66829583405449
            Encrypted:false
            SSDEEP:3:So6FwHn:So6FwHn
            MD5:DD4A3BD8B9FF61628346391EA9987E1D
            SHA1:474076C122CACAAF112469FC62976BB69187AA2B
            SHA-256:7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
            SHA-512:FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
            Malicious:false
            Preview:<</Settings [/c <<>>].>>

            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):98682
            Entropy (8bit):6.445287254681573
            Encrypted:false
            SSDEEP:1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
            MD5:7113425405A05E110DC458BBF93F608A
            SHA1:88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
            SHA-256:7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
            SHA-512:6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
            Malicious:false
            Preview:0...u0...\...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:data
            Category:dropped
            Size (bytes):737
            Entropy (8bit):7.501268097735403
            Encrypted:false
            SSDEEP:12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
            MD5:5274D23C3AB7C3D5A4F3F86D4249A545
            SHA1:8A3778F5083169B281B610F2036E79AEA3020192
            SHA-256:8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
            SHA-512:FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
            Malicious:false
            Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R*.......~....)....i.*n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

            C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

            Download File
            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            File Type:ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
            Category:dropped
            Size (bytes):14456
            Entropy (8bit):4.2098179599164975
            Encrypted:false
            SSDEEP:192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ
            MD5:32FCA302C8B872738373D7CCB1E75FD4
            SHA1:DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1
            SHA-256:CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6
            SHA-512:57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F
            Malicious:false
            Preview:%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R]/NextID 1006/Type/AddressBook>>/Type/PPK/User<</Type/User>>/V 65537>>/Type/Catalog>>.endobj.2 0 obj.<</ABEType 1/Cert<308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F74204341301E170D3033303130383233333732335A170D3233303130393030303732335A3069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CC4F5484F7A7A2E733537F3F9C12886B2C9947677E0F1EB9AD1488F9C310D81DF0F0D59F690A2F5935B0CC6CA94C9C15A09FCE20BFA0CF54E2E02066453F3986387E9CC48E0722C624F60112B035DF55EA6990B

            Static File Info

            General

            File type:PDF document, version 1.6 (zip deflate encoded)
            Entropy (8bit):7.68565438600001
            TrID:
            • Adobe Portable Document Format (5005/1) 100.00%
            File name:INV DATE 2024-10-10.PDF
            File size:68'357 bytes
            MD5:052eccd4d81f51a1e378f8783d53ca29
            SHA1:2ad1980db04418a8acfc332801c62b59c9c6bdd6
            SHA256:5f259b1fafa1326d6e0e2fd20241a66a14497c48944e7c7305aea7a960485422
            SHA512:c9a4cfed7c490914cc732984adf040339a6ad35de2bec368da47b3d6eaa1f9808276644f95cc34c22082b8c254c678ccf5769f702b319b2df4763056ad5acf45
            SSDEEP:1536:Etttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttts:kf/Kole2hzyO85YTXMp
            TLSH:C56315DA9981DB48813A66C7DE2FCE050A8F03C95D4E1266B4EC0D8FBF9085535DF29E
            File Content Preview:%PDF-1.6.%......10 0 obj.<</Linearized 1/L 68357/O 12/E 22383/N 2/T 68053/H [ 437 143]>>.endobj. ..15 0 obj.<</DecodeParms<</Columns 3/Predictor 12>>/Filter/FlateDecode/ID[<0ED218DD0FAEA04FB9AED6D6D649614B><79CBF9050197384D89A669D8CE07301

            File Icon

            Icon Hash:62cc8caeb29e8ae0

            Static PDF Info

            General

            Header:%PDF-1.6
            Total Entropy:7.685654
            Total Bytes:68357
            Stream Entropy:7.681620
            Stream Bytes:66458
            Entropy outside Streams:5.374237
            Bytes outside Streams:1899
            Number of EOF found:2
            Bytes after EOF:

            Keywords Statistics

            NameCount
            obj14
            endobj14
            stream10
            endstream10
            xref0
            trailer0
            startxref2
            /Page2
            /Encrypt0
            /ObjStm2
            /URI0
            /JS0
            /JavaScript0
            /AA0
            /OpenAction0
            /AcroForm0
            /JBIG2Decode0
            /RichMedia0
            /Launch0
            /EmbeddedFile0

            Image Streams

            IDDHASHMD5Preview
            349dd3169610000006146d5c9a86c9ce68d0b23e702505603

            Network Behavior

            No network behavior found

            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:11:17:11
            Start date:07/10/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\INV DATE 2024-10-10.PDF"
            Imagebase:0x7ff686a00000
            File size:5'641'176 bytes
            MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:2
            Start time:11:17:12
            Start date:07/10/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
            Imagebase:0x7ff6413e0000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:4
            Start time:11:17:12
            Start date:07/10/2024
            Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1768,i,14924749618235048181,3521255610170869817,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
            Imagebase:0x7ff6413e0000
            File size:3'581'912 bytes
            MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Disassembly

            No disassembly