Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CP_364539955_120008407885_20241125214538.pdf

Overview

General Information

Sample name:CP_364539955_120008407885_20241125214538.pdf
Analysis ID:1562728
MD5:b92f373d0afcb9fd6202764e66d0797f
SHA1:38660ac0303e150a4ca045d302cd744a6c2d4441
SHA256:2536a428d0328bba24034e33d42f78ed104ef73bd500d7e8d26d5e7b69167661

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 3812 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CP_364539955_120008407885_20241125214538.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6676 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3680 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1624 --field-trial-handle=1588,i,10714921631825781532,2246996546830277587,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49707
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49707
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49707
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49707
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49707
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49707
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49707
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49707
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49707
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49707 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49707
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: classification engineClassification label: clean1.winPDF@15/41@3/61
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-25 17-37-07-223.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\CP_364539955_120008407885_20241125214538.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1624 --field-trial-handle=1588,i,10714921631825781532,2246996546830277587,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1624 --field-trial-handle=1588,i,10714921631825781532,2246996546830277587,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: CP_364539955_120008407885_20241125214538.pdfInitial sample: PDF keyword /JS count = 0
Source: CP_364539955_120008407885_20241125214538.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: CP_364539955_120008407885_20241125214538.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
217.20.59.37
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      217.20.59.37
      		default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comDenmark
      		15516DK-DANSKKABELTVDKfalse
      23.218.208.137
      		unknownUnited States
      		6453AS6453USfalse
      23.200.196.138
      		unknownUnited States
      		2860NOS_COMUNICACOESPTfalse
      23.195.39.65
      		unknownUnited States
      		20940AKAMAI-ASN1EUfalse
      107.22.247.231
      		unknownUnited States
      		14618AMAZON-AESUSfalse
      172.64.41.3
      		unknownUnited States
      		13335CLOUDFLARENETUSfalse

      General Information

      Joe Sandbox version:41.0.0 Charoite
      Analysis ID:1562728
      Start date and time:2024-11-25 23:36:36 +01:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:defaultwindowsinteractivecookbook.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:15
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • EGA enabled
      Analysis Mode:stream
      Analysis stop reason:Timeout
      Sample name:CP_364539955_120008407885_20241125214538.pdf
      Detection:CLEAN
      Classification:clean1.winPDF@15/41@3/61
      Cookbook Comments:
      • Found application associated with file extension: .pdf

      Warnings

      • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 23.218.208.137
      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, geo2.adobe.com
      • Not all processes where analyzed, report is missing behavior information
      • VT rate limit hit for: CP_364539955_120008407885_20241125214538.pdf

