Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
50100294329071_1725252700898.pdf

Overview

General Information

Sample name:50100294329071_1725252700898.pdf
Analysis ID:1561656
MD5:48c50c967ba832df78d45f5bd1e74cae
SHA1:1cda91e564bb2e135baed988cdf5ec490f1c2867
SHA256:cf38d600cb92dbf36e8cc7fe2ee960e0d7e1f855f02981c581e3c8a20e60bb16

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

PDF is encrypted
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 3964 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\50100294329071_1725252700898.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6708 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6848 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1580 --field-trial-handle=1560,i,15579011386394989665,7113480420868027032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49709 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49709
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: global trafficTCP traffic: 192.168.2.16:49708 -> 96.17.64.171:443
Source: global trafficTCP traffic: 96.17.64.171:443 -> 192.168.2.16:49708
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: unknownTCP traffic detected without corresponding DNS query: 96.17.64.171
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: classification engineClassification label: clean2.winPDF@17/43@3/62
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.1996
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-23 21-23-45-633.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\50100294329071_1725252700898.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1580 --field-trial-handle=1560,i,15579011386394989665,7113480420868027032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding EF54C2A7CDD0321CF9CC0569582B9EB5
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1580 --field-trial-handle=1560,i,15579011386394989665,7113480420868027032,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 50100294329071_1725252700898.pdfInitial sample: PDF keyword /JS count = 0
Source: 50100294329071_1725252700898.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: 50100294329071_1725252700898.pdfInitial sample: PDF keyword /Encrypt count = 1
Source: 50100294329071_1725252700898.pdfInitial sample: PDF keyword /Page count = 30
Source: 50100294329071_1725252700898.pdfInitial sample: PDF keyword stream count = 31
Source: 50100294329071_1725252700898.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: 50100294329071_1725252700898.pdfInitial sample: PDF keyword obj count = 69
Source: 50100294329071_1725252700898.pdfInitial sample: PDF keyword /Encrypt
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.56.99
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      184.30.16.138
      		unknownUnited States
      		16625AKAMAI-ASUSfalse
      217.20.56.99
      		default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comDenmark
      		15516DK-DANSKKABELTVDKfalse
      34.193.227.236
      		unknownUnited States
      		14618AMAZON-AESUSfalse
      23.195.39.65
      		unknownUnited States
      		20940AKAMAI-ASN1EUfalse
      96.17.64.171
      		unknownUnited States
      		16625AKAMAI-ASUSfalse
      172.64.41.3
      		unknownUnited States
      		13335CLOUDFLARENETUSfalse

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1561656
      Start date and time:2024-11-24 03:23:14 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:15
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      Analysis Mode:stream
      Analysis stop reason:Timeout
      Sample name:50100294329071_1725252700898.pdf
      Detection:CLEAN
      Classification:clean2.winPDF@17/43@3/62
      Cookbook Comments:
      • Found application associated with file extension: .pdf

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 184.30.16.138, 34.193.227.236, 54.144.73.197, 18.207.85.246, 107.22.247.231, 172.64.41.3, 162.159.61.3
      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com
      • Not all processes where analyzed, report is missing behavior information

