Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
20241031_42900.pdf

Overview

General Information

Sample name:20241031_42900.pdf
Analysis ID:1546301
MD5:cca597e3e7b890b53f618a0799b1e35a
SHA1:9b58671cb688100522ddef83f326ed2b52aaf4bc
SHA256:4b06469b825e5012974fc3df431bd4206acf9555e704c90bf39df8482aa2526d
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Potential document exploit detected (performs DNS queries)
Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6012 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\20241031_42900.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6880 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7056 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1548,i,14624209966910695298,13864274561464179367,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-10-31T18:45:07.530655+010020229301A Network Trojan was detected4.245.163.56443192.168.2.1649708TCP
2024-10-31T18:45:45.415802+010020229301A Network Trojan was detected4.245.163.56443192.168.2.1649712TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.16:49708
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.245.163.56:443 -> 192.168.2.16:49712
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: bab99d41-6718-42b2-b1ab-abf2c0e21347.tmp.3.dr, f713f0b9-8d73-4f28-9f63-9826d0d14eef.tmp.3.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: classification engineClassification label: clean1.winPDF@15/48@3/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5724Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 13-44-55-651.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\20241031_42900.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1548,i,14624209966910695298,13864274561464179367,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1548,i,14624209966910695298,13864274561464179367,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 20241031_42900.pdfInitial sample: PDF keyword /JS count = 0
Source: 20241031_42900.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 20241031_42900.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1546301 Sample: 20241031_42900.pdf Startdate: 31/10/2024 Architecture: WINDOWS Score: 1 13 x1.i.lencr.org 2->13 7 Acrobat.exe 18 66 2->7         started        process3 process4 9 AcroCEF.exe 108 7->9         started        process5 11 AcroCEF.exe 6 9->11         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://chrome.cloudflare-dns.com0%URL Reputationsafe
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://chrome.cloudflare-dns.combab99d41-6718-42b2-b1ab-abf2c0e21347.tmp.3.dr, f713f0b9-8d73-4f28-9f63-9826d0d14eef.tmp.3.drfalse
    • URL Reputation: safe
    		unknown
    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
    • URL Reputation: safe
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1546301
    Start date and time:2024-10-31 18:44:23 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 3m 31s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:15
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:20241031_42900.pdf
    Detection:CLEAN
    Classification:clean1.winPDF@15/48@3/0
    Cookbook Comments:
    • Found application associated with file extension: .pdf

    Warnings

    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.5.13.197, 54.227.187.23, 52.202.204.11, 23.22.254.206, 93.184.221.240, 172.64.41.3, 162.159.61.3, 2.23.197.184, 23.32.184.135, 2.19.126.149, 2.19.126.143
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, wu.azureedge.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: 20241031_42900.pdf

    Simulations

    Behavior and APIs

    TimeTypeDescription
    13:45:06API Interceptor2x Sleep call for process: AcroCEF.exe modified