      Created / dropped Files

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):290
      Entropy (8bit):5.221791716664956
      Encrypted:false
      SSDEEP:
      MD5:AC1720122DB4EF567276206CC4930DF1
      SHA1:4D91D955C03B54F8F4A3AD8692E34D7EDF02862D
      SHA-256:00A90FCB6DD232EEA00BD3F99DE74DC35D04CA47F8083DEC395BFE9688EBF284
      SHA-512:FED16037F1F4B3CD5DCFE570467FF536272C2E7643CD9058D85D088690B9A0754839B50BA61C9EA717A9CF526768FF8981498BFF199777AF9622D254A3FF73C6
      Malicious:false
      Reputation:unknown
      Preview:2024/11/25-17:37:05.819 1a34 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/25-17:37:05.822 1a34 Recovering log #3.2024/11/25-17:37:05.822 1a34 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):334
      Entropy (8bit):5.157817028056866
      Encrypted:false
      SSDEEP:
      MD5:394BCA0DA330CC8F061EC972F679A683
      SHA1:1C7D83F5B71B3EACEF25DF4172C644BF1A39B7B8
      SHA-256:67AAF95A88FE3651F3BD7B736E2A9B242BB9BDB7390366B813763707FDCB149C
      SHA-512:D12A58F52462EC4FE1FFEA7A8820A431ED4CC1511EF54A36684FDFAB153A11600E51E7F52A04AD90961969062F3B50BF9D13B1D415488DD055C8A93BA177B476
      Malicious:false
      Reputation:unknown
      Preview:2024/11/25-17:37:05.621 1aa0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/25-17:37:05.626 1aa0 Recovering log #3.2024/11/25-17:37:05.626 1aa0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\888149a3-a912-4395-afb9-da26b79f6461.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):403
      Entropy (8bit):4.983035572001025
      Encrypted:false
      SSDEEP:
      MD5:12ADB1232423CC01A89F16A7A55F2FF4
      SHA1:64473401B59CC510032C6D561C004048FE3D70A9
      SHA-256:69053F9246DF159178935D7AC21C8F39E138849FD736DF591ED1A796CDAD9E8D
      SHA-512:CF47D1D1A7005E370180F50C7BC5C32D29EB47A390EB5D6FC73946B73639E87C8BA34E0F29C0035D6E93C7812882E0890F1CB15C70A7C0F85D7F28074EC91A35
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377134237527205","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":652516},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):0
      Entropy (8bit):0.0
      Encrypted:false
      SSDEEP:
      MD5:12ADB1232423CC01A89F16A7A55F2FF4
      SHA1:64473401B59CC510032C6D561C004048FE3D70A9
      SHA-256:69053F9246DF159178935D7AC21C8F39E138849FD736DF591ED1A796CDAD9E8D
      SHA-512:CF47D1D1A7005E370180F50C7BC5C32D29EB47A390EB5D6FC73946B73639E87C8BA34E0F29C0035D6E93C7812882E0890F1CB15C70A7C0F85D7F28074EC91A35
      Malicious:false
      Reputation:unknown
      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377134237527205","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":652516},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):4099
      Entropy (8bit):5.23211886659169
      Encrypted:false
      SSDEEP:
      MD5:932E754C1E9BDE4FA3239C437554305F
      SHA1:12A7071FDFAA525FE1AD5DEAE9C7E62CC8433C01
      SHA-256:137DC283E446DCFE5D46560A5FAACC15869E0160B0ABE4D11689CFCF5DE11E66
      SHA-512:036387D70C38B84EAE07D2843F28D60E63A56C26BE7CEF523BC28079109F1FBA979E23F671CC739EA8D0696C16B2260D25AEC9B584E584AF22A4F5BB66EB5964
      Malicious:false
      Reputation:unknown
      Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:ASCII text
      Category:dropped
      Size (bytes):322
      Entropy (8bit):5.18325816128286
      Encrypted:false
      SSDEEP:
      MD5:F1D260159DA6C41C820E5C9D79275F9E
      SHA1:9886B46E50A9B31F763C409A380014C4777F1E21
      SHA-256:8599E15021EB6E248F71487D68ADCB440AE03C7E0AE6A35CE366E22580A7BD42
      SHA-512:BE27B817A4192B7ABA86384DD39ECFD8B046539CD2F45EB12E2BD7F219E48B60CBD11886889B900908E24E2C48895758838CA53FFCC377D58F68D01666A53F9E
      Malicious:false
      Reputation:unknown