      Created / dropped Files

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):290
      Entropy (8bit):5.169930014484613
      Encrypted:false
      SSDEEP:
      MD5:C0B022BA7E05C8940DEDF6AC1984C799
      SHA1:210CAC482325AD59489CC437335D1C2A76E791AC
      SHA-256:895A41202F1375559BFBCDED4E9C72359601E1A257D7708C41C97C0E59710AC9
      SHA-512:19EF26FE1DDF2D3E88105D167BB232F276C11EF0D577938B9E0EA3FC68C97322433E3A60D2F8DDD039CE8D8E4D518065BCF71D9EF59A7C7886EC558F2974E5B1
      Malicious:false
      Reputation:unknown
      Preview:2024/11/23-21:23:44.123 1a68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/23-21:23:44.125 1a68 Recovering log #3.2024/11/23-21:23:44.125 1a68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):334
      Entropy (8bit):5.105306082102235
      Encrypted:false
      SSDEEP:
      MD5:C392BCF9017D1427B8945ED9953B611F
      SHA1:542ADA4BC14887B914CD68E63049BF80CE571742
      SHA-256:7D2A0E97ECA5907DC9DA45BCC34FBF8D77526B981AD185A0C64C0693BA8CD0CF
      SHA-512:BBB5F34904AF7620E11E596CE1A1C04995D75F0DA3DFF02EB0616A798780FB134F84B4BED9DD07D0C01B3D511E66AB316137D2384B9A2BF6929679D3FE1D32BA
      Malicious:false
      Reputation:unknown
      Preview:2024/11/23-21:23:44.036 1ae4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/23-21:23:44.039 1ae4 Recovering log #3.2024/11/23-21:23:44.039 1ae4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4d7a5d27-abd9-40ca-ba98-c698ac41833f.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):403
      Entropy (8bit):4.996811301490587
      Encrypted:false
      SSDEEP:
      MD5:404D5B89BF11100748BEAB8282FDF2D3
      SHA1:E20CF35E9AE667AECE6E8E7FD167B907980EDD58
      SHA-256:A53A83DF01D2169DB4CBB3DAB0CA8CA51B865AEACFA35E44C72FE785AEE3BFEA
      SHA-512:AA18ED2A1FEE57D75838D88CF6337D613C78F5CA6C594E55E530CBC1435ABD47EE6A68600DB444C1D76F7A86323F49159DB8DB2E400B1B8A6B5EFAAD5F56F595
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376975035890900","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":657681},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:404D5B89BF11100748BEAB8282FDF2D3
      SHA1:E20CF35E9AE667AECE6E8E7FD167B907980EDD58
      SHA-256:A53A83DF01D2169DB4CBB3DAB0CA8CA51B865AEACFA35E44C72FE785AEE3BFEA
      SHA-512:AA18ED2A1FEE57D75838D88CF6337D613C78F5CA6C594E55E530CBC1435ABD47EE6A68600DB444C1D76F7A86323F49159DB8DB2E400B1B8A6B5EFAAD5F56F595
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13376975035890900","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":657681},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):4099
      Entropy (8bit):5.234745515454258
      Encrypted:false
      SSDEEP:
      MD5:1692315FCF6EDC3E066E8012E1A0FF8F
      SHA1:CC1F33B6E15A3EBA25B3B6770C681A4398B39139
      SHA-256:BC9F365FF8B70330B264E7A890299547FD9431E631095C152F82A83E0304D564
      SHA-512:E7AA75D4166BC2C4529E78B0A91E02121E074B52AF6051A930524661324812FE15DF4C445FBA0A5B192D6ED868ED0480118E0641342A12397524CFA51A0DF1E9
      Malicious:false
      Reputation:unknown
      Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):322
      Entropy (8bit):5.152664826405419
      Encrypted:false
      SSDEEP:
      MD5:6DAB106DF88B4A6B27B241927396B7AD
      SHA1:40490D15E08B5CD8865B8E00635D2E7747798789
      SHA-256:2A410C544A441861478632092733C15BE48788DDDD94738823947168E63854AF
      SHA-512:C9B64071E2D30C801ADF38DE0EBA0621D6C7D931D49338E2A70DB7382B29981C1A04491C5368F528273512E3E06C928B84A0C5B99874B238B123E1D5C22AFF9D
      Malicious:false
      Reputation:unknown
      Preview:2024/11/23-21:23:44.156 1ae4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/23-21:23:44.157 1ae4 Recovering log #3.2024/11/23-21:23:44.159 1ae4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241124022348Z-186.bmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PC bitmap, Windows 3.x format, 115 x -152 x 32, cbSize 69974, bits offset 54
