Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Project Proposal.pdf

Overview

General Information

Sample name:Project Proposal.pdf
Analysis ID:1520707
MD5:9b85f102a4d5abb6260746d762e6a242
SHA1:5d1e77baa5e6ec00f8938e9dc88a51920751193e
SHA256:1509d336bc7fd7a8bc6e3ae8b888c305df17a1d3fbab3419c2b8867e799138b5

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Suspicious PDF detected (based on various text indicators)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 3460 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Project Proposal.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6908 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7140 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2240 --field-trial-handle=1592,i,17894290379442899653,10121711594863025015,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Suspicious PDF detected (based on various text indicators)
Source: Adobe Acrobat PDFOCR Text: REVIEW DOCUMENT HERE
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.203.104.175:443
Source: global trafficTCP traffic: 23.203.104.175:443 -> 192.168.2.16:49712
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.104.175
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: classification engineClassification label: sus21.phis.winPDF@16/33@3/62
Source: Project Proposal.pdfInitial sample: https://k3nd.rixotexa.com/gfsww/
Source: Project Proposal.pdfInitial sample: https://k3nd.rixotexa.com/gFSWw/
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6404
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-27 12-34-39-704.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Project Proposal.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2240 --field-trial-handle=1592,i,17894290379442899653,10121711594863025015,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2240 --field-trial-handle=1592,i,17894290379442899653,10121711594863025015,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Project Proposal.pdfInitial sample: PDF keyword /JS count = 0
Source: Project Proposal.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Project Proposal.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    162.159.61.3
    		unknownUnited States
    		13335CLOUDFLARENETUSfalse
    93.184.221.240
    		unknownEuropean Union
    		15133EDGECASTUSfalse
    2.23.197.184
    		unknownEuropean Union
    		1273CWVodafoneGroupPLCEUfalse
    184.28.88.176
    		unknownUnited States
    		16625AKAMAI-ASUSfalse
    34.193.227.236
    		unknownUnited States
    		14618AMAZON-AESUSfalse
    23.203.104.175
    		unknownUnited States
    		16625AKAMAI-ASUSfalse

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1520707
    Start date and time:2024-09-27 18:34:07 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:15
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:Project Proposal.pdf
    Detection:SUS
    Classification:sus21.phis.winPDF@16/33@3/62
    Cookbook Comments:
    • Found application associated with file extension: .pdf

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, ssl-delivery.adobe.com.edgekey.net, ctldl.windowsupdate.com, p13n.adobe.io, geo2.adobe.com
    • Not all processes where analyzed, report is missing behavior information
    • VT rate limit hit for: Project Proposal.pdf

    LLM Input / Output

    InputOutput
    URL: PDF document Model: jbxai
    {
"brand":[],
"contains_trigger_text":false,
"trigger_text":"",
"prominent_button_name":"unknown",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9ae4f645-8b3a-4eb2-8697-0d20a2421e37.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Unknown
    Category:modified
    Size (bytes):403
    Entropy (8bit):4.953858338552356
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Unknown
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF536c14.TMP (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Unknown
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:4C313FE514B5F4E7E89329630909F8DC
    SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
    SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
    SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\a4e8113b-9dd3-4b28-b3f0-7ccf031b1cea.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):403
    Entropy (8bit):4.983035572001025
    Encrypted:false
    SSDEEP:
    MD5:286472F2393F8160EE75E3B86890B87E
    SHA1:78D0BF06DF946A62C8987EA6E0AFF2A0472DCDFF
    SHA-256:37274D18893602EA53EBEAC84CD79C3C1A7FFE449467944A1EDF106A1BB54CE5
    SHA-512:EEB96B841E41A1250BFFE50EF766B68A94D7BDEFFD7307972D1D0E3D6FA232A62EEF77A922E381691609150B2326D7C33EE8A94DD4E39B03DD39E8B0CE84F160
    Malicious:false
    Reputation:unknown
    Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372014890098999","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":121833},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240927163441Z-164.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
    Category:dropped
    Size (bytes):71190
    Entropy (8bit):1.2925990705762151
    Encrypted:false
    SSDEEP:
    MD5:BFB9E7D7B55AC1CA7ABE3A792FDAA54D
    SHA1:7F5A1653EEEFFEFAE2E8ECBED64F32313CE623B6
    SHA-256:824C9F6E61EF26FDADF6044DB4F6D04EC374248AA0483981C38121819DB82A72
    SHA-512:FDCF8E02CA6D786B1971A156FAFFBF113F7D20B9FD0C4D1848C6BD30A54B8E31F874B22519301DF4791728CDC9BEE1F3C261EBC4717715B04827A26963535426
    Malicious:false
    Reputation:unknown
    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
    Category:dropped
    Size (bytes):57344
    Entropy (8bit):3.291927920232006
    Encrypted:false
    SSDEEP:
    MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
    SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
    SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
    SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):16928
    Entropy (8bit):1.2146106549268527
    Encrypted:false
    SSDEEP:
    MD5:D3DC7248232634953AB37E054755D48A
    SHA1:6E8EB2A675DF64BDA9DD5EBDAC2E5FDF6A8882B5
    SHA-256:A333A066E70CB4FCC0AC743F0C94FCE650896D835B8462AA2ABE33F3E3CF0E1A
    SHA-512:C9D7F94696452A7AA16500421AB86897E2353CD7DCB627FA9F8A2302FBE3C996D41E101E0786B06EC1163D08B7A2EFBEFADD9D1004572DB532E92D2246279D38
    Malicious:false
    Reputation:unknown
    Preview:.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Certificate, Version=3
    Category:dropped
    Size (bytes):1391
    Entropy (8bit):7.705940075877404
    Encrypted:false
    SSDEEP:
    MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
    SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
    SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
    SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
    Malicious:false
    Reputation:unknown
    Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
    Category:dropped
    Size (bytes):71954
    Entropy (8bit):7.996617769952133
    Encrypted:true
    SSDEEP:
    MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
    SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
    SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
    SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
    Malicious:false
    Reputation:unknown
    Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):192
    Entropy (8bit):2.779094196322516
    Encrypted:false
    SSDEEP:
    MD5:4277E6E0B770E58A76F2B7FC7EAC21C8
    SHA1:283A4BFFA3D69A6192CEB0614BB8375860CB15E0
    SHA-256:9FF6654434831F06B322BDF501BC1321FE06134E6A7342CC8EEA981E6CBF37B2
    SHA-512:B07DF2918937D3843DFAB99D1D524FD445520ABB27AA006B6250084D3FDD80E6C9D1C85A8BA9788E9D421F562EDDF73ED52FB620684448D6587CF15429BA0A34
    Malicious:false
    Reputation:unknown
    Preview:p...... .........bH,....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:modified
    Size (bytes):328
    Entropy (8bit):3.1356875516282017
    Encrypted:false
    SSDEEP:
    MD5:9D166FF7591C7B98848237E1187327BE
    SHA1:F969DD82B432446A7147683D1029E97AE9EEE8FC
    SHA-256:4E88FF39848E46C08FB5A2A6F14FEFE26208C60F08E8BD9197C88CEDFCCF3A02
    SHA-512:2F2956F6DF3CB1A260CAD20D5FECAAE76F7147A535234F5BDF47F0E54AB9FD963141CE768740A060779F9F16FED4F91E0369AABC7EB6A71F60E6244B1880D87A
    Malicious:false
    Reputation:unknown
    Preview:p...... ........[m.>....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6404