      Preview:2024/11/25-17:37:05.851 1aa0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/25-17:37:05.852 1aa0 Recovering log #3.2024/11/25-17:37:05.856 1aa0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241125223709Z-162.bmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
      Category:dropped
      Size (bytes):71190
      Entropy (8bit):1.3598690699341887
      Encrypted:false
      SSDEEP:
      MD5:27F9CC70EC187D52288F5D64EA1774CB
      SHA1:D8FA46300FB0E74799B42EF303A1BCCB8894284F
      SHA-256:24DEBA8CF58B01A6D6C81B9A79C977533C972FAE31FC5F460FC4BE3977930102
      SHA-512:C583B1DDC19A329E2D51CC969D490D5890474634F9DAE3341683AB8AA8730D3BDC29E063026722A934D4F64F08DB4E85481FC8DBC6FA50A7D9DC18B434068778
      Malicious:false
      Reputation:unknown
      Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
      Category:dropped
      Size (bytes):57344
      Entropy (8bit):3.291927920232006
      Encrypted:false
      SSDEEP:
      MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
      SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
      SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
      SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
      Malicious:false
      Reputation:unknown
      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):16928
      Entropy (8bit):1.213562083171886
      Encrypted:false
      SSDEEP:
      MD5:0C7D28326B2E1246E9FDAC2391F11BE1
      SHA1:B7D83524CC7FBFAC64FAA9AB651355420CBEE718
      SHA-256:8BD64E0EACC2624A74DF2502813185B97A405CFEEB444C57B2B703D923968644
      SHA-512:4E772D1F10561AE66CE55563D13A508ED9108091DAB457D362200AF010CBA416CC20BCBBEA450D0B6B1617557EA39227D1493BC9146DB9020639DF7F06D9CA1F
      Malicious:false
      Reputation:unknown
      Preview:.... .c...... w@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Certificate, Version=3
      Category:dropped
      Size (bytes):1391
      Entropy (8bit):7.705940075877404
      Encrypted:false
      SSDEEP:
      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
      Malicious:false
      Reputation:unknown
      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
      Category:dropped
      Size (bytes):71954
      Entropy (8bit):7.996617769952133
      Encrypted:true
      SSDEEP:
      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
      Malicious:false
      Reputation:unknown
      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:dropped
      Size (bytes):192
      Entropy (8bit):2.7895108629891827
      Encrypted:false
      SSDEEP:
      MD5:31D17B620C7BDB1878539AA3225C4E90
      SHA1:6B03A16D20329296D592E92E19596C76DEC9AA91
      SHA-256:4E8A264D607E1AD5AC935E9E9AB17F62833579CA670BB1EFF703F7F1C19A089D
      SHA-512:E9553985D97B4626BC59EF79D33656E162027FEBFEF2FD6727C1C05921A1D3C563F24D96C0755D4980E82EB93B363615C51689D319F8A0C2F23195E04031CD27
      Malicious:false
      Reputation:unknown
      Preview:p...... .........`N..?..(....................................................... ..........W.....<..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:data
      Category:modified
      Size (bytes):328
      Entropy (8bit):3.1321959448363517
      Encrypted:false
      SSDEEP:
      MD5:6ED0CC32EFC55784A616140961039B78
      SHA1:8BFF79FA364193E90349A847FA89C5108F359F2B
      SHA-256:96DF4145C91A2157807B9809AE5DBD6FAD7AF8767D3E463F8320B3C3D52F2B84
      SHA-512:E1129CE115230D8E3AFBE2064DFC7E4AD015A4C55F065F2E1310B44D6D730489CC4A8EEE1834CE61D30989B375B71A5084B78B927F8835BD7FDDAB14811F6334
      Malicious:false
      Reputation:unknown
      Preview:p...... ........sgG..?..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):295
