Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Capital Call Due January 17, 2025 __protected.pdf

Overview

General Information

Sample name:Capital Call Due January 17, 2025 __protected.pdf
Analysis ID:1592168
MD5:3225a01d7e3bfa378f5152b7ac6c61ad
SHA1:bac7fc63814050b3fc2bb07b079781be5fe6a9be
SHA256:0eeabd6ea92cf167435d5ccff80a1af5998d1a3efb4e24ab3c38bc7bd51c3a09
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

PDF is encrypted
Potential document exploit detected (performs DNS queries)

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6752 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Capital Call Due January 17, 2025 __protected.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 320 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7372 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1572,i,4916979839153901596,16177498518410695744,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean1.winPDF@14/47@1/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.3500Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-15 15-12-18-626.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Capital Call Due January 17, 2025 __protected.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1572,i,4916979839153901596,16177498518410695744,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1572,i,4916979839153901596,16177498518410695744,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Capital Call Due January 17, 2025 __protected.pdfInitial sample: PDF keyword /JS count = 0
Source: Capital Call Due January 17, 2025 __protected.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Capital Call Due January 17, 2025 __protected.pdfInitial sample: PDF keyword /Encrypt count = 1
Source: Capital Call Due January 17, 2025 __protected.pdfInitial sample: PDF keyword stream count = 54
Source: Capital Call Due January 17, 2025 __protected.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Capital Call Due January 17, 2025 __protected.pdfInitial sample: PDF keyword obj count = 59
Source: Capital Call Due January 17, 2025 __protected.pdfInitial sample: PDF keyword /Encrypt
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1592168 Sample: Capital Call Due January 17... Startdate: 15/01/2025 Architecture: WINDOWS Score: 1 13 x1.i.lencr.org 2->13 15 bg.microsoft.map.fastly.net 2->15 7 Acrobat.exe 65 2->7         started        process3 process4 9 AcroCEF.exe 107 7->9         started        process5 11 AcroCEF.exe 2 9->11         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    x1.i.lencr.org
    		unknown
    		unknownfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.2.drfalse
        		high

        World Map of Contacted IPs

        No contacted IP infos

        General Information

        Joe Sandbox version:42.0.0 Malachite
        Analysis ID:1592168
        Start date and time:2025-01-15 21:11:26 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 4m 0s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowspdfcookbook.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:9
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Analysis stop reason:Timeout
        Sample name:Capital Call Due January 17, 2025 __protected.pdf
        Detection:CLEAN
        Classification:clean1.winPDF@14/47@1/0
        Cookbook Comments:
        • Found application associated with file extension: .pdf
        • Found PDF document
        • Close Viewer

        Warnings

        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
        • Excluded IPs from analysis (whitelisted): 23.52.88.221, 54.224.241.105, 34.237.241.83, 50.16.47.176, 18.213.11.84, 162.159.61.3, 172.64.41.3, 23.209.209.135, 199.232.214.172, 2.19.11.117, 2.19.11.108, 23.219.128.174, 23.56.162.204, 20.12.23.50, 13.107.253.45
        • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net

        Simulations

        Behavior and APIs

        TimeTypeDescription
        15:12:29API Interceptor2x Sleep call for process: AcroCEF.exe modified

        Joe Sandbox View / Context

        IPs

        No context

        Domains

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        bg.microsoft.map.fastly.netg6lWBM64S4.msiGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        1647911459241874440.jsGet hashmaliciousStrela DownloaderBrowse
        • 199.232.210.172
        0430tely.pdfGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        Order.xlsGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        Order.xlsGet hashmaliciousUnknownBrowse
        • 199.232.210.172
        hNgIvHRuTU.dllGet hashmaliciousWannacryBrowse
        • 199.232.214.172
        ACH REMITTANCE DOCUMENT 15.01.25.xlsbGet hashmaliciousUnknownBrowse
        • 199.232.214.172
        Personliche Nachricht fur e4060738.pdfGet hashmaliciousUnknownBrowse
        • 199.232.214.172
        https://drive.google.com/file/d/1dNrtjTqb59ZQTE3gUuVhSjEbFXuJRXW7/view?usp=sharing&ts=6786e61fGet hashmaliciousUnknownBrowse
        • 199.232.214.172
        Sample1.exeGet hashmaliciousUnknownBrowse
        • 199.232.214.172

