Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RX890.pdf

Overview

General Information

Sample name:RX890.pdf
Analysis ID:1592381
MD5:34587d25868ad356afac608c6b7da5ab
SHA1:cb964622cdc1dc35c8cc0c1a8bb8b96f10d99929
SHA256:0018078242b1bf6fdf8147cdc0a7f099ca8e6d8fb4b735e370e3e39981808b54

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 4252 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\RX890.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6844 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2708 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1592 --field-trial-handle=1340,i,15006123155217655051,15495931205750220234,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.16:49712
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: classification engineClassification label: clean1.winPDF@15/41@3/64
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-15 20-34-49-564.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\RX890.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1592 --field-trial-handle=1340,i,15006123155217655051,15495931205750220234,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1592 --field-trial-handle=1340,i,15006123155217655051,15495931205750220234,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: RX890.pdfInitial sample: PDF keyword /JS count = 0
Source: RX890.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: RX890.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
RX890.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		high

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    23.209.209.135
    		unknownUnited States
    		23693TELKOMSEL-ASN-IDPTTelekomunikasiSelularIDfalse
    23.217.172.185
    		unknownUnited States
    		16625AKAMAI-ASUSfalse
    184.28.88.176
    		unknownUnited States
    		16625AKAMAI-ASUSfalse
    199.232.214.172
    		unknownUnited States
    		54113FASTLYUSfalse
    3.233.129.217
    		unknownUnited States
    		14618AMAZON-AESUSfalse
    172.64.41.3
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse

    General Information

    Joe Sandbox version:42.0.0 Malachite
    Analysis ID:1592381
    Start date and time:2025-01-16 02:34:17 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:15
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:RX890.pdf
    Detection:CLEAN
    Classification:clean1.winPDF@15/41@3/64
    Cookbook Comments:
    • Found application associated with file extension: .pdf

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 3.233.129.217, 52.22.41.97, 3.219.243.226, 52.6.155.20
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com
    • Not all processes where analyzed, report is missing behavior information