    LLM Input / Output

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):290
    Entropy (8bit):5.159682756692041
    Encrypted:false
    SSDEEP:6:MVq2PRN2nKuAl9OmbnIFUt8rKYgZmw+rKYIkwORN2nKuAl9OmbjLJ:MVvaHAahFUt8rBg/+rBI5JHAaSJ
    MD5:F407D73E886E8EB384F1169F31D310C0
    SHA1:470107CEAF1D3F57587541480B660A23A756FBFA
    SHA-256:F033A365FC2A0B9F4A8A5446681BD8ED72B906B8C9D462C4BA6C216EC8CB63A3
    SHA-512:59C1B63E9F5FBCFCC95584252C20AC748FE9E10AFB986BD540A2AA26A9E6208EBD95821AD751091EC572DD37107155C4F4D7DD8D4FF36C2DFF84C6856C5367A2
    Malicious:false
    Reputation:low
    Preview:2024/10/31-13:44:54.189 1b00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-13:44:54.192 1b00 Recovering log #3.2024/10/31-13:44:54.192 1b00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):290
    Entropy (8bit):5.159682756692041
    Encrypted:false
    SSDEEP:6:MVq2PRN2nKuAl9OmbnIFUt8rKYgZmw+rKYIkwORN2nKuAl9OmbjLJ:MVvaHAahFUt8rBg/+rBI5JHAaSJ
    MD5:F407D73E886E8EB384F1169F31D310C0
    SHA1:470107CEAF1D3F57587541480B660A23A756FBFA
    SHA-256:F033A365FC2A0B9F4A8A5446681BD8ED72B906B8C9D462C4BA6C216EC8CB63A3
    SHA-512:59C1B63E9F5FBCFCC95584252C20AC748FE9E10AFB986BD540A2AA26A9E6208EBD95821AD751091EC572DD37107155C4F4D7DD8D4FF36C2DFF84C6856C5367A2
    Malicious:false
    Reputation:low
    Preview:2024/10/31-13:44:54.189 1b00 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/31-13:44:54.192 1b00 Recovering log #3.2024/10/31-13:44:54.192 1b00 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):334
    Entropy (8bit):5.186915797526391
    Encrypted:false
    SSDEEP:6:xhcqq2PRN2nKuAl9Ombzo2jMGIFUt8OhQDXZmw+OhQDFkwORN2nKuAl9Ombzo2jz:xDvaHAa8uFUt8OCX/+OCF5JHAa8RJ
    MD5:4A3A9889039815F1292E6498515C3D61
    SHA1:2D4B57C63C3782A4ED4948C1AA2CF7DF212AC148
    SHA-256:47B6E9C901AD52B0F1EB95227EE647E701D0C15AD2355A57085A1B04D91FE76A
    SHA-512:6B22C119486E826BCDE61E82F6E57A2D5E6598088680B844FC3D8076A0696B51FE1BACF444634CBFA79E21B8616B2EF0DF6757D87C780B3E72B043214266124D
    Malicious:false
    Reputation:low
    Preview:2024/10/31-13:44:53.951 1b74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-13:44:53.955 1b74 Recovering log #3.2024/10/31-13:44:53.955 1b74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):334
    Entropy (8bit):5.186915797526391
    Encrypted:false
    SSDEEP:6:xhcqq2PRN2nKuAl9Ombzo2jMGIFUt8OhQDXZmw+OhQDFkwORN2nKuAl9Ombzo2jz:xDvaHAa8uFUt8OCX/+OCF5JHAa8RJ
    MD5:4A3A9889039815F1292E6498515C3D61
    SHA1:2D4B57C63C3782A4ED4948C1AA2CF7DF212AC148
    SHA-256:47B6E9C901AD52B0F1EB95227EE647E701D0C15AD2355A57085A1B04D91FE76A
    SHA-512:6B22C119486E826BCDE61E82F6E57A2D5E6598088680B844FC3D8076A0696B51FE1BACF444634CBFA79E21B8616B2EF0DF6757D87C780B3E72B043214266124D
    Malicious:false
    Reputation:low
    Preview:2024/10/31-13:44:53.951 1b74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/31-13:44:53.955 1b74 Recovering log #3.2024/10/31-13:44:53.955 1b74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF3efba8.TMP (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:moderate, very likely benign file
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\bab99d41-6718-42b2-b1ab-abf2c0e21347.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\f713f0b9-8d73-4f28-9f63-9826d0d14eef.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):403
    Entropy (8bit):4.994442521236535
    Encrypted:false
    SSDEEP:12:YHO8sq4PsBdOg2H1Zcaq3QYiubrP7E4T3y:YXsCdMH1g3QYhbz7nby
    MD5:6941C741320C8C02DD1C27299347054E
    SHA1:64C4F59C5644F808E47842B3064BC37760F5C33C
    SHA-256:003FB7FC5C700CBF57AF5D0A1E6C3957CF565F3F1982CD480DB71BEFFDB1B71C
    SHA-512:6A04056A383B16BC404C1F76EEEE06059623BBDCCD6B42A27433D855BCB89C2CD739C8DD0946C8B42FE82E458E9A6F0817315B85D407ADA8835595D0F0E55C93
    Malicious:false
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374956699769547","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":251072},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4099
    Entropy (8bit):5.229633808542083
    Encrypted:false
    SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xexx65V4:OLT0bTIeYa51Ogu/0OZARBT8kN88xx6I
    MD5:0B2D9428762015A7FF18EB415B96CF2B
    SHA1:93C8405404405B535493D0F02D51036BEE5A6F40
    SHA-256:66A0D9C0FE8518D0A918D4D370B4D3689BA54E1A73B51E64A60154C523FB4512
    SHA-512:5E091EC5CE1A99C2491C94A2B2FF22C3B3E2BFF8FE1420C7E65AA75F639D2CEBED045968A68332E97E24EBFB973B558660619533A94AD676B1832233BE1903F2
    Malicious:false
    Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):322