      Category:dropped
      Size (bytes):69974
      Entropy (8bit):2.451385799895256
      Encrypted:false
      SSDEEP:
      MD5:56DEDA00A352B9390BB6173FB6550493
      SHA1:96DF9D08B3ACB7F1832DF8D9201EE32E8D283154
      SHA-256:048F0DE7D6ED944C03966B22ABB4E0940AA1D8FE0AF8294ECC82287EE60017F9
      SHA-512:9230D698848D3A9106CD2DE0A7C16B8D8CDF1B83F96505445DAD8AF67CE2DF1A0204D7F38E6C731E75A4ABB58C3288B93BD63BD57A0FA4AA4B0370B32B540013
      Malicious:false
      Reputation:unknown
      Preview:BMV.......6...(...s...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
      Category:dropped
      Size (bytes):57344
      Entropy (8bit):3.291927920232006
      Encrypted:false
      SSDEEP:
      MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
      SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
      SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
      SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
      Malicious:false
      Reputation:unknown
      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):16928
      Entropy (8bit):1.2156350188707596
      Encrypted:false
      SSDEEP:
      MD5:76997DC2B12C77BDD62AA2743D6C2EC3
      SHA1:678C31BFE7C2AD23BE5B2CB61417466A095A9798
      SHA-256:8020E00AF3874A4BE247630C21A1F806F2ABB07C09BEE57DDC6BA5278C51067D
      SHA-512:C874BED36A769378519771C2A02D38112FA91C87557E5A27A46405229D32AA4B3A4BDF3524FA42A66F6AAA60790ABA7E5710444EF8B951B52A618E6C2E456126
      Malicious:false
      Reputation:unknown
      Preview:.... .c.......'.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Certificate, Version=3
      Category:dropped
      Size (bytes):1391
      Entropy (8bit):7.705940075877404
      Encrypted:false
      SSDEEP:
      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
      Malicious:false
      Reputation:unknown
      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
      Category:dropped
      Size (bytes):71954
      Entropy (8bit):7.996617769952133
      Encrypted:true
      SSDEEP:
      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
      Malicious:false
      Reputation:unknown
      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):192
      Entropy (8bit):2.7425532007658724
      Encrypted:false
      SSDEEP:
      MD5:6D2B81FC12E094DA9D94EC55F7532BAD
      SHA1:230AFBE21CEE3DC62AF970C7348768B9F7A4F780
      SHA-256:D00DB8C68BB6B728B268950D3423E6177F82DD8108218CF20FA44ADA706032EC
      SHA-512:4D5311B0A555807CA4483D56E6B86951AB6FD7E9ABAFF2DDFA1ACCEAA7D374145C0498E7BE92D7E1D3E92DBE55BAF20B38BCBECE07507D32FDCC554C826D5D53
      Malicious:false
      Reputation:unknown
      Preview:p...... ........4....>..(....................................................... ..........W.....}..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:modified
      Size (bytes):328
      Entropy (8bit):3.150184159866505
      Encrypted:false
      SSDEEP:
      MD5:E46E04685372A0758CF8D3D259B94FC9
      SHA1:9B9332D6800ADE5E152947728719AD9767EB3638
      SHA-256:6E260B0F7AD6A2454160AA03889849B98BBA520F6DBA513C7F92AC75C4B70478
      SHA-512:ACBE3CF0CFC8E4C8952F9CCBFBA0EF997E6742AA7D79F1E5A91AF94D7A113E684ADCB3343765071588349051127795700A4CEE639C1383BB20C322A3DD5A824B
      Malicious:false
      Reputation:unknown
      Preview:p...... .............>..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:8BA9D8BEBA42C23A5DB405994B54903F
      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
      Malicious:false
      Reputation:unknown
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.1996