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):290
    Entropy (8bit):5.143559218352804
    Encrypted:false
    SSDEEP:
    MD5:4013391EBC4368EDC8295E48B91C67ED
    SHA1:4C09D6204CAC28A3B645A433F272AD875619BA51
    SHA-256:F37195CBE43492E433DD1CA446025655BB54A4D7A23FF031715404C40EE15EAB
    SHA-512:193C4D4595558881D89471FDAEA0CB1E2107CB2B298CA55134F9CB2395E8687F3681C146FC223C9E98D55B30267B2E50AA6B3004080E9034D41152BD1B72F256
    Malicious:false
    Reputation:unknown
    Preview:2025/01/15-20:34:48.030 1b30 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/01/15-20:34:48.032 1b30 Recovering log #3.2025/01/15-20:34:48.032 1b30 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):334
    Entropy (8bit):5.210753495211979
    Encrypted:false
    SSDEEP:
    MD5:DF9959CBE26B0C9087007F3EC821A558
    SHA1:6C035C9B1DBDDB1F8417418DA34BBB870F91410D
    SHA-256:69174A7B8131D4208A9C00CF9A12BBE20F41679FF794694AB5376A000A8F217A
    SHA-512:5B0F3FAB46BE0A84ACB95977D2A1FD3F8491D7477C080E947BF86DA57ABA04324B146C3FB3D309B84F4ED7F8DBA2C26178136E8C97E57F16A088AFADAFFDEE22
    Malicious:false
    Reputation:unknown
    Preview:2025/01/15-20:34:47.783 1b34 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/01/15-20:34:47.786 1b34 Recovering log #3.2025/01/15-20:34:47.787 1b34 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\25f7d7c2-3586-49be-8269-7be08be816c0.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.979081159982581
    Encrypted:false
    SSDEEP:
    MD5:78EFB82C8A8F7270E3AEC0A70D76C75D
    SHA1:BFB03254B25145E04D2DD09A8D7CD0AF7455678C
    SHA-256:C405C3B345EFBCFEABC789B29D8EFDCAD53A4DBA9E817AE1D196D80CB7855E70
    SHA-512:F0F8FBC88A79F4E533AD919DF5719D7DFA65572EEE1EF7414CD8054EAB38904ED45524310C02AC275A45E647F602A5CD4C71151423AF90A0DAA00EFB7ECD3010
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13381551300023454","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":131673},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF591aab.TMP (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\fcfaaf47-4d3f-406d-af66-50a7b22c4d9f.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):4099
    Entropy (8bit):5.227476061674616
    Encrypted:false
    SSDEEP:
    MD5:6D608B09030B13897E68EEFCF6F093FB
    SHA1:89F52CE15C4E0E69421DCDB1461A3EC3FF2444F1
    SHA-256:6EB35E3FBBB1F29AC18B05C3187FB9A415A16DBC06400096FF4912FBC7F14717
    SHA-512:E4CAD63DD8B2C96449BB21AEB7BCC4F3F4EB522F9D89F42F4A8C4BE7FFE4F01BA34D65EB850FB8B9A0DA4A7AD16F5755B59CB9D399B446A900244C559F3384B7
    Malicious:false
    Reputation:unknown
    Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):322
    Entropy (8bit):5.200958844876155
    Encrypted:false
    SSDEEP:
    MD5:BF347E6CA1F093AC497F3734895719EE
    SHA1:34B13271C22DDDC51294EF573B0C00C1D2649A9D
    SHA-256:74099FC6314A10700FD1670D63B06CDCD442201ED55C528137A5E5FD36C08303
    SHA-512:8CAAD01886302DE2080E6DF1A3C9A658A3C287C2A6D8A8DE9F7404D3D724BCF5E8BC6A7F02E6C79A663F839FE703B96204D9D6073EE803DE2047EBC744D5197A
    Malicious:false
    Reputation:unknown
    Preview:2025/01/15-20:34:48.085 1b34 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/01/15-20:34:48.087 1b34 Recovering log #3.2025/01/15-20:34:48.093 1b34 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250116013451Z-162.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
    Category:dropped
    Size (bytes):65110
    Entropy (8bit):1.092031643631149
    Encrypted:false
    SSDEEP:
    MD5:8AC94DAF4F5241A7A3F0099B3AE5BB24
    SHA1:0B7FE83B4835E711D73656F42533EF0AB053E534
    SHA-256:C09D2DA5E22855ACE01778141E85F30D41C652372E0F8CF2F656D0C524AB3E1A
    SHA-512:8C83D5347747C63C35462E55D6F1F1E97CB265D5DCC99F16AC8A5BEFE943D907E780ABB758894CD013851019CB47E98FF1FC9929940430786CF06430040C17DD
    Malicious:false
    Reputation:unknown
    Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
    Category:dropped
    Size (bytes):57344
    Entropy (8bit):3.291927920232006
    Encrypted:false
    SSDEEP:
    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):16928
    Entropy (8bit):1.2160291275063093
    Encrypted:false
    SSDEEP:
    MD5:E242E17C89E629F742DF4DE4CDE79E85
    SHA1:28E449DFDC95A11997137A2C37F0BB3D001A4DD5
    SHA-256:0F544C2CDDC57387B9D47F4AC12F1767F3340BF86A6CF1E571782F6613FE8912
    SHA-512:9891301D12170EC38F35D2F26A11E64024C9859BDE3483D8A0598128049C74178A7CAA7B823DFE3A1D658E914D4C4F31D02A00259E0B32A37D3E364213C7748B
    Malicious:false
    Reputation:unknown
    Preview:.... .c.....|...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1391
    Entropy (8bit):7.705940075877404
    Encrypted:false
    SSDEEP:
    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
    Malicious:false
    Reputation:unknown
    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
    Category:dropped
    Size (bytes):71954
    Entropy (8bit):7.996617769952133
    Encrypted:true
    SSDEEP:
    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
    Malicious:false
    Reputation:unknown
    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):192
    Entropy (8bit):2.746484906506307
    Encrypted:false
    SSDEEP:
    MD5:D989051B99CDEF0E7FBB75958E442833
    SHA1:BD7F094F8BEDF50B470A62CAB47939D6A10F0905
    SHA-256:2E4245B26C16816537B681D139191E04205254D4EEAC8D8C76F335B4C5E5F96D