        ASNs

        No context

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.166089661864693
        Encrypted:false
        SSDEEP:6:iOiUPU8M+q2P92nKuAl9OmbnIFUtwUPUT6Zmw+UPUTlMVkwO92nKuAl9OmbjLJ:73y+v4HAahFUthW6/rWWV5LHAaSJ
        MD5:587BF60080FEA3D1E49578FA4A0F59F2
        SHA1:8C9119D066210EBEC2FCFE6B5A20E0735A55AFDC
        SHA-256:0D1CFC392324EF853107C563B916DA2421E5239E0BEF9856D294F9CC0A78AECF
        SHA-512:40FB28C721564BEB9C04C4A47AE6EE869E3E22909A1E4048B1BABC5976F878F43C6E798B41FE32396659F2AA0D246264D592E93A5ECE4DDC8EFD44C07E059188
        Malicious:false
        Reputation:low
        Preview:2025/01/15-15:12:18.783 1cac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/15-15:12:18.786 1cac Recovering log #3.2025/01/15-15:12:18.786 1cac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.166089661864693
        Encrypted:false
        SSDEEP:6:iOiUPU8M+q2P92nKuAl9OmbnIFUtwUPUT6Zmw+UPUTlMVkwO92nKuAl9OmbjLJ:73y+v4HAahFUthW6/rWWV5LHAaSJ
        MD5:587BF60080FEA3D1E49578FA4A0F59F2
        SHA1:8C9119D066210EBEC2FCFE6B5A20E0735A55AFDC
        SHA-256:0D1CFC392324EF853107C563B916DA2421E5239E0BEF9856D294F9CC0A78AECF
        SHA-512:40FB28C721564BEB9C04C4A47AE6EE869E3E22909A1E4048B1BABC5976F878F43C6E798B41FE32396659F2AA0D246264D592E93A5ECE4DDC8EFD44C07E059188
        Malicious:false
        Reputation:low
        Preview:2025/01/15-15:12:18.783 1cac Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/15-15:12:18.786 1cac Recovering log #3.2025/01/15-15:12:18.786 1cac Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):338
        Entropy (8bit):5.172030019480347
        Encrypted:false
        SSDEEP:6:iOiUPUePq2P92nKuAl9Ombzo2jMGIFUtwUPUeSuZmw+UPUeSCkwO92nKuAl9OmbX:73hv4HAa8uFUthT/rJ5LHAa8RJ
        MD5:38740C7373EA09997B5BF9AEB82D4685
        SHA1:F2EF359C00EE8AB407D1AD4B13CA5808FB9531A5
        SHA-256:BF1916AEF320AAA473E390C63EAE7FFBE9E439F3702B42D89F0FB7C02A04509A
        SHA-512:13CF97C5A28E34A50DCCBFE93AFB9D252899C5F45EAB649B701C797B40FB2A544A406CC35C6FFE1BE9F6DC97B134571353D10AF247DD03AB465A643B710D3A35
        Malicious:false
        Reputation:low
        Preview:2025/01/15-15:12:18.876 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/15-15:12:18.877 1ce4 Recovering log #3.2025/01/15-15:12:18.877 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):338
        Entropy (8bit):5.172030019480347
        Encrypted:false
        SSDEEP:6:iOiUPUePq2P92nKuAl9Ombzo2jMGIFUtwUPUeSuZmw+UPUeSCkwO92nKuAl9OmbX:73hv4HAa8uFUthT/rJ5LHAa8RJ
        MD5:38740C7373EA09997B5BF9AEB82D4685
        SHA1:F2EF359C00EE8AB407D1AD4B13CA5808FB9531A5
        SHA-256:BF1916AEF320AAA473E390C63EAE7FFBE9E439F3702B42D89F0FB7C02A04509A
        SHA-512:13CF97C5A28E34A50DCCBFE93AFB9D252899C5F45EAB649B701C797B40FB2A544A406CC35C6FFE1BE9F6DC97B134571353D10AF247DD03AB465A643B710D3A35
        Malicious:false
        Reputation:low
        Preview:2025/01/15-15:12:18.876 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/15-15:12:18.877 1ce4 Recovering log #3.2025/01/15-15:12:18.877 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):508
        Entropy (8bit):5.05340443995346
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqk2sBdOg2H82caq3QYiubxnP7E4T3OF+:Y2sRdsDbdMHi3QYhbxP7nbI+
        MD5:684FB5C0FDEC4AF7CF7369AB8D930D7A
        SHA1:2EA739C062BF14DE5C4185022F8C291C1FF0BB1A
        SHA-256:25DA747FA95B6F217B56AD7A8F8B5251F596ED1743CAD3F1E1D5497250CFF870
        SHA-512:BF721255D1EFFF4D9555F84D89C4CB4F4192AC6E37F0148C39E7E9B5481AC921E2D7383E95BB2C261F06C064C1618EB32EBBF4EB655ACA7C2CD502CE5402AD79
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381531948987423","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":148606},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d8823ad1-35eb-44ac-b044-c609af35f30a.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):508
        Entropy (8bit):5.05340443995346
        Encrypted:false
        SSDEEP:12:YH/um3RA8sqk2sBdOg2H82caq3QYiubxnP7E4T3OF+:Y2sRdsDbdMHi3QYhbxP7nbI+
        MD5:684FB5C0FDEC4AF7CF7369AB8D930D7A
        SHA1:2EA739C062BF14DE5C4185022F8C291C1FF0BB1A
        SHA-256:25DA747FA95B6F217B56AD7A8F8B5251F596ED1743CAD3F1E1D5497250CFF870
        SHA-512:BF721255D1EFFF4D9555F84D89C4CB4F4192AC6E37F0148C39E7E9B5481AC921E2D7383E95BB2C261F06C064C1618EB32EBBF4EB655ACA7C2CD502CE5402AD79
        Malicious:false
        Reputation:low