    Entropy (8bit):5.167824515637242
    Encrypted:false
    SSDEEP:6:qWKq2PRN2nKuAl9OmbzNMxIFUt8jsCZmw+jTCFkwORN2nKuAl9OmbzNMFLJ:tKvaHAa8jFUt8IC/+u5JHAa84J
    MD5:0FC5274758D86B81577A14DB93B3843E
    SHA1:8C6A05CEA60585D3284CFFB0227AD794E4B81278
    SHA-256:941C895567E0B2E86A3952AADC137271D8A791F14CA8A94FEBE6DAE2A616648F
    SHA-512:E1F02ED7B9419831A70B153521A268721E4306BA5F86EBE68F56B791B9AE74CA009B36B4A5C7206CCB6F890FEF284D0AC88DB5D1E9F6BFA3751E93221D58DEB3
    Malicious:false
    Preview:2024/10/31-13:44:54.238 1b74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-13:44:54.240 1b74 Recovering log #3.2024/10/31-13:44:54.241 1b74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):322
    Entropy (8bit):5.167824515637242
    Encrypted:false
    SSDEEP:6:qWKq2PRN2nKuAl9OmbzNMxIFUt8jsCZmw+jTCFkwORN2nKuAl9OmbzNMFLJ:tKvaHAa8jFUt8IC/+u5JHAa84J
    MD5:0FC5274758D86B81577A14DB93B3843E
    SHA1:8C6A05CEA60585D3284CFFB0227AD794E4B81278
    SHA-256:941C895567E0B2E86A3952AADC137271D8A791F14CA8A94FEBE6DAE2A616648F
    SHA-512:E1F02ED7B9419831A70B153521A268721E4306BA5F86EBE68F56B791B9AE74CA009B36B4A5C7206CCB6F890FEF284D0AC88DB5D1E9F6BFA3751E93221D58DEB3
    Malicious:false
    Preview:2024/10/31-13:44:54.238 1b74 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/31-13:44:54.240 1b74 Recovering log #3.2024/10/31-13:44:54.241 1b74 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241031174457Z-158.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
    Category:dropped
    Size (bytes):71190
    Entropy (8bit):0.36246742732361786
    Encrypted:false
    SSDEEP:48:nM7M9t6MeT0+ZxVwTrb5GtWlIOjomRPuQ2QewY9tgtctW:nM7M94M09MbsZx9ZyuE
    MD5:8CD83CDDA77F824B7830E91375AEA0E2
    SHA1:439D4CBCFE7371E19CDF92CB4BE58D0DF9C26D5D
    SHA-256:59D56F94DE54A826E22BA7E6EB129A53E119E4652F07CB66F27E37472C533E9A
    SHA-512:0CB715652FACA2348CB907C8A2FA657A0AF3715A2DF5F9D55EF0FA61E89A7C388B0D76B3F1326E168CB9A9755254FE3BECC9DEBF66CDE9EF8D1A90A789E6B8A7
    Malicious:false
    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
    Category:dropped
    Size (bytes):57344
    Entropy (8bit):3.291927920232006
    Encrypted:false
    SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):16928
    Entropy (8bit):1.2130479676873003
    Encrypted:false
    SSDEEP:24:7+tFuqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+ZY:7MEqLmFTIF3XmHjBoGGR+jMz+Lhlb
    MD5:107D18C6641D12D2C8144F4736DCF7B5
    SHA1:4D8783A93207025F4833B807FD12A859F1FC453B
    SHA-256:C496644408CDB675C89148627316775526A0494C2F8A4BD3BE30E7D6A507CDA9
    SHA-512:B91C5F3224615521296EDBD35FBD3F59054B5DA6E50E1D302649CE17A3627932FDBC1A721A668E73F29EA7E44FD6AFEE2FF0B123688E96DB6E88A8466A71902F
    Malicious:false
    Preview:.... .c.....D.s.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1391
    Entropy (8bit):7.705940075877404
    Encrypted:false
    SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
    Malicious:false
    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
    Category:dropped
    Size (bytes):71954
    Entropy (8bit):7.996617769952133
    Encrypted:true
    SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
    Malicious:false
    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):192
    Entropy (8bit):2.742553200765872
    Encrypted:false
    SSDEEP:3:kkFklkKTyCVXfllXlE/HT8kq6zvNNX8RolJuRdxLlGB9lQRYwpDdt:kK9IwT8GpNMa8RdWBwRd
    MD5:DE8418CD11417B3CBD0E028F3707821B
    SHA1:DE17BABE9DDFAABCB7D4125D38D499BCE24CD9EE
    SHA-256:C25822B013246B63C15209BBAD0D7E8411532F8EF6CA7E96C4BC5C4DC70FF97E
    SHA-512:1E3016128408EE92B2BD78908C548F3699F089B169BB08A9FA60F1ED2FE747124582520452A99AF2A463E2B98763100123469CE0A7C77056CA6BC14340D290A0
    Malicious:false
    Preview:p...... .........ov..+..(....................................................... ..........W....O...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:modified
    Size (bytes):328
    Entropy (8bit):3.1440865988908953
    Encrypted:false
    SSDEEP:6:kKfZRi9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:3LdDnLNkPlE99SNxAhUe/3
    MD5:1068A96F978FE1AECBD8B06E933C8D7F
    SHA1:0A2D8BB28A8C4EB8BA609F05917CC7C90DC61FCF
    SHA-256:CED33FFA9D952E8FAA422E615EFF542595E0EB74E8D11E676708CA399C6189F6
    SHA-512:DE81D66B554CA59D3846528A733B9248B108DFD907D42B97044AAC9C24C52CD4511A3755C2940D99AED68C6DDF37268F33B1F2B851D1EF02E0D130573175E894
    Malicious:false
    Preview:p...... ........z....+..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5724