    SHA-512:782CDDE9F0C105B85651ABCEB002386F7902BB840553A28324996F87E0B1995502C12378CD946635E1274513C12B1E066E1E448B95466AAD4C1EA97C6F0C48D7
    Malicious:false
    Reputation:unknown
    Preview:p...... ........#...g..(....................................................... ..........W....2...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:modified
    Size (bytes):328
    Entropy (8bit):3.2265530073076
    Encrypted:false
    SSDEEP:
    MD5:5CCB67E39D784C9DE726B1FC8FE9A68F
    SHA1:F5F461606C7B6B426101DF8C4F02550395B63072
    SHA-256:965A8AEC989173FA54FC05A75F9ADA5E089D2340DED7C8AC5570CF608976DD8F
    SHA-512:8CAB9FBC3E5AC15C6DB920281A9F5F10B4A55DA8CF2B1E7AB0D5114F9FB92BD8858DC6FFB66B98341A76529B2FD70EBA03FCF7B503CBDAA90271025934B09D0D
    Malicious:false
    Reputation:unknown
    Preview:p...... .........$Z..g..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.351848008170378
    Encrypted:false
    SSDEEP:
    MD5:5BC42300220AB51E892F3F512F69FE70
    SHA1:36C08F21FF5456389C873F3C3263D61B711AF1C8
    SHA-256:A4FF467E5E22F81B47C40F7155F67131C9A666B049D56E29BA3FC4D152E5C6DE
    SHA-512:4794EAF4D2DBC77D565E18248E585D055E56A3ACB1E1F49CAEFAEAD9E33F0E7724627DFD9A54C580413F4E64BA57B88AAD50B5F58DE157CC25985DA93F4F443E
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.3003139574151925
    Encrypted:false
    SSDEEP:
    MD5:651985C36741D41DFBA503E6BC0901DA
    SHA1:DD68FF91A34F30E8560F2B497367B7EAD7C25A95
    SHA-256:662D8E21EAF874FCC3653935A9D009304BFA36D6DBF026AC0BE7FF83AC0BDB4A
    SHA-512:7BBE08AC6FD67D8C13996FC9F66615576AA086D231BAF5B71A2ADC50356BFD0027F93FC6ECF6C6CE38AA4639247DFE6AE1257EDC357DEA0CBC2B9E51D32A4BB0
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.278075027787018
    Encrypted:false
    SSDEEP:
    MD5:8FF0CBBF23C568CA7FB35C8AC05D61B9
    SHA1:C4614CF89EA1F4E125F51E3D98B5441E360DDCCF
    SHA-256:20D6D8DF676C810DC10DC2C2A84CFCD6C209227D5FAFD816F187CA91BBC65F81
    SHA-512:C3DE7648DA07531C87B206A83C7DA74FA826EDFA693799DC9557ED6C5BD375A6AE4B05723B3090B19A51B876931FE6E4AF9005081F085FB5D6217F25E68DBE8C
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.339824148555345
    Encrypted:false
    SSDEEP:
    MD5:60929943AB746E787FF4E7E5B5EBB1C9
    SHA1:B24547A75EC301F8EBC21DC05285A78775BE2599
    SHA-256:87E6A2F8F56FEC7F9692A50D7C7B1F54D12A439089D1A8E5D3E6350AB2828F15
    SHA-512:42A1F7911244983129A400DE9B143EB6842F6A05B08D309B56861FFD2A4FBF77A9C8A0EC02C96C2D10BE71924CB29341529D3845709E447E5C98942A8B0AA5BD
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1123
    Entropy (8bit):5.686802214908671
    Encrypted:false
    SSDEEP:
    MD5:CFD6BD6615A5D185A8586308D103DE03
    SHA1:B59EDB1338B0C40722A168509393BAF2B07B5438
    SHA-256:A5F9D25229918E1B9440A7F816EAC64F7713151362177DED73504679A9023EA6
    SHA-512:EC5A8F596E8D18C825C89DFB6FC92EA7732F12009DC240FBB9B87B15BDCC40F30DE69152FACDE15874F094C46799482424553CBBEC92ADF3BF4AE17E39850484
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.285501926698782
    Encrypted:false
    SSDEEP:
    MD5:AF3A821E97929ABC2B2133175FFF7301
    SHA1:749B8EC57CE587E74505CBFD1D1FB401FC915B7B
    SHA-256:B6E37C60EA68DE44EA6E2F40D711DB12447AC50EB2784AF39057EBB0D946F1EB
    SHA-512:8FDAD890889B69078F3CFCB02F1905CF3E63B4D3939ADA8B91BBABFC0AED72C88D1B92B5DB0A79BBE03BCB4F75AF15E57E0A60BE3982474B29DA01CBFA207287
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.2885939310448755
    Encrypted:false
    SSDEEP:
    MD5:00A6408CB3A129830ABCC32E84123D90
    SHA1:B4E522A9FDAB328BCB10C991028F351B114EE8DE
    SHA-256:2684D65DC53B11D83532E8FB02AC192B380A9FE5500D6EF2BE99E03E3BC2F396
    SHA-512:DD1512934CF2ACD8A28BFC47FCDD36EA91F27F1BE3AB83DD9CF4677BD666007E6813DF72F3F8B56FC0EB9F20503C938ECCF43CF89C3E55C775DA4F287B33263F
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.295675943181949
    Encrypted:false
    SSDEEP:
    MD5:D672DA8E21727E9F724EBB3878D770B8
    SHA1:1BF73E0E85D5A389A20700081BB3DCDEE73CF8CD
    SHA-256:B053CB8B81BF411A6A19C58103463D7E0C2ACB9B7D597A692F037307014008F0
    SHA-512:DA53FAAF8C578FDFDCDA320B7B51FFEE8599FB250B93F400C04F3F04DCECC879568825146264FC3800566160D105244F74110351335D4D99DC1CD542AEB99766
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.311897329215916
    Encrypted:false
    SSDEEP:
    MD5:58B5C3CBE62FB95D531DFC985317EC30
    SHA1:2D0BAC9118DCD33ADC99B36E9ECA0AC942E1C12F
    SHA-256:E65840DCF5C65BADEEE5FDF5017D16483AC323E5EB96868911248A9D82E437A5
    SHA-512:94127A13BF13F10878F48921810D68387B56F83A57DF9EE51CCE7D510860A5BC3FEFC556AE9B177C31817DFE0D39C970F3A571B5960A9B63141639F1554DA8D2
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.292663539998408
    Encrypted:false
    SSDEEP:
    MD5:DAACE697B5E15F689251D3F1AE4BDC0D
    SHA1:847D8FBF2D8DF0155E54D82DF91438AD8868C4B3
    SHA-256:8BF31C32EB582E2EF340F3478AB8E5763A399B6B836532ADAE0A2737C2E4A713
    SHA-512:34C7D68AF114CF341B66A3AC0A66767161426929D9E66666A8E53C6F531D35B2B3514FED294D4CBCB11F1F9C4563702E817C3F00D104243BF38FE8DE9A9223A6
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):284
    Entropy (8bit):5.278883740720725
    Encrypted:false
    SSDEEP:
    MD5:82FDDA5FD81D7D8EDFDDA90F9B855B2D
    SHA1:7F9299274AAF5647EAD3C8A289FDB3ED569E6464
    SHA-256:54E959AB32D7D720E2AC6DF8E072A59C9E6C1CAB63FA984CDFDE6D777FD3AF43