        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381531948987423","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":148606},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):4509
        Entropy (8bit):5.238783286853349
        Encrypted:false
        SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUDYvAFb0Z:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNL7
        MD5:A99D505DE58F8979EA6DB50BFC077D56
        SHA1:584D92C4BB95C3C6C26EFE112A303B0E0408A58E
        SHA-256:C90AE0B6D39076AE1226BE5B12CD096B2BCD286BEA836A46BF738B2E290AFB48
        SHA-512:63433DED77B89656D3C00C79878F073E4443661F85BF00336E8D0085D167E2293FA79AB7352AAAF5F0AF750E2EE37B1F43A4E96026B041692B3D13DFF22071E8
        Malicious:false
        Reputation:low
        Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):326
        Entropy (8bit):5.139112779030724
        Encrypted:false
        SSDEEP:6:iOiUPURq2P92nKuAl9OmbzNMxIFUtwUPUMZmw+UPU5zkwO92nKuAl9OmbzNMFLJ:73iv4HAa8jFUthr/rIz5LHAa84J
        MD5:712BB6DBCB99E08305982D5D4267A89B
        SHA1:9B37EE9F784C4844EC0CF1F6D115ACE8A0925339
        SHA-256:4B1685626347C215A6778CFED2E2E4AB71DE206F67F91FDC1B811A4673D2B70B
        SHA-512:1847CBAF0FCA083BA84E1D800C7A6B321B5202916C35EC190BE9F144DEA66725781F0FAF5CBCDF32211453E611161C383DCB13EA7F41939833A0967938FF3964
        Malicious:false
        Preview:2025/01/15-15:12:18.950 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/15-15:12:18.950 1ce4 Recovering log #3.2025/01/15-15:12:18.951 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:ASCII text
        Category:dropped
        Size (bytes):326
        Entropy (8bit):5.139112779030724
        Encrypted:false
        SSDEEP:6:iOiUPURq2P92nKuAl9OmbzNMxIFUtwUPUMZmw+UPU5zkwO92nKuAl9OmbzNMFLJ:73iv4HAa8jFUthr/rIz5LHAa84J
        MD5:712BB6DBCB99E08305982D5D4267A89B
        SHA1:9B37EE9F784C4844EC0CF1F6D115ACE8A0925339
        SHA-256:4B1685626347C215A6778CFED2E2E4AB71DE206F67F91FDC1B811A4673D2B70B
        SHA-512:1847CBAF0FCA083BA84E1D800C7A6B321B5202916C35EC190BE9F144DEA66725781F0FAF5CBCDF32211453E611161C383DCB13EA7F41939833A0967938FF3964
        Malicious:false
        Preview:2025/01/15-15:12:18.950 1ce4 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/15-15:12:18.950 1ce4 Recovering log #3.2025/01/15-15:12:18.951 1ce4 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Certificate, Version=3
        Category:dropped
        Size (bytes):1391
        Entropy (8bit):7.705940075877404
        Encrypted:false
        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
        Malicious:false
        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
        Category:dropped
        Size (bytes):71954
        Entropy (8bit):7.996617769952133
        Encrypted:true
        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
        Malicious:false
        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:dropped
        Size (bytes):192
        Entropy (8bit):2.7425532007658724
        Encrypted:false
        SSDEEP:3:kkFkl/soj+kfllXlE/HT8ks2tNNX8RolJuRdxLlGB9lQRYwpDdt:kKVomT80NMa8RdWBwRd
        MD5:B323FAE6564694FFFB15B7EAF74F79C7
        SHA1:5E8DD5EFA1D928B6C75A278247C80AFD2777DE8F
        SHA-256:634B29B426CC844890DC0A652604F1A35CDB5BBC62743241654AF43306BE3D82
        SHA-512:F028284415141018A18CA86A4C27309DE4343A8945CB18875F7160391A84C3830749E5F124892E68D19C79A70C2E75BB383389E9FCC0E5798CAC874709F96155
        Malicious:false
        Preview:p...... ..........r.g..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:data
        Category:modified
        Size (bytes):328
        Entropy (8bit):3.238488823573474
        Encrypted:false
        SSDEEP:6:kKHd9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:PEDImsLNkPlE99SNxAhUe/3
        MD5:CF130A7FDF94E5F6E87C70CDD8063388
        SHA1:C41B08042F17DA92B8FF591FFF4913B4834FFAFB
        SHA-256:959912622194E4240F260FA47413D97BD5A88B5FE2C29FFC989BFDCA853F025A
        SHA-512:EB783938470D20A3E3D8BD24148DF10F7404F06EBA7457FDA3656FBE00C3F09A26A99F3D790A0180B5D425CE711996770E0D44324AB00F3549C3C18E1B5E1F85
        Malicious:false
        Preview:p...... .........t..g..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):1233
        Entropy (8bit):5.233980037532449
        Encrypted:false
        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
        MD5:8BA9D8BEBA42C23A5DB405994B54903F
        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.3500