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Reputation:unknown
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):0
    Entropy (8bit):0.0
    Encrypted:false
    SSDEEP:
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Reputation:unknown
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.374308695278147
    Encrypted:false
    SSDEEP:
    MD5:337071C4BBAB58F88981D34423A77B2E
    SHA1:5BFA953B5CE9B3C55A58DE051751763ABC201811
    SHA-256:6F5CCF0404A5894C5DC6597D99C848DC543BE0F31F15DB418494F9D6E42E1D51
    SHA-512:CABAE13245CDE006641E23396F606ADF7AD9D7CFCCC82511DE32744D4F2FF783795FCD66063E2F0874B64A96C979626759D9C81A2D80A1B6B09DDE5AEF4AD23A
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.319567666001472
    Encrypted:false
    SSDEEP:
    MD5:36B1A5D41A2A54575F6D5E3DF36B01AA
    SHA1:5AC5831EE45C74E6CAC8539A9A1B68F637B805E5
    SHA-256:A3B52DE9EA9FE074838BAB36AB88ADA039263D1EAF841A3D2489FD2AF3CCC370
    SHA-512:DD1300237EE52D6C1CFDC58A62908069484DE4974B220099F074A0598B2A616196F21CCF1C1FBD4AE3ADBD7379822889E5368AB066AF9203362166E7A2B8AE6F
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.299339307709135
    Encrypted:false
    SSDEEP:
    MD5:86248E8868B91C6DD620C0DFF2038D21
    SHA1:A7DE7705046A5A0ED0D4A191D5BE3451CB595007
    SHA-256:142115022C1E74DAEE0117D961A2E66EE7A0E036A34E88402FFF5428F7EF984B
    SHA-512:B4CF47F92CD7B699BF41BC5F0BA43D1ACF241C9DE6B2A71DB530FD534CE8F2191C85340F06B1B50BAAB15126821B748EB7F3BD4E95EE738078ED722882A1F180
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.363072929947597
    Encrypted:false
    SSDEEP:
    MD5:4F82A1525F2C6BBA4163FB46586C600D
    SHA1:813D4C5200CD27CA0B15ED937416C22C7D81C131
    SHA-256:A2854BC404FC97672908FD9097BF3BAEAB36DE7524D97F5FEFD7E94CF6C3FCC2
    SHA-512:830CCC5E9339F70D43364E898238A332CF5CD96CE96A0E2CC62EE61C4D016EDE68BD752A275A86703F8EEE2232470E0C6615F6BE500D4D81AA71D39DECEDBA35
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1063
    Entropy (8bit):5.669404676887532
    Encrypted:false
    SSDEEP:
    MD5:A76BF8A959B37594AE63484C7B105053
    SHA1:85B4F9BE2D7226965930A2770689AA4AF9D912B5
    SHA-256:2C8892833A87A3807587A2FF14554A4ED9103211DF0949616B57D372A49A2493
    SHA-512:D7AB69D14B80078208AEC19E64E7E2D95D06DD5AFF75870FFCE0442A9B215A2C0ADF14B03FCEC412CF6B8381C907EFBE18AC30548A53F94F3CC17196974298BB
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1050
    Entropy (8bit):5.655396083552249
    Encrypted:false
    SSDEEP:
    MD5:2EFEAEBE08A97AED906BEB6185CF44CC
    SHA1:7540B0D82143542E0419427DBE9BD6EEEEA491B3
    SHA-256:D7941ADA57344DE4A71ED1EF0D61B6C035EFF99E80552C396D4A201570E4350B
    SHA-512:7A4D46B521B1AF24F841EC16864C4B20CDE410C9C956B0A159B4D5D8D1BCF5C34EAEA7D328F1FA6EA37ADC7C14BF67BA2CA53685921F9EBD41E629113919DF6B