    SHA-512:743888156858D91C223D16EB088670BBD186F2DAA788D4AC138FB842B6F987F1362F52F4C0A4C5E37DF051B9D4AE08A2BB57E59DA328A71AF2304BFE5F2F13AF
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.276261060077781
    Encrypted:false
    SSDEEP:
    MD5:C8A6BE15F89B35007E40948C98BF9F3D
    SHA1:37D6E596EA01D1F07A023560E3AC70DF804B6DC5
    SHA-256:860101D892A274283E10698EF666BDACFB1E0D3813F3C4615EB58D7FD970D40F
    SHA-512:7D6E0707285C7975A19EB6556A2C69D22E9D4C5366B0CC7C24299455D6E5A77D96C138D5A2843DE89538186416B67345632D39DB0647C7E4205EE188D9F2CB05
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.279836698415976
    Encrypted:false
    SSDEEP:
    MD5:F961174FD898ABD61FDF8DB443FFCBE3
    SHA1:97B234978D373BA81D5F2050D5B570255E6BDF07
    SHA-256:A34837DAB5D721EE8012BA1A993BA7B8B98A605CFC5EE9877B9BD8C8EFC05C5C
    SHA-512:7C1747ACDF218CF5077BAD17A928B2C1112050D4196AF6290CAC3C5549A755955C582FF12860EBC7FCA0DEF07012B4CE76FF2C9B6D338A42F1E4DAFA75A9E904
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1090
    Entropy (8bit):5.661869309313609
    Encrypted:false
    SSDEEP:
    MD5:8BA0367791B7FCBF298EC2618D54829A
    SHA1:AB8E738CFC88C36E8EF78F86FD07BAABAF76EDF4
    SHA-256:4D781CC32074628D47F00E0B9272598F855078096B548E549CD731F3E4C58173
    SHA-512:CE024ACA0CA421296FFD0CCABE1AF73569A3D9BB51173220D99515D7547F44B1923EDB01C6C33F0A9B605BD1090EFA80B9EF3CD932DF749E9DB09E0DFFE64061
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.255151907070123
    Encrypted:false
    SSDEEP:
    MD5:FD1CB43A9D3D2B77078C4FB14425855E
    SHA1:B5454111CB130027AFB3F79F79122E03D4F5AE9F
    SHA-256:A8C648EBD4A64AD2B6F1BEE9F2302B5F49C5F0C0D875B1CB39F5A6E19D284163
    SHA-512:FD736D21B3A5810791D6DE660E1F3886B46374960E0856410EF97D9E1A7FC2992716EB2B20E18FBF7F005F81418D9896EBF63A127DCB4786A33FCF16EFBDA9DE
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):282
    Entropy (8bit):5.263928810515917
    Encrypted:false
    SSDEEP:
    MD5:1378B3F3CF9E64FEE391B39040EA30E6
    SHA1:59AA25AE0B90F8E768AB0743B4A43534D4D2003A
    SHA-256:4F418F78C6EE2AC507AC1C6369FBAEE7FCB1AC24C0D4B29D77CEE40050E31D13
    SHA-512:0EE13D5617F591B36DF8F33A6F6B61C0B7CC0D25CD4C70952140D19110BC0632C664A6860A0D245C3B4937FFDE03F9028D14170FF167563A0A16E42F9F4BBD26
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"17c19a50-2d23-4ca3-8c58-084c737e9ead","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1737170018508,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Reputation:unknown
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2814
    Entropy (8bit):5.1275772185159605
    Encrypted:false
    SSDEEP:
    MD5:6E53ADD6EE9F39C2C2EEB9424636E602
    SHA1:447F8489D5A6AAA59140D46E7AC7EE80D986A8CD
    SHA-256:9E48759A8A7F5ABB4DC42277D18C24D94ED7FC2503731DC56C0B709E28D26DA5
    SHA-512:06D1C80A0FB648A18F8CA5FDC1D178D538E0E7F8794E777834AF5AFF1B8DB6B12A40D03F5F33951E23546733B39636CA66B0DDF39E05266C82F887A7E86F76F3
    Malicious:false
    Reputation:unknown
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"802789f2718872f408c83c0082ed13c3","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1736991292000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"c1a614e8b3e479c514029931281e2efe","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1736991292000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"256a7e45b3ec264202192ec9b5c683b1","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1736991292000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"9920959f4030672ec89575ca9fa4bcee","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1736991292000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"39ee6f3a07c554ee0ecba95e972939eb","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1736991292000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"1ff69fdcedbea21d22e5ce44db880f0d","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):0.9867915778194596
    Encrypted:false
    SSDEEP:
    MD5:9EADD783F8A7100817DEDCF10B547684
    SHA1:599AB25D733496A4AA12EF90D371EC57E4698978
    SHA-256:151090CEC56FCA9FC0E4299D0F983D9C149AAA38C6480F8610C4594D2433E76F
    SHA-512:059A220673014376458BACB859D71D41C0581C5776CB174321C8ED8BA93C94F24BAD32DAAC19DDA637F65546BA8A77E9AE305ED072283B83833816514A28F308
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.3412765971734513
    Encrypted:false
    SSDEEP:
    MD5:E40EDA507D5C8129CE0FA9B989292CDA
    SHA1:36D80D6F0A5D2530B73ACEA7B35087D67D842E24
    SHA-256:24877F5177F3382278BE2B7BEFF88D2C7C658F731BF219E06993765C76571256
    SHA-512:0A3CDA386D73F872A38C961D565D09A9349672CB6BD1388B5E6B7254C1D7E8D01EA26178C6C81276A83D6F1943C7D466E013AD2BBE6F42F1E1C5EE2D29932AFD
    Malicious:false
    Reputation:unknown
    Preview:.... .c......35.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):66726
    Entropy (8bit):5.392739213842091
    Encrypted:false
    SSDEEP:
    MD5:26AAD14612DAC706B1AF9DD33B542754
    SHA1:E3898AD3C2E81B1D79E3D073777D42D10ECEA162
    SHA-256:E555102FB5AF61A0B0E49316628DE953393B34D2DB174E9A1D80CD234DC36E9E
    SHA-512:0DFE6DBCE1875159680393308B1E62CE05E9B9E837DF32AD6C05F69094FA755E47594BBBD3E1C972C1E7BF06DE4B23E8C1543609559DCDA7FF9B36D37F76B19E
    Malicious:false
    Reputation:unknown
    Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