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):1233
        Entropy (8bit):5.233980037532449
        Encrypted:false
        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
        MD5:8BA9D8BEBA42C23A5DB405994B54903F
        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):1233
        Entropy (8bit):5.233980037532449
        Encrypted:false
        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
        MD5:8BA9D8BEBA42C23A5DB405994B54903F
        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):10880
        Entropy (8bit):5.214360287289079
        Encrypted:false
        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
        MD5:B60EE534029885BD6DECA42D1263BDC0
        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.3500

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:PostScript document text
        Category:dropped
        Size (bytes):10880
        Entropy (8bit):5.214360287289079
        Encrypted:false
        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
        MD5:B60EE534029885BD6DECA42D1263BDC0
        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
        Malicious:false
        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.367042209603817
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJM3g98kUwPeUkwRe9:YvXKXxLjSDUYpW7+SVGMbLUkee9
        MD5:87A9AB01471C22C25A43E051108CF46A
        SHA1:9DE52889F04827DE8CCAB66DA47E60F0BA830949
        SHA-256:4252D050690F8B08382ADC0DB6F5ED3C9056C02C40BD4AF5FD22688ACCADD41E
        SHA-512:2B5760E88083B1ECBE53F30DD910BB17803DBE7A98797DD50F8D8BD7FDCF3B67AE9641073E019B9341D6C9715FED251DE1D3EA40AB3F833541BF4601EA6038E1
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.30321907011289
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJfBoTfXpnrPeUkwRe9:YvXKXxLjSDUYpW7+SVGWTfXcUkee9
        MD5:39A32047CFA897278BF49B8DA6B4A994
        SHA1:80E8B5B2FBC8F54965DE77E309A9F44A029C7C67
        SHA-256:C2B0A1E068A066F83271895672B67BC03EF3B662B28F3A4EF62E4EF1472EC5EC
        SHA-512:B4DE3925A6C7C4920A5835907FB97B054DC6D108D4B7870FB617ECA5216CAFC8552FD0CAF61BB12732604A6F2CF5A0FF6CC5546000CCE33FA85C60DB01ADE538
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):294
        Entropy (8bit):5.28248686402756
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJfBD2G6UpnrPeUkwRe9:YvXKXxLjSDUYpW7+SVGR22cUkee9
        MD5:9224142F4504F9D639D7FA11AE6507B0
        SHA1:DA89274601ECB91AC6DFFEDECEEF0712DA3EC558
        SHA-256:75F1275874BAE474CDE91429B79E057F08AA79ECF312345623ED287B66B9FC91
        SHA-512:CB3293C807273553BB5636452BE8C5074162C66279DA2848B539AA7A5C895320267E9726C98ADB272DEE20DF659DE8665A70B95DDC65255BFDE36BBD7F86F059
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):285
        Entropy (8bit):5.346064168776582
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJfPmwrPeUkwRe9:YvXKXxLjSDUYpW7+SVGH56Ukee9
        MD5:65A386C9ED9D4C710AD2A73AD1CBA9C4
        SHA1:23326F1349918DE864269EEB7CDD45BF2A086F0B
        SHA-256:B4C26D954EDB0834B2C923B624C6BC4A87955E12F20ADBFF22A2EAB96421B652
        SHA-512:ED34A83D0DAE268FDC2FFAF909C9894FA04DB776565D1649FF03BF3542A2E8B5AFF345D42CF08EEC82ACDCEE3C8F38892D8759C8603811588E5DB73E717A48C7
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1123
        Entropy (8bit):5.694967549810056
        Encrypted:false
        SSDEEP:24:Yv6XxXgFi+S6pLgE9cQx8LennAvzBvkn0RCmK8czOCCSUQ:Yv4PYhgy6SAFv5Ah8cv/9
        MD5:909F07AF0CEFB7A939B09FA0A08AAEE2
        SHA1:173A8A9E8F3D237DAB2F95F6835E5ED30A60460E
        SHA-256:F0AC07F253E5C12E3362911D2A3EF28CCD24E701AC90C982AB995202C24C674C
        SHA-512:8136626D007475F1366A5747F6E62221C7742460B3283B0CE59515BCF88D503152322101C08A78B213A033B42F14227DD9F2E55A1F3338F85CBE8355B7EFEB84
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.292155916472479
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJf8dPeUkwRe9:YvXKXxLjSDUYpW7+SVGU8Ukee9
        MD5:14F677116A142C76CF87428ED7A5229D
        SHA1:615F2A73DCA8DB5DBA8AA7E75B525C0D63F4A0DD
        SHA-256:20B29C98A73351017C971EBDE8E82910241E4B058660E26EDFFDBA9019A6857F
        SHA-512:A1A9E2F88ACA0A4D3E2DAC338C4ADCF4EA94B9540FE273EAD6DF21ECAC5748060AF1F238FD66483532D97CEA5A88A018E54456D89257DB362136221F003F425D
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):292
        Entropy (8bit):5.292296654828371
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJfQ1rPeUkwRe9:YvXKXxLjSDUYpW7+SVGY16Ukee9
        MD5:B1DE7F1B5B913D0E2EEDEAE3ECC60CA2
        SHA1:623960D90022A28990FC8B6E464A4A62D87943C8
        SHA-256:2261B2BCEB5966216CC3FEAA13AF79EFCEAF5B15EF38DD2E7BA2A837C28F354D
        SHA-512:70DD5AFF4FC6940966B26D25381463E27C3CEA3886E0244F888002D1FEDA7A7CCC8E881F7006A54328994C244E081B010554BE500C736D45BE18F3C8491BF64C
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.3131781076160935
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJfFldPeUkwRe9:YvXKXxLjSDUYpW7+SVGz8Ukee9
        MD5:FE64B7536139833F97DE0CBBDC8AFCA9