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):1233
      Entropy (8bit):5.233980037532449
      Encrypted:false
      SSDEEP:
      MD5:8BA9D8BEBA42C23A5DB405994B54903F
      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
      Malicious:false
      Reputation:unknown
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:8BA9D8BEBA42C23A5DB405994B54903F
      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
      Malicious:false
      Reputation:unknown
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:B60EE534029885BD6DECA42D1263BDC0
      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
      Malicious:false
      Reputation:unknown
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.1996

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PostScript document text
      Category:dropped
      Size (bytes):10880
      Entropy (8bit):5.214360287289079
      Encrypted:false
      SSDEEP:
      MD5:B60EE534029885BD6DECA42D1263BDC0
      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
      Malicious:false
      Reputation:unknown
      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):295
      Entropy (8bit):5.369220036557834
      Encrypted:false
      SSDEEP:
      MD5:B50C3F6EAA80FEB6DE68E83049A62CF2
      SHA1:E2F4814F928BF0D14C493370992B85A0B4372800
      SHA-256:2FF21941E24339B0504DBF6F9D4E9B45EB5AD7ECCEC347FADF7336E8826D7AEE
      SHA-512:0D24A0322C55203BB30FA18E4DDCE9FC902BBB3C4972D5F46F1AFF347B587696C1020A7A23EDF9E249B5370697238AF1A735CE0734622D23922463B162C25B7A
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.316122032072732
      Encrypted:false
      SSDEEP:
      MD5:8E375D7EB5445196D6A2F8D84A46E625
      SHA1:93B80BFF25C24E3B97D3A049F00FF43E1255EBE8
      SHA-256:FA829AE68C11D88FF37530E92DCD02A9ADA4A7C8F52F2C32CFB030D9AF3E3688
      SHA-512:BC529F53D255274FB55424DEDC273D8F39B29FD207B75026E0EC44FA82E6F18D5E2403B0598E9D45F3ABA93353CF934C9EFA4AB37713766494B8421FCAD9D509
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.29438152743054
      Encrypted:false
      SSDEEP:
      MD5:6FF2F358581FCF77D0091E1CCAA117D4
      SHA1:0E2CC496D680E1B0A0B646DDC5638497708FE96B
      SHA-256:A8F177F98319354B371B009B348CF534273DE026585DE4895DA251F7C6EDEBA7
      SHA-512:3BBF6CA8DB0AE2F122BC2ECC4C7B0B449B4139A861C6ABF0FC6AC8446853DD7BB3ADAF9208F125573F7F32405AFC8E0BF17C9B8BF99CE743FAA622225129133A
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):285
      Entropy (8bit):5.357805721798502
      Encrypted:false
      SSDEEP:
      MD5:7B9DA23BA36551117783406A140EFC8E
      SHA1:1800C22A00A8C6F5DDD67BA54B0CDB52BCA5F356
      SHA-256:21F72F5F5C0A0336E9D19DFA8FD1ADEE72AE3439F10566F50197E10627DE8AE0
      SHA-512:3A464F0979FABD667722574B24AC783123D2E0B89C0D6E4A84902E9D758B0929322FF16D4B8A5993FAB83C2E7B10A2D5D63DAAF87069621F148DFC60BDA282CF
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1123
      Entropy (8bit):5.688545837952899
      Encrypted:false
      SSDEEP:
      MD5:B503093BFB15C5827961D16476F598AF
      SHA1:7BAC2B1F18CE0885A0665360B9BF785664B5B34F
      SHA-256:BA3FEAB1B80B879DB391DB6CA1AF59DD6A2A1A202D958D7EFD8C1A5DCF0F8A01
      SHA-512:3D2E64FA03B3B9404614BFDE36E2AE39EA5EA35E4CBAB4C10C02E8F03F5E67DDA243DB69D9B251A80AB6558D6A0315ADEAE45EBC476CD27B205BDAF5F8D4163B
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1122
      Entropy (8bit):5.682254133552822
      Encrypted:false
      SSDEEP:
      MD5:A1F2E259FBB36026458E15016ED52D9E
      SHA1:A2BE81E8550BBFF7B7535410382D9CAF4CE9E3C1
      SHA-256:2ECC104E9F95B6E54065576FCA0EA24D6FF9D01853441B624C8C3C09C60FA7A5
      SHA-512:79D2AE968A5A0CBF13E316DDE378EBA1302D4EADD89FA95371ABEB5508B40B5E1DA5FA726255F67CBD371CD10501AA6D441E91AEEC5298504C076C6859DAA8B0
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):292
      Entropy (8bit):5.309537441228702
      Encrypted:false
      SSDEEP:
      MD5:B59BCC8A38371D6B5B91EF948E801174
      SHA1:E0F6ADD24FAAC03ED3437AC9775ADC196B3E35A5
      SHA-256:DA05FCF302B3679ADD9DB056B25E6BF502EEDF5CED62F10C195E579C1AB4FCFB
      SHA-512:121C6425C807CE96447DCF5272D93E9626679D1FB1E59F66D036B607C0F30598F3BC2A7F7C13E277BFD32E179545476E359A5ACCAA0A4B210BEA8DBD1EE7A627
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1102
      Entropy (8bit):5.671963558070786
      Encrypted:false
      SSDEEP:
      MD5:FB1AE9B768FFC8090E7FB2BFD3B846C7