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.363283782677388
    Encrypted:false
    SSDEEP:6:YEQXJ2HXBWFQhUAsoe5IRR4UhUR0YVxoAvJM3g98kUwPeUkwRe9:YvXKXBhhUAsoeWRuUhU8GMbLUkee9
    MD5:3330E02CAD9D3A52E2A00348F3A6C24D
    SHA1:DCD36C2CCCA695EF716DABD37781B6487E07D9DD
    SHA-256:754A60C07F6A3BAA855E3A1087DE1F11049EAED9D8DC9DF139FC9D98359E4C41
    SHA-512:95627A4180D3A59E838C4CF0EC2CAA2026ECE3649C2F6CC1688F6F4A029C7A728C30C527BED8B0BB35498AD1E9514C7724B8A966C3A105F2D8BE6A9F55C31587
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.3116703611429825
    Encrypted:false
    SSDEEP:6:YEQXJ2HXBWFQhUAsoe5IRR4UhUR0YVxoAvJfBoTfXpnrPeUkwRe9:YvXKXBhhUAsoeWRuUhU8GWTfXcUkee9
    MD5:13A01E06FDC174F0E047ADD6CCFC78A7
    SHA1:2693E5BB5C30F5E23B01CEFCD29DF34E6FE5F569
    SHA-256:D9FB7EB2CB12F88131EACAB6F66CB2B0C14BDC80506AF619BBCF05028C68FE74
    SHA-512:34CE95C398739C68CA6F746DF3FDB9937C7D7E4CE02D42BEC4CA1BD16CE078310317281D1A0C85858D1091DCE44EB1CE6094BB845A1BE546AEC0FE55B7725723
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.289622961142342
    Encrypted:false
    SSDEEP:6:YEQXJ2HXBWFQhUAsoe5IRR4UhUR0YVxoAvJfBD2G6UpnrPeUkwRe9:YvXKXBhhUAsoeWRuUhU8GR22cUkee9
    MD5:410196683B63CA6BC8E0FF247215B4C9
    SHA1:E1EE228E4E7A13077B98A6F0381F9105B2E7227C
    SHA-256:3C086C7F70B3D4D3460B26C78BFA51EC4C29043615A0AF9D50827870E9C7A333
    SHA-512:A70D1A4A98512FB53A50472E32B48E18261CA416382317172B88AC376889FEAAB2073E71C6D149664D6FCE9DEAEFC467DA00E9FC5CA2915B094C835381CAF263
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.351661178308214
    Encrypted:false
    SSDEEP:6:YEQXJ2HXBWFQhUAsoe5IRR4UhUR0YVxoAvJfPmwrPeUkwRe9:YvXKXBhhUAsoeWRuUhU8GH56Ukee9
    MD5:01406E2E1DF80B7A1B6153958B4E5CAE
    SHA1:72281E99A588F8C63EBDE510A36BAA2E4EECF567
    SHA-256:1586702FB402A288517CF495A7551DD5C8FD2E528E0A500A30FCB97596451253
    SHA-512:B83C9982489CC85AA24B034075B64D6D3FFB5047DD4B781F29B545A4C2FC314FB10069ABB61B042147A20C23F8B25493A3B8417C420E5B7ABAF3E7BF5D28A314
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1055
    Entropy (8bit):5.661003267628655
    Encrypted:false
    SSDEEP:24:Yv6XBhhUkbU5pLgEscLf7nnl0RCmK8czOCCS7oY:YvEhXU5hgGzaAh8cv/7oY
    MD5:75F22C3727E9265F375CEE4612A78C58
    SHA1:7A5BC7D0618B0F448B0B46530B0C6C8B8302206D
    SHA-256:F0373F5D2EB8F552FA823332B8370A85E81F176AF73B018817369294D3299E41
    SHA-512:B5A8D6D115668DF3C88457D9A931363803DE9DA9E31E0DCA8EBAAF1595CEB13A2FB228D099A5A9FA2ADFC93A10B68B3648E13F5B8033E94A64AC4E95D50FA029
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1050
    Entropy (8bit):5.6508452642746905
    Encrypted:false
    SSDEEP:24:Yv6XBhhUkbU1VLgEF0c7sbnl0RCmK8czOCYHflEpwiVYoY:YvEhXU1Fg6sGAh8cvYHWpw7oY
    MD5:55729AFE5F5754816D7856757EE93590
    SHA1:A01732242F796BE8A2098C50860DBEE9AD15AC44
    SHA-256:80B96E30161E09EEE39227044A86789194C68E49EA2D52B34B7AA6FCE7B21471
    SHA-512:F7DC71FDDE0B4AE828C0DB050C878A2D1A435EC786F5814658FAFCBBAF9D75D41A58FA5CD5C5EDEDC10D2DD394C551F78BD860B8EC34090C12B4FBF0B26EAB96
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.306025892073928
    Encrypted:false
    SSDEEP:6:YEQXJ2HXBWFQhUAsoe5IRR4UhUR0YVxoAvJfQ1rPeUkwRe9:YvXKXBhhUAsoeWRuUhU8GY16Ukee9
    MD5:AFD25A2F3FC1063BED4FDCF96E576EBC
    SHA1:89B450F4BBB1E70C6BB5F8DCB44CB9749A18A533
    SHA-256:A12467FDC8AC86B2D5B7012109E7C87B6F195E508AA1181C8F64499804E5F520
    SHA-512:4C32D83C723D317D8A28C6EB515CEDD6AF4E59A367E3B4088E8C6A466C81CD7DEC9A55D9916E624DAFC679D0CA835ADA2D556FF3DADD817C595FE0AF63998E3B
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1038
    Entropy (8bit):5.6470516618885735
    Encrypted:false
    SSDEEP:24:Yv6XBhhUkbUU2LgEF7cciAXs0nl0RCmK8czOCAPtciBYoY:YvEhXUUogc8hAh8cvAyoY
    MD5:C88C61660D82D36F869BDD89B4A0915A