        SHA1:E2CBE9BB1F9D85DAA50ACF14897FB6440A25DD78
        SHA-256:85CB1DE1545AC1FECBC8199DC9A736E67E5E35C31126C86E6B6B9AD48AE6D2C5
        SHA-512:D4B9120789FF4FC1B75C4A534904819199161AD85064A8E7F45F2B81286C64CCD7B305D6F13FC56F35C34F4E12A715203D77BE514030E75D5CF09AA2BA2B81DD
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):295
        Entropy (8bit):5.3193138872589145
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJfzdPeUkwRe9:YvXKXxLjSDUYpW7+SVGb8Ukee9
        MD5:BC65951C2086D18A0E5E9CC1B476D1CD
        SHA1:22D30B6F46DF2C5140B11DD37A9237553CCAD8BA
        SHA-256:88E58A94A18A8D237F6B7355CFC6B606E8DB86D28BC6326393EA725DF56B5ABC
        SHA-512:E5EB68B3954906E4EBDDB9837394E7A47257D5F28EAB0B1A384226362E1B967CF7870E9B44D913A235A78D9EB83A185D6586CBD38A79DAC4AE7F5AF1DFC04D87
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):289
        Entropy (8bit):5.299350574458928
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJfYdPeUkwRe9:YvXKXxLjSDUYpW7+SVGg8Ukee9
        MD5:8CDF3BE868070211F6E6F0901C6E114A
        SHA1:46ADF22420E87002BFD380A7010EA4B95D6A5F2F
        SHA-256:F5C31D67471D693CFA3B5826D2B65CAC5F56D9A790CDD428203CA957A56523E2
        SHA-512:AC6D5A04436BE4FDAF204C61BEADB61FE6E053394DB7BF668588ED579D4F22B9059ADC328934F952C2E135F37E47AD810422EE1F5C5FBC52EB025077DEB5BED2
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):284
        Entropy (8bit):5.285970867354004
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJf+dPeUkwRe9:YvXKXxLjSDUYpW7+SVG28Ukee9
        MD5:64787C845914EDEBC55326453F12A8C0
        SHA1:9376247BF1CE2A2AB567BFE524FFF40A8F38DB0B
        SHA-256:E3782B406BD2582BFF0893F9B1681651FDA829EA5EF5F01504766E7CA5B9C9F3
        SHA-512:4AD12ACF2F73BC09F0B1CA65CCBC8F54D44AB7234A2CF9B909E8D85CC5D8678457AC49D4FC628D7E98C3CDDB120B1426778CC0C4FB95C6D6D752AB7CC1DD4423
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):291
        Entropy (8bit):5.282902135538572
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJfbPtdPeUkwRe9:YvXKXxLjSDUYpW7+SVGDV8Ukee9
        MD5:5ADFFC034F9767E483B70BDEA63D1CE2
        SHA1:C7D2703BB7C170F80CF3D939AED97B2108A31155
        SHA-256:500DD43D5AA0CA2D44D6AB6EFA7D2F6C4173EAB1BF83C870F34BE2D2C0D2A61A
        SHA-512:5A786946B0756773BEDAE017B1E5691D90341F2DA6EDE71434AFD2E1C07C9E04BD8F8BF5A8EB0140FC181DBA44579F3CE942DAE8DD53CE43504734590AD70E7D
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):287
        Entropy (8bit):5.283916615712258
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJf21rPeUkwRe9:YvXKXxLjSDUYpW7+SVG+16Ukee9
        MD5:16E2D588FF5A9DE8E72CFA3F3871B6CA
        SHA1:ED9A747B93D70798AF795C2BA96F26C2F227BFCD
        SHA-256:C8904C9886D6A1DD1D34B08D17F8674BC2A4F6D72E653FB04AEA6420F35DB3ED
        SHA-512:F452A96F7890D0CD1C8E5D9D7406CDD42E03DCB0179BFEE1C4107E8D14E587E2EF946E7574985977534A74A6F85DC8B83607E342AE817CF14D16AB4024895DF0
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):1090
        Entropy (8bit):5.66880965684213
        Encrypted:false
        SSDEEP:24:Yv6XxXgFi+SmamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSUQ:Yv4PKBgkDMUJUAh8cvM9
        MD5:E82B0A84441D7F52125E8386597AFE30
        SHA1:B2BB54356551CBBB9EFCEACE9E2695E79E438CC3
        SHA-256:62F0AE444AE5A27C43AB2528D3A9F0B91E5F82676D3EC87CC5E40445933AA9B6
        SHA-512:D23650975665C0A1134A7A2E1B5E71108360F5F336AA63989D65F72FE4CC56C46E251C4F2755E848C33BBD96BEA659BFDB382F626EB45C3EB47107830121F81A
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):286
        Entropy (8bit):5.260475399965851
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJfshHHrPeUkwRe9:YvXKXxLjSDUYpW7+SVGUUUkee9
        MD5:CB22657B6F2E50E391BCCD6158FC9A02
        SHA1:C1A09B628E3D11EAC432D67AC200C051C72D020A
        SHA-256:F9D9563AF466068D0BD86CA907968D0236794ABD2EDC04D9948423CBFF1E6C45
        SHA-512:09C95532177C597F871BE6D6297B77156143F4625EE2292A806BC6EFCFC94F7237933754D89B96B38B9AFBE95E8E8D2B093A945408BA095B2AB1E9E01E61F9DE
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):282
        Entropy (8bit):5.276158639204894
        Encrypted:false
        SSDEEP:6:YEQXJ2HXxX7jSdYOx+FIbRI6XVW7+0YtSRvsoAvJTqgFCrPeUkwRe9:YvXKXxLjSDUYpW7+SVGTq16Ukee9
        MD5:58DEF65850812F0DEDAB3A9FA06C0A2D
        SHA1:A2E83237CC2BEF6BDD561FE188E3EAFBCA3188BE
        SHA-256:829833AA31DFC43E9D81F331A60FFDAC36554F080E319DB8386D312FF33E8626
        SHA-512:41E98C15116C4BD99A9ED522878354B3A897D89E10377FC5CF97068259A36E05A12E77CE2C658CFD1CC5686418808AF3EBC2F90A7BBE184DCCF5DD6C0DFD2501
        Malicious:false
        Preview:{"analyticsData":{"responseGUID":"7637535f-f9be-43ef-9be7-20c583d768f6","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1737147475688,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):4
        Entropy (8bit):0.8112781244591328
        Encrypted:false
        SSDEEP:3:e:e
        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
        Malicious:false
        Preview:....