      Entropy (8bit):5.3865925904699745
      Encrypted:false
      SSDEEP:
      MD5:1D81124015D7A1BCD40BC3C339FF7AE5
      SHA1:F9EB949D8653A334B2AEF4252098C65AE78D508F
      SHA-256:3EAD41C7908C3DFDD36946B563CF9A0149EDCB665234C0F019A8516C2B4D7A17
      SHA-512:97366A4C705250377D823422A7D1E033E2611E120B811CE30AF7DA70098B9B2609A0A9B837CAB04E4EA984A66F1B31F79F75DB4E618948B4299666CA1B1CB2B6
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.335927033307827
      Encrypted:false
      SSDEEP:
      MD5:8AD257804B69102E84BC0F8DF37C052D
      SHA1:EC5E708323CF0F76A4AAEE97305AA7991487B3DB
      SHA-256:94BA2529A17298A34CB389E35BCD7D29AD11896D95E2F39A3440B8AE9A643F93
      SHA-512:40840D3E79D714C1EB2FA26C7978FA23C423362D772296AF6EC7BE570C9AECB941684E2E0F8687C62E62D005A394DB9C456C39EAA07C51D92FB77A02DEF491A4
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):294
      Entropy (8bit):5.313777126884896
      Encrypted:false
      SSDEEP:
      MD5:7DB73A719829A5FC7D58C9A30ABA6604
      SHA1:048DAFB642EB973562FD80E311037E4EEB122B19
      SHA-256:336182F6F9594FD433444DDC4F1A8A810C76640799A0F1AE3AB360BD192BF9C8
      SHA-512:EC2D25D4E6561F724019A1AAACB8D4037A257E07E62A2892CF30B4C6FBC2D322F4789FD52F701013EF9AA7D227F7FDCBB9581B39B97E72111557ECD58BAB61B7
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):285
      Entropy (8bit):5.375787839005804
      Encrypted:false
      SSDEEP:
      MD5:A411F809A9F12641377BBC9DD5358908
      SHA1:FE2C58EED8A65934985B553761B362A1A31D99F7
      SHA-256:AC3284FC069F8BEBBED509174C5A50B791676983F13D63705B3393B685893A6B
      SHA-512:EB2C18E49ECBFD3EE44D04A1CAAA2DCF5CBF7843D191571A8DCE9528FCDD70BFCFD7937AFAB8CF9831C5EF285A1E06024A32412D31CA4BB779B4B0D45C37E51A
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1123
      Entropy (8bit):5.687171255846089
      Encrypted:false
      SSDEEP:
      MD5:31FFCE48DD67C9365EA6A1AD751D5CB2
      SHA1:1709FEAED7CAAE1E9491B68F3E78C0D5CC0A19B4
      SHA-256:2620BEE898122B92259EBC6A031AB6B6DF6F861E65E2D298942DEF7FCECD834E
      SHA-512:3EECC493C546793D7735D67E95BC427C1261F341466D3DD88FBC6D37D8C35193FE63C9938A0D154C2FD048CE18FCE1DD78B6ABE073A4AFAA8A45A8729583EE70
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1122
      Entropy (8bit):5.6810622650433125
      Encrypted:false
      SSDEEP:
      MD5:56773199AA9C99A47BD2EF1C43F0808C
      SHA1:1767A18CE2B7CCB1A41766CDB292732B785B1657
      SHA-256:9C71280BA5E8861EB00B46F221AD6A8309A44E3A67E71C40926525DC9D3F8149
      SHA-512:EB7E0C7979C3DC047B9BBDDDC24DC519BF1C2346EF8D7A8E03078CA9E2EE47F2370AC3847784F7C1BE1F46B05ABF75D4073DB83542F9615D11DF5CC1A44858D7
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):292
      Entropy (8bit):5.32316892151705
      Encrypted:false
      SSDEEP:
      MD5:E7167BA38E70C4DAE9E510E71EB026C5
      SHA1:EC8C728E4D7D9E9B6324055B3491BF265E951B2E
      SHA-256:42D770B48293C5F0C0BF2EC4C1E0232D58A70FF7ABDFCD62260E79E2FA392165
      SHA-512:D8A0984858CCA3C3D88B0D3C10214737701C5DBCB15968687A4BF88FCCAC9B0B7C6F907DD2870648A9DE7A42CC3628CAB3C63B080CE5E0E45A9CC864FC831CA4
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1102
      Entropy (8bit):5.670804848531774
      Encrypted:false
      SSDEEP:
      MD5:FF799733A6BCCEDA6282F5B351FC40F0
      SHA1:B6871D2F83609CEB78726CB0F97AA28AAC1291B7
      SHA-256:99933A559111644C920E938F41360C6A75137C9E94C357AC746B90CFAAF8485A
      SHA-512:8CAB5CA560187BDBC90BE52BA1EA4ABCED1CE26118B151112ADE7813715290F04D2C77434D1AC6FC6DD08B9687EEF23A3CE4EA7C277DDB1B177BF0F93A584574
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1164
      Entropy (8bit):5.698591644363682
      Encrypted:false
      SSDEEP:
      MD5:16AA24030C2E00369936E9DFA06A8994