    SHA1:635D35685B72393FADFC51D0CC786BB595E45DD8
    SHA-256:D642140AB72AE1A208F66A20E59E411096C1BCF8324D2E294DCE03876BD625D1
    SHA-512:CB000CA58E91B3FDFAE5FF12ACFEA080812AA9382D47BB6AE15B625487F6D253D4322301966D10D969962178260C953AB4797CA01A57A2C042CEEF56A0D790E7
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):5.697975505405261
    Encrypted:false
    SSDEEP:24:Yv6XBhhUkbUkKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5YoY:YvEhXUkEgqprtrS5OZjSlwTmAfSKGoY
    MD5:92793320D9C7526B291A18B545759C75
    SHA1:B4F6C1C13586E8060A408F996622BB8E76EDC234
    SHA-256:8DADA336703439CD8BE1C31FDFC9DB12758C44329720B604F360A9B5E9A6165A
    SHA-512:980634B665CAC0CD243441450EA4446B77330D31F20A8DF05D6E09278192AFE455292AD8F627ECFDF44AA9D021748C2643D1528AF509A3613F33E86F6EBF6AFB
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.308865186129295
    Encrypted:false
    SSDEEP:6:YEQXJ2HXBWFQhUAsoe5IRR4UhUR0YVxoAvJfYdPeUkwRe9:YvXKXBhhUAsoeWRuUhU8Gg8Ukee9
    MD5:16719424A84AD5B4D5F0AE68713BAC3C
    SHA1:F7D369BA14FB0D44B2D7AA8516FB8EBB0E1C4CB9
    SHA-256:ACBE48B4D30F3236AC240A7336604E097429709503FF39E036160562EAE4E490
    SHA-512:2050FAB1F3560FDB6F51797802F0903342F2B37584300EE504A0D46ADB17FC9D4614F163160004C3EC222F7CA3A0F0E04BB8382AE63B4D4C212FB127E6D7B1CC
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.770972717297128
    Encrypted:false
    SSDEEP:24:Yv6XBhhUkbULrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNgoY:YvEhXULHgDv3W2aYQfgB5OUupHrQ9FJ6
    MD5:E7766630A51DBB8E155F0A74EB11B845
    SHA1:BB390E3962F4A4D341DA373D31A9CC40584317C2
    SHA-256:827C9E187DB8A1F539E6CA55A6F93D7A930225BFAF33E85908280E39286327E9
    SHA-512:DBA79E5D532409F3A3A7E6DD5AE4C3D6A6DA833A0978351B7282046ABA53E94B97142257555453E598C65F52EB47D980EBBE86063716A95463A6DA9771C30CF0
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.292351354688868
    Encrypted:false
    SSDEEP:6:YEQXJ2HXBWFQhUAsoe5IRR4UhUR0YVxoAvJfbPtdPeUkwRe9:YvXKXBhhUAsoeWRuUhU8GDV8Ukee9
    MD5:2B092EFF8972AF3AF7B2BF8BC54A044F
    SHA1:8C0818968A2B9973ED1664EAE32DCA61C0CBB128
    SHA-256:8D092C987DB1422392882A435A3F760B3D6AD2B250B1D3D5E5F694A3612DA67A
    SHA-512:7E9C370C4355E7DEE80FE867F5499368DB633011EE7D5CAC5003A28420AC548CBFEDE71826929F4039D6D247E4EF3A49CF1EA7E6ED74EFA4D1FE3E40A475CB8B
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.296695350504615
    Encrypted:false
    SSDEEP:6:YEQXJ2HXBWFQhUAsoe5IRR4UhUR0YVxoAvJf21rPeUkwRe9:YvXKXBhhUAsoeWRuUhU8G+16Ukee9
    MD5:8BE9B87713D37FC4074C9710B3CC140C
    SHA1:5A5A87BC23A723B0A789EA87BD9372936E6EFEFF
    SHA-256:A4012E4C9751499F59073E8BE115A1F636F43AE3F468A7AB461028508D296033
    SHA-512:7078932E232DDD287447FD570AC7E4F1D2FD5618C0C7736D88B3160D1F2E3B3A3B8DDEAD09C9E1680CC2677CDA815D1427F1B762CB3D199F1B60938838B83969
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1026
    Entropy (8bit):5.629834195940021
    Encrypted:false
    SSDEEP:24:Yv6XBhhUkbUJamXayLgE7cMCBNaqnl0RCmK8czOC/BS7oY:YvEhXUVBgACBOAh8cvM7oY
    MD5:629B4B4B332C88E337E91B9CB5BB3FD8
    SHA1:53DA2D059529832C7399C041E5D94BB2BD5F1717
    SHA-256:78550C1A71686AB171D0856C1C08637BB294AEF02958FFB0A6D60E081470549F
    SHA-512:08B446B9E4372FA24DA3E3CB616BC3E238EB471BF6734281D0441212788BD2D437D06017949858F8121533824FB4EED4EBD7DD9CEA740CA73EF9C106DE5B631B
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.273201407437418
    Encrypted:false
    SSDEEP:6:YEQXJ2HXBWFQhUAsoe5IRR4UhUR0YVxoAvJfshHHrPeUkwRe9:YvXKXBhhUAsoeWRuUhU8GUUUkee9
    MD5:7453B206A8EBCDB3E611F07F40AF970D
    SHA1:8C4420EE41E284B89E3D91013BEE413830656762
    SHA-256:370415D5490D45360CE5D09A20FA97535B8CA57AE57CC29E6CE89B4C39F938CA
    SHA-512:86DAAD17CA288F9A1F83CC865386BC0334E11D3F094753012A5633F527A92BD4D765183E69444A9A468A128EB5953C6C41B545A1196124364F013A87EF794289