      SHA1:1AF46DCE15F32B49FB6393EAEC30D505BF1196EF
      SHA-256:FC976BE184D1B811B6EF3A15ABCD2B3EF4AFD9746C5F8595767BF75C20244F19
      SHA-512:08343193AAB1C6413474484AE4F6675DC0D1D52CF3DC3CC26B506044D8FA7BD441346D56037E8651F984477EFBC35E0937641E7DBC36812CB2DE2547D0E3E277
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1164
      Entropy (8bit):5.701179542817351
      Encrypted:false
      SSDEEP:
      MD5:9CEAE119E97F0A71EDD9EE34C9EAAABC
      SHA1:3A937E334FD25EE822A252CEB62C8B3EA968C379
      SHA-256:0649E6CC7DDDAAF4FE5DAF3DFCADBB5B54391D561A2CB7718C3BD852AEFFFE07
      SHA-512:991D586D7C6D2235F6692AD937200ADB07E58F87B3E86A58A295C437E2D51141C0BDE2545CB486EE5EAF31AB90641B22F89CD3027F2E670C30F50FEFA3740E6D
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.312953524436588
      Encrypted:false
      SSDEEP:
      MD5:18823858277085295E1AF1E5121FF2BA
      SHA1:624DDA692DD2488F09BCF22A490D47C6812D4181
      SHA-256:E10DA7C73F54FF29AEF3290FC1E3971E142D95BEAEF99925E87492F25478028D
      SHA-512:83CF0544E24EE1A96636FF9F2BEB7D5A579F105001738BBD4513CB36459ED6E5EB0C44BBD8FC931D824FE951E80BA288A141AC1F11706D899B7C133B7B25ED1F
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):284
      Entropy (8bit):5.299231952267147
      Encrypted:false
      SSDEEP:
      MD5:81663FE34F0C65EB9AB3E9AEC8D05E6E
      SHA1:1DE7F58C80A50646FE277BC9370763B612B067D0
      SHA-256:20866D3999D80F6E43126BEFA23A44CE2C6CCB83881684B82401C196650D2ECD
      SHA-512:080731D646142AD993D9ED47F3E760BF0B6C81ED76E493FB7660E175D045AF8E2606692B090D2053DC7736A307BC9E2607DE06D4D2E273EC7B4B09FFB1E0C12C
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):291
      Entropy (8bit):5.296411594451093
      Encrypted:false
      SSDEEP:
      MD5:C931D7F62C8019335CD91F07486D7769
      SHA1:686DA7DA47041EE763386AE37CF28A5EAE947FE6
      SHA-256:47614EA5E258A3CF64D3ED2B1E7AD9F122A126A753255FF70907DF6CDCF64437
      SHA-512:9F66FCB5CF9FD31314A44A0D0B2722D2A5645CEF3FDE01FDDA7908A7FCDE0A99F83C5BB5558809CEE9EAFE17396FD1574F0DBBE7A815FA9FBCF1F2FD9C393719
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):287
      Entropy (8bit):5.300268076473933
      Encrypted:false
      SSDEEP:
      MD5:03EB91F9459618B86A05805E041A9688
      SHA1:FC52677ED1C9DE71CA04A1692A267B85B5365319
      SHA-256:B95E3C0620EB84D2971E64E6B418CF6AA4C7B7A44E768C27853FF9C538F0F6B9
      SHA-512:8024D24511FB81405064F4D516FA2B884068CCAEA3375E2BF01DCFF046A916CDB3E4424D5544827E535C4E1E20B74F8B80D083BFC5939AB22C244FA90265DF5F
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1090
      Entropy (8bit):5.664691488565645
      Encrypted:false
      SSDEEP:
      MD5:1E3E9811FBBF378D3C24A23392422CCA
      SHA1:D00A1714342C5E7719CD52C2FDE25D2AF5A64110
      SHA-256:1A04726190EE8941C3C792C2CC9A65CBAFCC57E70508D43A47912731494550B8
      SHA-512:406D1B151039654DC2C1A019D83D8B4BFB54C2C137DC988E9D9BA271F49C061E384153C71A2057B941050C888576D1DC2E0508C946BF02AFAD99D171445FA915
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):286
      Entropy (8bit):5.276373536911511
      Encrypted:false
      SSDEEP:
      MD5:399AAA47525BD338900AF221442BE153
      SHA1:4F7EC30CD02ED15435490889C2015654C8E6C13C
      SHA-256:7296677FCF87508766AB0B7749FE3FD97B6B97211E9A10F60C8016E814EE1DB8
      SHA-512:D63DB8060832CAF9EABCA4EE1E20D25F16A0C34C2B048DE34B3CFF5BF451715BDE0796A79FBBA48D46078426E7F3326A3F521E1B1DDD510A91FF1A97A429DA7A
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):782
      Entropy (8bit):5.370715535021089
      Encrypted:false
      SSDEEP:
      MD5:6E0DDDB2DE0662BF079DC8246069BA71
      SHA1:04E434E0CA92090A5136EE500723B5380DA5A781
      SHA-256:265787619D80DA4CBC4EBE52F2AD03EE1B03E57A44BB6D567D1107F37F40F3C5
      SHA-512:DBD4214D0D2DF80D6A7F49712A3F3CBDED22B87610B8A6BE9EBAE5F751C0181408EF1B67E1985F349AB41CE3F04C9274593071C46A30E0536DE9331E5CFBC9E7
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"9fefb958-99a4-411f-85a5-a92d3f61c7c6","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732594972989,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1732415033021}}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):4
      Entropy (8bit):0.8112781244591328
      Encrypted:false
      SSDEEP:
      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
      Malicious:false
      Reputation:unknown
      Preview:....