    C:\Users\user\AppData\Local\Temp\MSI80e1d.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5197430193686525
    Encrypted:false
    SSDEEP:
    MD5:A30F5D4A44F7804E94C0FBAD133A8A61
    SHA1:EAA58B1A06C2D9206D6E47633B41EDBDB746CB74
    SHA-256:78C2148ADBD7B896E0FD53EE69EAF9492B8A75417C31E1C20FD7255668F57C52
    SHA-512:0E85EC2368A987F28451476D6630B0112B8DAB1EE83E8720AACD52D9CD6F4255401710E674285A81C363C81760505BBE9D80E9406ED37576CCE0FFE84F6C13DB
    Malicious:false
    Reputation:unknown
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.5./.0.1./.2.0.2.5. . .2.0.:.3.4.:.5.4. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-15 20-34-49-564.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.353642815103214
    Encrypted:false
    SSDEEP:
    MD5:91F06491552FC977E9E8AF47786EE7C1
    SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
    SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
    SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
    Malicious:false
    Reputation:unknown
    Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.425006025659108
    Encrypted:false
    SSDEEP:
    MD5:9AFDF7B55D7C72411047A4DBA02FF445
    SHA1:FB62956D9F44EBC908B44E0078A2D3A722BBC8A7
    SHA-256:54C11E24E629297DBF98D8B75C5EAB7C6AA2094DD47238AC8BEE32129F9CE72B
    SHA-512:3CA99C5DB42F627A55E4B958A4F75C751C56C8B43EDBA79580263024041E41386AEE3CBEC9B25E91FB97FDBA06D27C152F2C774210ABF5FE2E2E3751CDB9EE90
    Malicious:false
    Reputation:unknown
    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\161b5c3f-8a91-4ad6-81e8-481e48305a5e.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Reputation:unknown
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    C:\Users\user\AppData\Local\Temp\acrocef_low\328e28fc-bf43-483f-ab5f-928b434df9c6.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:
    MD5:99B9D76737F60004B8783DF857533C76
    SHA1:8C7F170E4AB439A2B5B64D0D5F4C386A52260406
    SHA-256:E4D547764D6B54B67FB4450FC700479F960E10DFEACF25F45B88E642460EB747
    SHA-512:B5F7E8DABD5259F5D6826D5FEDEE79C8D692070C33D353E698D6C15E39E28605DCC6933709B9D89B8132E691CAF24C038206C79411E56371315F9A3137E54B98
    Malicious:false
    Reputation:unknown
    Preview:...........]..8.}. .)."{g.-.}plw.A........,..Y.tI.g.....)Q.H..'p#p`.U.S.H.)....e....a.><..w.....Dw..9.0Y~.......1.._......j.....Oh.q.\,....tn.....w..i.f..?A../.h.D..........n^......M..w......C....!..4.........w4q..F.1I.!A....(.........TN..'8...Q.........^...za..0Hm/.....{.....\....' ..1..0.qzD........'Y...... .m..8Bh... ...4...z..}.9..Lqp..M \Xe......Q..0..+C.B.4Ijm...o..co..q.d.~.8...\/.4.]....8...1.].D....K.|...hp\..... .ch.....\.g..Qpf.{N....n<......'.....KS(.k..$Q.R...6..'.....7.!....{.....b....C.v~...x...FO^..O.d.>'>...........&.. ..WR...6...^.D..A...d1|..F.g..g;.\...m..V..0..le.......4J..p.(..l'.....n_........n.0..P...Y.KJ.S.B.><.\C.}..~....,..k..V....XI#w..B..Q.B...t..\.lB;&!.n.(._=..>...+..a.......N.X{.{..ly.$V......@..E.....R.j.x[..V.....Ij.....mQ....-D....U1..J...F+.%...6.g.T.....X....(...w...8a..\1..^z.6...@R....l.i.A..,.......o..~^bM.E..qW^?.......!..)u.(&*.v....."c.H..Pp..uy...DP8.m3.:T..U=............0-~.B..w...D..'