      SHA1:B858AD572D97B422DD10C17A8DAD234EC944FEFC
      SHA-256:A2B73E6E69583BA1E4BB3EDFFD0CA84354F9A5DD0A7B04EC84A836CE6B64B021
      SHA-512:875AD272BECEFFDF7C73B8D513DF937143DB0A9D0D5CB8DAD79DD8D36E3AD3C6E8A5F86D6595B73BD932308B4E4FD6A119E56C6B95EAF51D7D2D820DD9E65C86
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):289
      Entropy (8bit):5.3274747736239725
      Encrypted:false
      SSDEEP:
      MD5:7279D7D2B20271C577BBFB2DAADD8956
      SHA1:C7B18E76404DC18B041DE6D86EBD08567D9399A4
      SHA-256:E0B7AD7393D4C2F65FB2C648F8D27B2C6AE0AD8569516837D4422D458E4879BB
      SHA-512:985AA073AD21CDA91C087FB9C7068D79AA4B4F4290032C8E714D35E79768C71286A1FC7F3719C1427273C65356FE7498E6BF1A348333529BE9DAB8AB0F125F42
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):284
      Entropy (8bit):5.3140088572500845
      Encrypted:false
      SSDEEP:
      MD5:70DCF1FE45A0E86C91DEDDD03C49B8C3
      SHA1:E67B12E8489D68ED621EA61429F0FEAB5A5206A7
      SHA-256:E412B4F18038D5F724FF7A1AE2B7E4B14DBBCFAF67920C4F2D04D0298828A506
      SHA-512:831C91D9DE1ED5AE5DE01CC6C39F728A21835012382DCD3438A8E4D98434FD6C2809B5ECC82834AE3FD80D4AFE855F12917DC4838628E18F615E1F6E559C0276
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):291
      Entropy (8bit):5.310833041238565
      Encrypted:false
      SSDEEP:
      MD5:04E8A30A86E8AE84BFA91C97FFEBB875
      SHA1:9B53DD0C6B003541F1851A9A8DAC53F9710979A6
      SHA-256:1535F9381F58A6713FDC0E40F839DCB74BF8C2D09E55FD74918FBFF97EF8660E
      SHA-512:BC2C934A5AE4CF7AA411B810618D6C5DFF228298A7F35C4AA1D9140A38A7DE991BDCEFCC3D21DCE17724B3C992AD1295956B3201523AB8B169E9DF94C1C4DDF2
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):287
      Entropy (8bit):5.314594653448513
      Encrypted:false
      SSDEEP:
      MD5:8DACBF3689ACBA21652D1F9770A95393
      SHA1:579ACD75D9C3E8DE93CF7E01CEF2C064E82A7B53
      SHA-256:1ECB87DE7E765185DCE4B8A5F06C66459FBAC6760EFF12479C9F72ED0344DFD7
      SHA-512:EC56D389F9AA86D35DE41A691408809691ACEAB6B1BE35A91D0F1A7708B0E32A7CD39C887BF809E284323C6F830C8A0316103F2100E7B1C7056173167A19B5EF
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):1090
      Entropy (8bit):5.662745604915247
      Encrypted:false
      SSDEEP:
      MD5:6B9A750DB13E0F67366FFA5AE527EB6A
      SHA1:DFC023D6CA45782C9264ED94312857E2648EAF19
      SHA-256:D82F7095D9EA54690F911DC588F0C9ACF988EC89FF54F8FF9C68ACDB5955AC64
      SHA-512:BB73A43AB06E5738016183962A7F2A365C0C6407781FFEFF320480DA6AB31F930F6BF0ECBA29D5AFCDC19D90A4741BA090CBA7DAE5C6E052061FE3C113E0462A
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):286
      Entropy (8bit):5.287831426689869
      Encrypted:false
      SSDEEP:
      MD5:B7D3775CEBD3243A01C80B7C72E31113
      SHA1:622F6A41DF22128E9A975CE40FAC445C6B95D15A
      SHA-256:A705897A7AFBA8D542198C7112AD28A25AF06452438DDF0CE2945E2AA743FB24
      SHA-512:86896557473C88ED9618FA83E6515A223E2B8301FF231EA319096825B66E55AD9714148AE7D276F688C4F38A2DB70F4067E216C1BB4C30186A1FE4B527D977B6
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):782
      Entropy (8bit):5.368980292751752
      Encrypted:false
      SSDEEP:
      MD5:E99F6AFA57A0C31B1554FE11E8DF6891
      SHA1:76434319B61328FB22118C7123410845E1010BC5
      SHA-256:4C18D00AAE9E845B17AC2C33A9D890A74CD32D1011C10FFB7312705ECAF6BE37
      SHA-512:53095B35229B8E7E0A172E492760994C917C3AB0FA4DA4CC1FF504DA08BF955A31631CCD4FC56EE1B40EC206352BB75D6C917B51E714D04888C3369188AB9895
      Malicious:false
      Reputation:unknown
      Preview:{"analyticsData":{"responseGUID":"8a6c97cd-fd02-498d-bb16-52de79a5d9c3","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732747619259,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1732574234289}}}}