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:JSON data
        Category:dropped
        Size (bytes):2814
        Entropy (8bit):5.137461455470572
        Encrypted:false
        SSDEEP:24:YDaneayNeBqm95yHLRmfHLuTWTMjhtj0SodldA2efN2LSyC1bsm6gd20L5rZQd97:YIBdHyHLRS4hBR7Noyb36gd2M0d97
        MD5:D73D4A34482429FDB29CE28A22D9162A
        SHA1:E718FE5B17FEA17484C2F5F34779BF97F11782FB
        SHA-256:0D27FCB9D829605402B20F514F6AF58C97998A4624ACB49099AAA03C0C6147A2
        SHA-512:B7834EEF24866395AD145CEEA063F7AD57A2DB1C3BFB7D6415DA162D52F2E9F286BE2E0F372D19CA9A1EAA0183511EFE31AC9612DB6146E808624372377EE0E9
        Malicious:false
        Preview:{"all":[{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"aa4f95aa0b5de54334adf78bc370a217","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1736971944000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"4c19853550e948222c4cd9c1e3c73493","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1736971944000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"fa18f5685a177a3e20d05570bf584c15","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1736971944000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"678d7ae8d8c83bbab1e074d3c0492229","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1736971944000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"073f3bfdfb559025adcbd1b37ac5224a","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1736971944000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"9e454bbadb14eae1b11b8ae8f7261502","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
        Category:dropped
        Size (bytes):12288
        Entropy (8bit):0.9851623729533925
        Encrypted:false
        SSDEEP:24:TLHRx/XYKQvGJF7urs6I1RZKHs/Ds/Sp23R04zJwtNBwtNbRZ6bRZ4D3R0F:TVl2GL7ms6ggOVpkRfzutYtp6PiR4
        MD5:5571C46AFDF268E5AB7C57B11F99A7E1
        SHA1:CC264D301E8F6D271D0936BFBF51E16DFF9C028D
        SHA-256:16A44D8567B5B759076918D700F0C1693B7C79B857C64D23473909EF6A0DED1E
        SHA-512:62DE6917C9419E519C442C52805EADC92309B7DC5E395F8F1A6094D2630DA1B279D68F442F538A7A05019288A69275A8D5B2A1F1B8D2DAD8A8744A8AC2D8D091
        Malicious:false
        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:SQLite Rollback Journal
        Category:dropped
        Size (bytes):8720
        Entropy (8bit):1.3400400188769137
        Encrypted:false
        SSDEEP:24:7+tIAD1RZKHs/Ds/Sp23R0PzJwtNBwtNbRZ6bRZWf1RZKTPqLBx/XYKQvGJF7urU:7MIGgOVpkRozutYtp6PM+qll2GL7msp
        MD5:3813D742BAB92D4AB3C64080C1B3E7D1
        SHA1:2ACEDBA570D554AAE61350DE5C2D14D9C0C21148
        SHA-256:4C7395A9346D1B4A3F6D9129CE59E88C20DAABBC0889281B23F7307B1CD12CEB
        SHA-512:25E8D7DE88BD0EC2BFE9482C18D19EE552590536A37DA50412E3A43E0D0C4B33363988DCEE3F1C58F5F4B1B63F351E6BD32C781166D267084522ADD2C5B9B65B
        Malicious:false
        Preview:.... .c......=\"......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:data
        Category:dropped
        Size (bytes):66726
        Entropy (8bit):5.392739213842091
        Encrypted:false
        SSDEEP:768:RNOpblrU6TBH44ADKZEgAknNYJe+mWZScXJcrXnUTBjqg/B+lYyu:6a6TZ44ADEAkeJe+mWZSqarXomK
        MD5:ED8E7A9706DC3B6ED1A1BAAB0110EDEE
        SHA1:CEF49F823F6CE9A60773C4599EBE5802130F4A0D
        SHA-256:F8D808BC6A08C3FE917D3989B44CF32EAA951E3DEA3B2D629A4D6E8B61E5353E
        SHA-512:BFD0FD44711B5990F6FB6CDC30F5C552B123E0467FD538DFA7966DC7607B42DB94A3E2C80E39380E09ADD26CC732AE6CB444AC0AECC60BF92193467C1EF60B13
        Malicious:false
        Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