    C:\Users\user\AppData\Local\Temp\acrocef_low\d3993780-02c2-47f8-98c5-7a314ee5af45.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:
    MD5:8674C13B906E9978A46A0F17EA280FD3
    SHA1:BCAD8A0D29A4916BA7B5C38802FED00AA1F730E7
    SHA-256:A18C97131BFCDBF3ED234CE94F7AA659C54F43E98FE58E2699F6146C900FE4D7
    SHA-512:39B8C9C083C656C08AA1E814022E529216E12848810E54C000F74725ABBFAB58F23FB5A4FD65018F5B106E352FB2D963DCA064864DF4882F68376BFF0BD3DE2E
    Malicious:false
    Reputation:unknown
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\fc4e9700-2b6d-4106-84ec-e9bbb1d1a40a.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:
    MD5:91BB1BDDBFEB3DE05BBF8C096F6D6F4C
    SHA1:727CEBB36C9825B03B21A966500FADF2EA8EE450
    SHA-256:87CF49769653DAC0CF5971AAF4964F20E5E4D04AF2BBC6276E2B66EB2F0B6EEA
    SHA-512:9C06EA7EE4DBEC43013C333852460FC70F90CF6D25B40C8280587164627DFDBE3BE7D1184B93B00A5F2F16E65472FA58ECE8633EA03AB5B1441C093288B7ADAF
    Malicious:false
    Reputation:unknown
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    Static File Info