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.368859835196268
    Encrypted:false
    SSDEEP:12:YvXKXBhhUAsoeWRuUhU8GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWI:Yv6XBhhUkbUS168CgEXX5kcIfANh7oY
    MD5:82E8C4FFB4772D72C29A6CCFD7C63018
    SHA1:B4D48DFFF54674C75621A0D94B2FE386B34B71E4
    SHA-256:F0772894C43B6DD5090B89E6502FAD7F9F3DE58A940C23909E30438381FEC791
    SHA-512:DAC8DEA9866F993757B2411FB8B8415B1E73389DC8FB51E15A15743AAF37B5BB1AEFB15EDF109979E65368636EFBDDF9B731D749B13735554AAB52002B2AA62E
    Malicious:false
    Preview:{"analyticsData":{"responseGUID":"63c9952a-6bab-4baa-b3c0-09fa5f0195f7","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1730570414824,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730396699857}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2818
    Entropy (8bit):5.13214672666017
    Encrypted:false
    SSDEEP:48:YLb/Vj7QuLP/V8/VW2/VLR/VheMI/Vr/VZeq/VB/V09/VrSM/VP/VSXu/VJZZw/i:c/ZQA/i/o2/z/W/F/beq/D/E/BSM/d/B
    MD5:6BB38229B451B74DC662D4430C054D74
    SHA1:A21F7AD14247A9F90CADE82989904211D25168E7
    SHA-256:7E907AF6812031EB892D416AC5E870D70C6CFDB18AB97BA6FFA0B55BCC35A630
    SHA-512:35EA66017956B101F41091BDBFA55594EF683623FFBE14DA9A05DC627EC15CC8E24BE1C264EE5A8E39A50D768E9365C27F3211C160D753F73F1960B9BAEE84E9
    Malicious:false
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"fe6636d4399f1b4a9b4c1e1d0fc661f8","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730396699000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"72a76664a5b707d521363a42411d56ca","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730396699000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"751d244ccf62e14815a481b194e32592","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730396699000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"fd8a741dada09a5bebfb52ccba7a6c3c","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730396699000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"fb6e3864f60fbc79dd4207b6649ba7bf","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730396699000},{"id":"Edit_InApp_Aug2020","info":{"dg":"e2f6230588531bda469a74d26b85cd50","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):0.9878083473755231
    Encrypted:false
    SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6QeLPIcLESiAieDPF:TVl2GL7ms67YXtrLAcI8nd
    MD5:B6948181AA9D73C856761AD315723EC7
    SHA1:AFCEC4D1F98E0A37C9262A4AC4074EA44D707258
    SHA-256:C4FCB0678CF793DCA7B33645DB065BE9563D6A8FE1F7F504EFA91128B85FA11F
    SHA-512:19CF5357DFCC4CF5684AFFF855E8829BA6E47E11FD1FA61F052C0E0DDC1099537664A967E1173B070EA4E9C08648FA3319FC070C1BDE186C336007A3BECF8144
    Malicious:false
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.3420010677680703
    Encrypted:false
    SSDEEP:24:7+tjmASY9QmQ6QeLP7cLESiAi0mY9QfWqLBx/XYKQvGJF7ursL:7MjmlYXtrLjcI8KY8Wqll2GL7msL
    MD5:80B624F035590FB21304C3C7695A1B02
    SHA1:DEFE1986636E86967FBA6C75C2BF6F129564C31F
    SHA-256:3551995692D587850E3C014D5455E071874AEE89BE1AB5AA2CF4471226AD7419
    SHA-512:D0438033E5827053E99F44B29DAEABF90CDFDA0A81E7625F7CE22B1AC1518F9235B987C5994A1B2597B0C1DA927FE0C11BEB3CFA29776F50A8B91B04094E7C24
    Malicious:false
    Preview:.... .c.....8..`......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSIdeda3.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5162684137903053
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8fQRq34lYH:Qw946cPbiOxDlbYnuRKusYH
    MD5:8307292472D605B0F70307573186DD25
    SHA1:615873F70549B49C4EF6547E2F073CFDC0771656
    SHA-256:C1BEA4CE0E3ACD9C1E8475A8B31580594D21ACE5FC426886A946940B7BB3C179