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):2817
      Entropy (8bit):5.124119367773771
      Encrypted:false
      SSDEEP:
      MD5:F633D433A79243F00A30894F0D719C79
      SHA1:ACF3E9F8AC5A5DE35D786EB38009FBD7763C2FF0
      SHA-256:A0687A3CB1F8245D56BFDED14CEB7CF0FC56712F2E45E5923F994C3E11D700F5
      SHA-512:BF54B0573DA32EA74BEB50C1EA352A0387CABF23DAFC47B2E108F6D24F94D61FA81D6BB750F267FAE18066FBAB67FCC457FD5F11B35D05492A8E212D38BD9EB5
      Malicious:false
      Reputation:unknown
      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"dc6eaea69860ad25208c7e06ab60fa9e","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732415032000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"0a0b892b805c5f93f7eaeb2c13744e0a","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732415032000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"7e1d82da3673167488b0ab266474f574","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732415032000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"cb0b09bb331fadb20ba02bb1f0a51bf8","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732415032000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"ba96c3db5eaabe504a7d2b98037a97db","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732415032000},{"id":"Edit_InApp_Aug2020","info":{"dg":"3038d54094f8e85e1071305601d069c5","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
      Category:dropped
      Size (bytes):12288
      Entropy (8bit):0.9878683734430656
      Encrypted:false
      SSDEEP:
      MD5:53735E2B44FEFC79A0EEB4EDB5AD6454
      SHA1:20CA37C42D3977F0C295ED281A255FCAAB3E5617
      SHA-256:255D1D13D4D90593422C3EE3379AE88F3E250623C189E1F070A822392F759CEB
      SHA-512:CD1D7A4C0117D7948ED89155CA19F6189874569D617670BD8D8EC1A5772F49E220720F6E5A1EA2347C4754C8E435F4AF6374F80F4BF0D32A1B21DE5BA954630F
      Malicious:false
      Reputation:unknown
      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):8720
      Entropy (8bit):1.3444190461450984
      Encrypted:false
      SSDEEP:
      MD5:3F5E0903A3AD6788FABC8B0012509C9F
      SHA1:8AD2AE99AAC581EE50F2816C24D80642ABC6EC2B
      SHA-256:3019702C42882440B09F9C74E3240C3DEF8649D0821A4B7D1C276DC3A42BFC57
      SHA-512:22410E9B5372FEB56E7E4C95255DD3AA1299B0F132575B1113A58DF0550D0D8B329DEBC6A0ADBB3600789B0A334AD32BC1489C6F8339F8A11D763C1E51EF2F6F
      Malicious:false
      Reputation:unknown
      Preview:.... .c.......;M......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):66726
      Entropy (8bit):5.392739213842091
      Encrypted:false
      SSDEEP:
      MD5:802755AC57F4497A6097CF4B709E7AB5
      SHA1:4C655D0C6B25375BB25AA51E6829E5D6C22CDA3B
      SHA-256:7CFC365A66B36DF8EEB5140AAC1B7DDF849FAA247AC6F204E0585ADA1B42E0B6
      SHA-512:F2E3A7A6649E24FAB0E033A5C21C4F1E37E701F46F35BA323304DC64A1B83DB92B37159FF31FA46CAE8246C33EFDE750A641FCB57D3A3C64365BFD331A058B0A
      Malicious:false
      Reputation:unknown
      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