    General

    File type:PDF document, version 1.7, 1 pages (zip deflate encoded)
    Entropy (8bit):7.9383967458693885
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:RX890.pdf
    File size:103'475 bytes
    MD5:34587d25868ad356afac608c6b7da5ab
    SHA1:cb964622cdc1dc35c8cc0c1a8bb8b96f10d99929
    SHA256:0018078242b1bf6fdf8147cdc0a7f099ca8e6d8fb4b735e370e3e39981808b54
    SHA512:9cab7c73c0b8e8c1ca97496ccdcea02bccca2b03899d3122dc42e3f1764baaf79823d0d0ee7061af94fbe65731a1071b1954e7f9178d3ebe071cced10ea27dfe
    SSDEEP:1536:6E+UWR5mi2Bh/LoNBIoxcRfmoVPlXFHPzPo+0m9kBVmnIDyu5DnXCvl:/+USYDh/LcVxIfmIFHPzP7SBVSu5TI
    TLSH:DBA302A4D545BDDCC0BA4F7A1EC0585FBA6EB0D108C88A1539EFC623D3F0F719A82596
    File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /Metadata 24 0 R/ViewerPreferences 25 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/Resources<</Font<</F1 5 0 R/F2 9 0 R/F3 11 0 R>>

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.7
    Total Entropy:7.938397
    Total Bytes:103475
    Stream Entropy:7.963514
    Stream Bytes:98367
    Entropy outside Streams:5.230907
    Bytes outside Streams:5108
    Number of EOF found:2
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj26
    endobj26
    stream7
    endstream7
    xref2
    trailer2
    startxref2
    /Page1
    /Encrypt0
    /ObjStm0
    /URI0
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Image Streams

    IDDHASHMD5Preview
    168651c9cb67535ba47a294c2f1b15253a2ab43058138df0f5