        C:\Users\user\AppData\Local\Temp\MSIb1dcc.LOG

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
        Category:dropped
        Size (bytes):246
        Entropy (8bit):3.493870954423123
        Encrypted:false
        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8+pClERzCH:Qw946cPbiOxDlbYnuRKZDRs
        MD5:843C5043B71DF186737B4E02BF1F1E86
        SHA1:07BC40B7D62840EA4A821860390A3F34C8BC2E0B
        SHA-256:38C543B76AD8CEB03B53FFCDA3C361FD954D95B6745D90B28962C279B17D6A42
        SHA-512:B046F9D1A5685526DAAA73F92CFAC479216A3FFAF4AB4B9EB200F86DF1A7BAD33F906A57DB6CB955CA119FBE89FD13993D9EB09CF814BCA0289A720FC359D536
        Malicious:false
        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.5./.0.1./.2.0.2.5. . .1.5.:.1.2.:.2.3. .=.=.=.....

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-15 15-12-18-626.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393)
        Category:dropped
        Size (bytes):16525
        Entropy (8bit):5.376360055978702
        Encrypted:false
        SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
        MD5:1336667A75083BF81E2632FABAA88B67
        SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
        SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
        SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
        Malicious:false
        Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with very long lines (393), with CRLF line terminators
        Category:dropped
        Size (bytes):15114
        Entropy (8bit):5.365820953281807
        Encrypted:false
        SSDEEP:384:2tZ8BFYywErT57lOtk3L1D0NFShCFvnOiNq0O2U3yYvuBcj8cHh1ecveDBj8+1lb:F9a
        MD5:D5BC096B0E086041FE0D0BD37A1752BA
        SHA1:BB36DFA31D5220648B487746434CAE6EA38D75FD
        SHA-256:7B82A3A22F6BFB7A4D5B264A6773EDA92528D16B4AC27DF802D5606E1EFB52DC
        SHA-512:9A181832EBE2498100484C0259C036CC2616BA4922FFF2DA748CF37F82BEBF0147A060AE50F11D32361E2B47C8928D30E79CF35CE364E3FEFD5F60FAFC04CDA8
        Malicious:false
        Preview:SessionID=c5e60dd6-94f3-4703-a856-4d554d8604c4.1736971938657 Timestamp=2025-01-15T15:12:18:657-0500 ThreadID=2924 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=c5e60dd6-94f3-4703-a856-4d554d8604c4.1736971938657 Timestamp=2025-01-15T15:12:18:658-0500 ThreadID=2924 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=c5e60dd6-94f3-4703-a856-4d554d8604c4.1736971938657 Timestamp=2025-01-15T15:12:18:658-0500 ThreadID=2924 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=c5e60dd6-94f3-4703-a856-4d554d8604c4.1736971938657 Timestamp=2025-01-15T15:12:18:658-0500 ThreadID=2924 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=c5e60dd6-94f3-4703-a856-4d554d8604c4.1736971938657 Timestamp=2025-01-15T15:12:18:658-0500 ThreadID=2924 Component=ngl-lib_NglAppLib Description="SetConf

        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        File Type:ASCII text, with CRLF line terminators
        Category:dropped
        Size (bytes):29752
        Entropy (8bit):5.398756174444754
        Encrypted:false
        SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGbS:KOU44glTuP
        MD5:BBAD005BBFAFDBFE03EF2677D3D2C45E
        SHA1:FE607A63B8795BABB2ACFB21FA29925159862CC2
        SHA-256:868DD356083EF4327AB295F6006C24A45613BABF2FD88835A45C3E595C2AE81B
        SHA-512:25106009FA4278187169A12845FD442D8E1060CD5C38EBFD760C24B18B77A4F1AAA37CB3635CB03EB5A981465192D15F72BD91030515D6E3F910DE30DE9427D6
        Malicious:false
        Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

        C:\Users\user\AppData\Local\Temp\acrocef_low\334c7b89-af61-44af-9126-f5f7e12632e9.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
        Category:dropped
        Size (bytes):758601
        Entropy (8bit):7.98639316555857
        Encrypted:false
        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
        MD5:3A49135134665364308390AC398006F1
        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
        Malicious:false
        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