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):4
      Entropy (8bit):0.8112781244591328
      Encrypted:false
      SSDEEP:
      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
      Malicious:false
      Reputation:unknown
      Preview:....

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:JSON data
      Category:dropped
      Size (bytes):2817
      Entropy (8bit):5.140429479135483
      Encrypted:false
      SSDEEP:
      MD5:0575C5C0F1E638858EB551C54C4DD9DB
      SHA1:365ABA82205A0EA36D93717254D5F17038E64D83
      SHA-256:5AD22C1ACBA95264F69E462AF4B7C4DF8A093702E168BD86338A0AA6B39E3FA2
      SHA-512:CD6407BC7F609BB7AC2CD10A820754559F042966DB4D65ECAB7257F485B1DC70AE63EF7DC34BDA27D9D8A8D9273DB83DE2588DE0743D363CBB1110FC5B205440
      Malicious:false
      Reputation:unknown
      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"f3944f52877a3594c8dfd7f9a2485b0a","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732574234000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"276fe023b757c7d1dd6d679fab8d560d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732574234000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"98903ae39e8227c3ab72619b8c2c892b","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732574234000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"039f716b7b66a363010b55857bad56c7","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732574234000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"b932fe447af2cc6850f82e85f03fa8db","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732574234000},{"id":"Edit_InApp_Aug2020","info":{"dg":"4cbf38d50e1da162f956d65572f0f019","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
      Category:dropped
      Size (bytes):12288
      Entropy (8bit):0.9870545235806011
      Encrypted:false
      SSDEEP:
      MD5:55F18FB515F07241F5E0D83BD337715F
      SHA1:C02587D45F2FEC5C169CF9389C5C4AC896667378
      SHA-256:A1EBA97BCF40FB0FE58F41BCB16BAFF47077FAAF1AE4E61DFFFB4A30FDCD7668
      SHA-512:B373F54F1BDB6BB9C17ABD0958042F12ACA5E2442D613F673DABEA2A89DC113583824C5317E748E86A315863BD9DC5B697DB08B01B06F3D787A5395140AF9C57
      Malicious:false
      Reputation:unknown
      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:SQLite Rollback Journal
      Category:dropped
      Size (bytes):8720
      Entropy (8bit):1.3421696828896739
      Encrypted:false
      SSDEEP:
      MD5:49A98B8385BEB9BAF3F3F90AF89FF1AB
      SHA1:BA958F049BB4B3824D47CDB265C4908C4B64FD84
      SHA-256:BA0C811E88FA2A1FF135580270BC840D8723BC05F700C022CB4769B0E3B99A1B
      SHA-512:08C29B3DFDE59250E67FCDA6B4039CAF1A7D5D6AD1B39B0F582A532DC314D8AD95DA41B5C822271114BB365ED055BE0656967450D7E86FBB4E8CCB885A370134
      Malicious:false
      Reputation:unknown
      Preview:.... .c......D.{......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:data
      Category:dropped
      Size (bytes):66726
      Entropy (8bit):5.392739213842091
      Encrypted:false
      SSDEEP:
      MD5:237C743AFB5351993E13F5DC4F365830
      SHA1:88EE18DFA6869C720E7B01EC689211D73FBF1ED3
      SHA-256:DFC69A58C8501A004628432B4D8EF0854A0DB6D89F903C379CCFEB45DF4140F4
      SHA-512:CD2B34305025E505A07F6060A491EEA078631B332B6F63C99ED6BB607D60F805049EF459725435C335A3624FDF6F416B4AAD4C446436E1935A95CC5AF08FA0AE
      Malicious:false
      Reputation:unknown
      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