      C:\Users\user\AppData\Local\Temp\MSI3fab5.LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
      Category:dropped
      Size (bytes):246
      Entropy (8bit):3.505069684106714
      Encrypted:false
      SSDEEP:
      MD5:AF0E7098BFF564A84C5DB13ECD2B0CEB
      SHA1:C0865512C64091E2EF051DAD6B57BE9A0FE78BCD
      SHA-256:DCEAA863FE4128D1DBF272FF042CB94169A451419893FA9113A7C22190852918
      SHA-512:0D964172F145CEBC0D3EF71F3708BEAB98CD364D0D7085004AB95D37336893D4C1BC62E3E23AAD0CC90BD0A962F34FA287A0A0056D43DAC29A732004F88780D2
      Malicious:false
      Reputation:unknown
      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.3./.1.1./.2.0.2.4. . .2.1.:.2.3.:.5.0. .=.=.=.....

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-23 21-23-45-633.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with very long lines (393)
      Category:dropped
      Size (bytes):16525
      Entropy (8bit):5.353642815103214
      Encrypted:false
      SSDEEP:
      MD5:91F06491552FC977E9E8AF47786EE7C1
      SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
      SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
      SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
      Malicious:false
      Reputation:unknown
      Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):29752
      Entropy (8bit):5.422939776809934
      Encrypted:false
      SSDEEP:
      MD5:6AED67D6D8ED9E1193F241C3DBF51FEE
      SHA1:0BA2690431B74F82D9E10D7DD9A7990B46820AC7
      SHA-256:41B3A4F5E0DB6039970B650B54ACF1C16ED8252CECF32C6A10D704A02654777A
      SHA-512:49495A2D6DD69D1BE253FA820C974BFB474BBD4C81243374EECC9AC97F01455716E0CA0854EF103881B7EC14132D2049C13273058C1419E27568E16A0920CF84
      Malicious:false
      Reputation:unknown
      Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

      C:\Users\user\AppData\Local\Temp\acrocef_low\0a5f13f5-ca82-4012-bbbe-b07e73f0c4ae.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
      Category:dropped
      Size (bytes):758601
      Entropy (8bit):7.98639316555857
      Encrypted:false
      SSDEEP:
      MD5:3A49135134665364308390AC398006F1
      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
      Malicious:false
      Reputation:unknown
      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

      C:\Users\user\AppData\Local\Temp\acrocef_low\2ed57905-f6d5-40b3-93e3-1f4217a7c029.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
      Category:dropped
      Size (bytes):1419751
      Entropy (8bit):7.976496077007677
      Encrypted:false
      SSDEEP:
      MD5:B12D3B0AA42B279139A9F6E26C2C9B8B
      SHA1:D1DA3095C6BCC381675A441AE7A746EFFCE589AD
      SHA-256:CCE2144135761D366D903449ADD12223E6CE743183543B17D336B3C5E13D5327
      SHA-512:74AB21F8176B3C9052B7A592EE9A998F96FDAF078DE3F7BE4361765873BB1101EA8B4D6CA1EC482351FD7D4FD59432B7CDC0684F7021410C94606C16E593BF24
      Malicious:false
      Reputation:unknown
      Preview:...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U|}../xS}.q..B|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