        C:\Users\user\AppData\Local\Temp\acrocef_low\37841bcd-4515-4d4f-a7a6-df9caa6efb2f.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
        Category:dropped
        Size (bytes):1419751
        Entropy (8bit):7.976496077007677
        Encrypted:false
        SSDEEP:24576:/xTwYIGNPgeWL07oYGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JTwZG/WLxYGZN3mlind9i4ufFXpAXkru
        MD5:DAB0D55487947A8C00DEFEB1863E5D52
        SHA1:CA21AE7C3A6C3B75C5FEE6CC45E57F4F8E9AAD6A
        SHA-256:915AF8947C717264BA12E43919E2AED3846C3C312EE46DFEE18A7F40BE119623
        SHA-512:A6C1268A6C488495C2D07A90F498014192501A27D4A597C20644F5C95D3E4A7777D8E884F13DA9933B8D5C399499C98BDE94988467F79BF11B4391869ACFAF17
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        C:\Users\user\AppData\Local\Temp\acrocef_low\5d21a911-2080-4b92-8e7c-c531bd0c4b3d.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
        Category:dropped
        Size (bytes):386528
        Entropy (8bit):7.9736851559892425
        Encrypted:false
        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
        MD5:5C48B0AD2FEF800949466AE872E1F1E2
        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
        Malicious:false
        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

        C:\Users\user\AppData\Local\Temp\acrocef_low\9f95dd79-2d55-4010-8d27-757e497c17e2.tmp

        Download File
        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
        Category:dropped
        Size (bytes):1407294
        Entropy (8bit):7.97605879016224
        Encrypted:false
        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
        MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
        SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
        SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
        SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
        Malicious:false
        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

        Static File Info

        General

        File type:PDF document, version 1.7, 1 pages
        Entropy (8bit):7.99053920585337
        TrID:
        • Adobe Portable Document Format (5005/1) 100.00%
        File name:Capital Call Due January 17, 2025 __protected.pdf
        File size:192'577 bytes
        MD5:3225a01d7e3bfa378f5152b7ac6c61ad
        SHA1:bac7fc63814050b3fc2bb07b079781be5fe6a9be
        SHA256:0eeabd6ea92cf167435d5ccff80a1af5998d1a3efb4e24ab3c38bc7bd51c3a09
        SHA512:c7241d3851ce1096e32c22c8430e04530c31532aa80b1e71695dfa11ef9f26abbab160ea6259c7127b958fdffbeaf0680dc7109523ae25f0fe7877bf2356b17a
        SSDEEP:3072:rnfVpRRim133WOiaylDhrmOeT1yskyo4V16vBMtsuuOo6fMxPv+Lpb3bMGNro:rnfNRr1n1ilDVmOctzrTMGsur8vGtMGC
        TLSH:F2140220AF66C8A9C1058E40EC9C2AD59ED5C4E24D1DB1BB392D4F4B399DD50FEB05BC
        File Content Preview:%PDF-1.7.%.....1 0 obj.<<./Filter /Standard./V 2./Length 128./R 3./O <054AEF7BCF94A1D2BB66DF03C4367188F894FB200E21960DD132B962A941930E>./U <25AD379C1A0A16325CC2CF1AF2FBB83C28BF4E5E4E758A4164004E56FFFA0108>./P -4.>>.endobj.22 0 obj.<<./Filter /FlateDecode.

        File Icon

        Icon Hash:62cc8caeb29e8ae0

        Static PDF Info

        General

        Header:%PDF-1.7
        Total Entropy:7.990539
        Total Bytes:192577
        Stream Entropy:7.998985
        Stream Bytes:185557
        Entropy outside Streams:5.129437
        Bytes outside Streams:7020
        Number of EOF found:1
        Bytes after EOF:

        Keywords Statistics

        NameCount
        obj59
        endobj59
        stream54
        endstream54
        xref0
        trailer0
        startxref1
        /Page1
        /Encrypt1
        /ObjStm1
        /URI0
        /JS0
        /JavaScript0
        /AA0
        /OpenAction0
        /AcroForm0
        /JBIG2Decode0
        /RichMedia0
        /Launch0
        /EmbeddedFile0

        Network Behavior

        Network Port Distribution

        UDP Packets

        TimestampSource PortDest PortSource IPDest IP
        Jan 15, 2025 21:12:29.934412956 CET6126153192.168.2.51.1.1.1

        DNS Queries

        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
        Jan 15, 2025 21:12:29.934412956 CET192.168.2.51.1.1.10x129eStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

        DNS Answers

        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
        Jan 15, 2025 21:12:29.941510916 CET1.1.1.1192.168.2.50x129eNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
        Jan 15, 2025 21:12:30.660995960 CET1.1.1.1192.168.2.50x4410No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
        Jan 15, 2025 21:12:30.660995960 CET1.1.1.1192.168.2.50x4410No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        Behavior

        Click to jump to process

        System Behavior

        General

        Target ID:0
        Start time:15:12:15
        Start date:15/01/2025
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Capital Call Due January 17, 2025 __protected.pdf"
        Imagebase:0x7ff686a00000
        File size:5'641'176 bytes
        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        General

        Target ID:2
        Start time:15:12:18
        Start date:15/01/2025
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
        Imagebase:0x7ff6413e0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        General

        Target ID:4
        Start time:15:12:18
        Start date:15/01/2025
        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
        Wow64 process (32bit):false
        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1572,i,4916979839153901596,16177498518410695744,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
        Imagebase:0x7ff6413e0000
        File size:3'581'912 bytes
        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Reputation:high
        Has exited:true

        Disassembly

        No disassembly