      C:\Users\user\AppData\Local\Temp\MSIe4791.LOG

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
      Category:dropped
      Size (bytes):246
      Entropy (8bit):3.5020010357239357
      Encrypted:false
      SSDEEP:
      MD5:0C0AD3B2F25AE872B5DE52013817828B
      SHA1:C3C5AD5E4B8AED4A40F03A6DCC2A98E7F9A1862A
      SHA-256:B547080FA0945381E152860DB577E95C8B0187838EB2936EE71169CF1E32A464
      SHA-512:0B3CAF78CA81EE9E6857CB425685AF8CD7787359E50A61DCACF66C05EF6B3CD47DC736DA2EABBFDBDFB972E749B48A7277AF7A5825EA3FEB68403E38B01A205F
      Malicious:false
      Reputation:unknown
      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.1.1./.2.0.2.4. . .1.7.:.3.7.:.1.2. .=.=.=.....

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-25 17-37-07-223.log

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with very long lines (393)
      Category:dropped
      Size (bytes):16525
      Entropy (8bit):5.353642815103214
      Encrypted:false
      SSDEEP:
      MD5:91F06491552FC977E9E8AF47786EE7C1
      SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
      SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
      SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
      Malicious:false
      Reputation:unknown
      Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
      File Type:ASCII text, with CRLF line terminators
      Category:dropped
      Size (bytes):29752
      Entropy (8bit):5.423420884112984
      Encrypted:false
      SSDEEP:
      MD5:B553AFCF67067857268EE37003FF127E
      SHA1:5AEBD2FAFB1FB009FA10286FA72734AE2B1ABDCF
      SHA-256:86652054F8261059B92DA61598BB03C5A9A77218AFEDB0C6B71541FA5E8BB366
      SHA-512:63F628EB8F20208AFBE05926945C912165FF78A769A57013EAD82752B3D6D935B02540F75DCEED2EBA1ACA076207D360FF550DCE680E4DA948CA63B734CA849D
      Malicious:false
      Reputation:unknown
      Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

      C:\Users\user\AppData\Local\Temp\acrocef_low\41ed017e-9d61-4567-9b33-1bfbbbb2cdc9.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
      Category:dropped
      Size (bytes):1419751
      Entropy (8bit):7.976496077007677
      Encrypted:false
      SSDEEP:
      MD5:E8C0E02FD4DCB83BF3EC95A987292D88
      SHA1:B2FC5004CA22C6EE65B66AD6AF29F7EDC745A3B4
      SHA-256:C665BF4A480724AE9C6ECB6450C3AC538DF2102B7988E25675516772687222B5
      SHA-512:C103FE7A6FAE4B175395AA57E2052CA5125CFD05539C92F363E72C638776430154C369E34979FE84227930D5876BA50F1A538E9D05E4B38A58ECE75F8AFCFCC8
      Malicious:false
      Reputation:unknown
      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