      C:\Users\user\AppData\Local\Temp\acrocef_low\7d7d2731-0f79-409b-930c-33ae0525924c.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
      Category:dropped
      Size (bytes):386528
      Entropy (8bit):7.9736851559892425
      Encrypted:false
      SSDEEP:
      MD5:5C48B0AD2FEF800949466AE872E1F1E2
      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
      Malicious:false
      Reputation:unknown
      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

      C:\Users\user\AppData\Local\Temp\acrocef_low\c0d0ebb2-3849-4436-9d75-279ba3c0d9b4.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
      Category:dropped
      Size (bytes):1407294
      Entropy (8bit):7.97605879016224
      Encrypted:false
      SSDEEP:
      MD5:716C2C392DCD15C95BBD760EEBABFCD0
      SHA1:4B4CE9C6AED6A7F809236B2DAFA9987CA886E603
      SHA-256:DD3E6CFC38DA1B30D5250B132388EF73536D00628267E7F9C7E21603388724D8
      SHA-512:E164702386F24FF72111A53DA48DC57866D10DAE50A21D4737B5687E149FF9D673729C5D2F2B8DA9EB76A2E5727A2AFCFA5DE6CC0EEEF7D6EBADE784385460AF
      Malicious:false
      Reputation:unknown
      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

      Static File Info

      General

      File type:PDF document, version 1.3, 30 pages
      Entropy (8bit):7.964373714377059
      TrID:
      • Adobe Portable Document Format (5005/1) 100.00%
      File name:50100294329071_1725252700898.pdf
      File size:121'776 bytes
      MD5:48c50c967ba832df78d45f5bd1e74cae
      SHA1:1cda91e564bb2e135baed988cdf5ec490f1c2867
      SHA256:cf38d600cb92dbf36e8cc7fe2ee960e0d7e1f855f02981c581e3c8a20e60bb16
      SHA512:4b905f39ab02a215ec72a6fa0f4c26c0d01745220008ed2b9e95211e9ee7b51cac3c1198c7951f5e34789e88c566215d8216f6339af0ac5ba1c8d02b1117bd53
      SSDEEP:3072:VRlg5Cnrb039lFsHzyGIhkTmTvWrBCafvpcSx1:VRkCnQ9MOD2qTEeS7
      TLSH:62C3E124E7EE2D1CE012C740A56738988D78B007C7D539F3452DCE91A2C1F78EA9A5EB
      File Content Preview:%PDF-1.3.%.....4 0 obj.<< /Type /Info./Producer (null) >>.endobj.6 0 obj.<< /Length 3899 /Filter [ /FlateDecode ]. >>.stream.q..B..S.".`l.>C..[....uA..._.;..^N.H.{....C"...v<.Z..6..i.N.:PJ..GA!=U0.z.0...(..<8w.......m...m..z.h7..h..'n...mw8.w.)..q.Y.....

      File Icon

      Icon Hash:62cc8caeb29e8ae0

      Static PDF Info

      General

      Header:%PDF-1.3
      Total Entropy:7.964374
      Total Bytes:121776
      Stream Entropy:7.998196
      Stream Bytes:113416
      Entropy outside Streams:4.829621
      Bytes outside Streams:8360
      Number of EOF found:1
      Bytes after EOF:

      Keywords Statistics

      NameCount
      obj69
      endobj69
      stream31
      endstream31
      xref1
      trailer1
      startxref1
      /Page30
      /Encrypt1
      /ObjStm0
      /URI0
      /JS0
      /JavaScript0
      /AA0
      /OpenAction0
      /AcroForm0
      /JBIG2Decode0
      /RichMedia0
      /Launch0
      /EmbeddedFile0