    SHA-512:D8E9E821F3AF513AADE9AA95370BD5598587AE54A894B2C055667EBFE48F7B20EB707238C3DF7D98C8CFF0F4030DC9BACE741116D11079C43494DA454CD7237C
    Malicious:false
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .3.1./.1.0./.2.0.2.4. . .1.3.:.4.5.:.0.0. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-31 13-44-55-651.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.353642815103214
    Encrypted:false
    SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
    MD5:91F06491552FC977E9E8AF47786EE7C1
    SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
    SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
    SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
    Malicious:false
    Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):15114
    Entropy (8bit):5.363186017027553
    Encrypted:false
    SSDEEP:384:UeUX8KxfWpURecB6AIpkd/wBVijLuLPWVyGS0wUx4sr60uhrL8hil6lRMCs43SC8:8RG
    MD5:8F49703DCE537D71CF81050D618ED43E
    SHA1:9BCAE2DD6A1FF66C69200AAD9954843FFBB90565
    SHA-256:C715D0834AC782B3B85D78B969BFF185568085601E875F7854C433F520E1850E
    SHA-512:63C018A7FF8B3CDC3B25B92268BBD00C5669C40296E9D026C69B59F7F8A000A558BED8AD2030A2ACB506C9203BACA6EAB7D77E44DABDAEAC165AB60BA264822F
    Malicious:false
    Preview:SessionID=920fc626-faef-4ffd-bfb2-e48610cb3e51.1730396695669 Timestamp=2024-10-31T13:44:55:669-0400 ThreadID=6600 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=920fc626-faef-4ffd-bfb2-e48610cb3e51.1730396695669 Timestamp=2024-10-31T13:44:55:671-0400 ThreadID=6600 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=920fc626-faef-4ffd-bfb2-e48610cb3e51.1730396695669 Timestamp=2024-10-31T13:44:55:671-0400 ThreadID=6600 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=920fc626-faef-4ffd-bfb2-e48610cb3e51.1730396695669 Timestamp=2024-10-31T13:44:55:671-0400 ThreadID=6600 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=920fc626-faef-4ffd-bfb2-e48610cb3e51.1730396695669 Timestamp=2024-10-31T13:44:55:671-0400 ThreadID=6600 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.419439695527836
    Encrypted:false
    SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcb7cb36IC4cbp:fhWlA/TV9jC/
    MD5:F748DB95A5DA4C1BDEAAB4F77D56A133
    SHA1:0CC1F9EE7EC133A0BD60CF096F77C17EC06C19BD
    SHA-256:ABCA690E7DDBB002105B5C0A5A1DAD6ABEC0C221B790494B2E510627031F3A27
    SHA-512:E5F09CBC27B6C704D6DD0F069F96B9227D5C07C4BDDD8AA9697D38B3BD75628AADB426196413D855ACC943F9BCF6F3ACB26104A9E8D6041AE1C30221D3DA7CA4
    Malicious:false
    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\75362736-b3ea-443c-aad8-5a82bd51640a.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    C:\Users\user\AppData\Local\Temp\acrocef_low\b921ff39-54d2-4219-9812-93cab3bc40e8.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/xaWL07oXGZGwYIGNPJwdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JaWLxXGZGwZGM3mlind9i4ufFXpAXkru
    MD5:0A347312E361322436D1AF1D5145D2AB
    SHA1:1D6C06A274705F8A295F62AD90CF8CA27555C226
    SHA-256:094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7
    SHA-512:9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE
    Malicious:false
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\c2f2b907-69f6-4dcb-9dff-ab17c46d5d1a.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:GP7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZjZwYIGNPJe:BB3mlind9i4ufFXpAXkrfUs03WLaGZje
    MD5:CB76E9A61C184BA39F3357E92A06D56D
    SHA1:02E3C29B8BFDA91130E8975E604A5F4ACA9C85E1
    SHA-256:36A3CE95D2D6431192EF083A36D43F98FAE4FD40392D5B29B598548D86183378
    SHA-512:1F82E398F0E6F9E71FA92E3FFB3A252AF5AF6D7D51D2056CBA47D9724F3219856B967944C279EC39E12C172AB922DBA5E005C084DB59CADF7DC0258A2893FB57
    Malicious:false
    Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