      C:\Users\user\AppData\Local\Temp\acrocef_low\75074d42-d18d-440b-8062-0774249e7c4c.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
      Category:dropped
      Size (bytes):1407294
      Entropy (8bit):7.97605879016224
      Encrypted:false
      SSDEEP:
      MD5:1D64D25345DD73F100517644279994E6
      SHA1:DE807F82098D469302955DCBE1A963CD6E887737
      SHA-256:0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
      SHA-512:C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
      Malicious:false
      Reputation:unknown
      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

      C:\Users\user\AppData\Local\Temp\acrocef_low\cd75b178-deef-4692-b58f-4cd38e9acb90.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
      Category:dropped
      Size (bytes):758601
      Entropy (8bit):7.98639316555857
      Encrypted:false
      SSDEEP:
      MD5:3A49135134665364308390AC398006F1
      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
      Malicious:false
      Reputation:unknown
      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

      C:\Users\user\AppData\Local\Temp\acrocef_low\e054e2db-07bf-4c63-8360-0c9c9d6b65c0.tmp

      Download File
      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
      Category:dropped
      Size (bytes):386528
      Entropy (8bit):7.9736851559892425
      Encrypted:false
      SSDEEP:
      MD5:5C48B0AD2FEF800949466AE872E1F1E2
      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
      Malicious:false
      Reputation:unknown
      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

      Static File Info

      General

      File type:PDF document, version 1.4, 1 pages
      Entropy (8bit):7.817770081289311
      TrID:
      • Adobe Portable Document Format (5005/1) 100.00%
      File name:CP_364539955_120008407885_20241125214538.pdf
      File size:74'236 bytes
      MD5:b92f373d0afcb9fd6202764e66d0797f
      SHA1:38660ac0303e150a4ca045d302cd744a6c2d4441
      SHA256:2536a428d0328bba24034e33d42f78ed104ef73bd500d7e8d26d5e7b69167661
      SHA512:e08c1886860f4f8a168f99f754adb1a993333a36c920050714c814505ae88af0355b86612094225b07d8b336607451ab28d6580bad6249e47ba918a3e2491d39
      SSDEEP:1536:jG0UoVmksR0lImhpHHRInO/BG4sdBEiroKBpNR6QJHp2+U7X11:jG0UoVmksR0lDjHHRIO/BGpEirPBXRDk
      TLSH:5F73AF77A53999DE8B4F91A2433778CAA71FB16271A431BB021C5A2B4483C5EABD3C11
      File Content Preview:%PDF-1.4.%.....1 0 obj.<<./Type /Catalog./Version /1.4./Pages 2 0 R.>>.endobj.2 0 obj.<<./Type /Pages./Kids [3 0 R]./Count 1.>>.endobj.3 0 obj.<<./Type /Page./MediaBox [0.0 0.0 612.0 792.0]./Parent 2 0 R./Contents [4 0 R 5 0 R 6 0 R 7 0 R]./Resources 8 0

      File Icon

      Icon Hash:62cc8caeb29e8ae0

      Static PDF Info

      General

      Header:%PDF-1.4
      Total Entropy:7.817770
      Total Bytes:74236
      Stream Entropy:7.865069
      Stream Bytes:69574
      Entropy outside Streams:5.204410
      Bytes outside Streams:4662
      Number of EOF found:1
      Bytes after EOF:

      Keywords Statistics

      NameCount
      obj29
      endobj29
      stream15
      endstream15
      xref1
      trailer1
      startxref1
      /Page1
      /Encrypt0
      /ObjStm0
      /URI0
      /JS0
      /JavaScript0
      /AA0
      /OpenAction0
      /AcroForm0
      /JBIG2Decode0
      /RichMedia0
      /Launch0
      /EmbeddedFile0

      Image Streams

      IDDHASHMD5Preview
      900248592a2a30000e1b0f9cedafaa0e27f043c76bcd839c9
      100100030b0b030003d19d6c3c55a0d9982ed483d6560622eb
      13800080c0c0808080ede73e8f15af04b259c88bc805b3bcc2