    C:\Users\user\AppData\Local\Temp\acrocef_low\cbc164a4-cd20-4d1a-968f-9faa19d917a9.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    Static File Info

    General

    File type:PDF document, version 1.6, 1 pages
    Entropy (8bit):4.98747636812573
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:20241031_42900.pdf
    File size:7'700 bytes
    MD5:cca597e3e7b890b53f618a0799b1e35a
    SHA1:9b58671cb688100522ddef83f326ed2b52aaf4bc
    SHA256:4b06469b825e5012974fc3df431bd4206acf9555e704c90bf39df8482aa2526d
    SHA512:0d694f6dc1016db9be1417af470b4f20619d51861615d1432928a23520db5f70c758554ef0f44822519baa9c128f4e79d2c77ee6c4ba9d601f703a8aac3d9654
    SSDEEP:96:kukAl7X4crujtY1ENND58yT3rqHMF0WTqNhNNNO7g6CNNNNNN/NNNNTvt4fgUrTb:kukAxXMhY1eNV82Eto/emA1P0bStQ
    TLSH:82F1E10FB3C5A9A4D05242922E38767D646EB315388E7A801CF2C72FE5419FB3B6DC02
    File Content Preview:%PDF-1.6..%......1 0 obj..<< /Creator <>../CreationDate <443a32303234313033313037333930372d3034273030>../Title <>../Author <>../Producer <5265706f72744275696c646572>../Keywords <>../Subject <> >>..endobj..2 0 obj..[/PDF /Text /ImageB /ImageC /ImageI]..end

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.6
    Total Entropy:4.987476
    Total Bytes:7700
    Stream Entropy:7.709677
    Stream Bytes:750
    Entropy outside Streams:4.318927
    Bytes outside Streams:6950
    Number of EOF found:1
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj19
    endobj19
    stream1
    endstream1
    xref1
    trailer1
    startxref1
    /Page1
    /Encrypt0
    /ObjStm0
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Network Behavior

    Suricata IDS Alerts

    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
    2024-10-31T18:45:07.530655+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.1649708TCP
    2024-10-31T18:45:45.415802+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.245.163.56443192.168.2.1649712TCP

    Network Port Distribution

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Oct 31, 2024 18:45:06.513510942 CET6411353192.168.2.161.1.1.1
    Oct 31, 2024 18:45:18.906001091 CET5132253192.168.2.161.1.1.1
    Oct 31, 2024 18:45:32.820715904 CET5144353192.168.2.161.1.1.1

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Oct 31, 2024 18:45:06.513510942 CET192.168.2.161.1.1.10xac3dStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
    Oct 31, 2024 18:45:18.906001091 CET192.168.2.161.1.1.10xc08Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
    Oct 31, 2024 18:45:32.820715904 CET192.168.2.161.1.1.10x149eStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Oct 31, 2024 18:45:06.521032095 CET1.1.1.1192.168.2.160xac3dNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
    Oct 31, 2024 18:45:19.232675076 CET1.1.1.1192.168.2.160xc08No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
    Oct 31, 2024 18:45:32.827728987 CET1.1.1.1192.168.2.160x149eNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

    Statistics

    CPU Usage

    Click to jump to process

    Memory Usage

    Click to jump to process

    High Level Behavior Distribution

    Click to dive into process behavior distribution

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:13:44:52
    Start date:31/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\20241031_42900.pdf"
    Imagebase:0x7ff750790000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false

    General

    Target ID:2
    Start time:13:44:53
    Start date:31/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff698dc0000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false

    General

    Target ID:3
    Start time:13:44:53
    Start date:31/10/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1568 --field-trial-handle=1548,i,14624209966910695298,13864274561464179367,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff698dc0000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:high
    Has exited:false

    Disassembly

    No disassembly