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.311471123966177
    Encrypted:false
    SSDEEP:
    MD5:41DD2493F63D3BB8AA522FFCB1D0AC88
    SHA1:6C5DE9141E032B41F22222A2C57A597151B30CBE
    SHA-256:7C4B5CEFA2D08D95AAB5D5C498A29A20BB1237203D1E0B067E2E169BC7F9C771
    SHA-512:883698E79F0E8D00D5EA91A76DD83B749BD26502E4F1A05611A8A1244989D52B5DE06B59A20D597FE06067B764A73C7FB38C6ED468997F21B56FFEBC99BD5A02
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1038
    Entropy (8bit):5.65177656653879
    Encrypted:false
    SSDEEP:
    MD5:AA378F2E94E4ED6CA4C0FCDA92959F18
    SHA1:FE3FDF815FE2017124D788D9675487008C9A8BF3
    SHA-256:15D975481EDA427DEFACF26A525F51D8676885FFB92F396B3374E63242CA8310
    SHA-512:DF59713D9AFA5DA205A44A8C794234F09D6AA9B0FFC0A45D1D19207718E9EA37707745B6E5B93618D76D14C54BA842888DBDB0AE85D46A0241EEAC39E9DD9EF2
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1164
    Entropy (8bit):5.699633002080685
    Encrypted:false
    SSDEEP:
    MD5:6485C22D7605E043608FDC2B1B600008
    SHA1:FFFCD3048211305481BBFC495D067DD803C9A4A5
    SHA-256:16503EBBCBAAEE222022235539379EC377A09654A2CE2C8E9FD3D8B5294076A7
    SHA-512:DD3AC4C5FB29B4C6F6373031CF5004941AE92867ABC74EEA432215004AD3AEFB797921228009C90972FD6E501A711AC7FDFE69500661EC370B42427219C94D63
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.315346313843105
    Encrypted:false
    SSDEEP:
    MD5:C1089E5FF03E59E57E7D1FBDBE94CE95
    SHA1:9595D577AA475C121A5BFFC4ABE6E8EF7EDDF500
    SHA-256:AAE6A7D0069247997173DD340FC782CE5F5079DEAFFED625F68167D5CC1D606E
    SHA-512:27E4264A95FC15FB3898F80E9008C002E2E9BF6942673A9D7D371F891AA4ED7247A11C9A8EE082C17B2CD4845AFF6B0BDA5AA1607A41C39D6B1BA80BE96234AE
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.779048488295255
    Encrypted:false
    SSDEEP:
    MD5:B5F6ABCFB7B132E6DC013F87351FE91C
    SHA1:A51F752FA25CE25D407346B1AD762994597B7C9C
    SHA-256:F5A2FB83DF2ACEF128B481D8E07630C7CD28FB1B9A71CE29F97E84BDB7090F7A
    SHA-512:2CA452E1F99D3923DBD7F019294E876A3B1B3DCA8A561D736B551BE1F55BFD7AEA1CBB7C127F7A3B64CF64E2BDE30F0F040DD59C29F220471017B8F2E221306A
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.298787938569592
    Encrypted:false
    SSDEEP:
    MD5:7C7570572501D2D75FD3B80DBFAEA013
    SHA1:7A77D7E1B2C9F089D3CE609F05AFF041CBBA74EB
    SHA-256:944CF62B9805BB3EA82D2E955764BAC51036105E88010D232132C90A6DCBD0CD
    SHA-512:719F1FFA24188B7D0F97DA059BD884C0331012CF73C51B2D1DC4F7F7AC8A7DD6F6E00050DC4A54A888B5B1C7287C5EA3DA6B5DEF362EEA6647F95AEE4A30DC5D
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.301731924693789
    Encrypted:false
    SSDEEP:
    MD5:80561FE71936BC431F45FA702E2CC2B8
    SHA1:742A41E80CA4A4F292900A14DDC79AEB38E277A2
    SHA-256:832F109912CF448B1E5329174C4CC5F1C02F9A9725EBCA3D0B3AF2A02AA80301
    SHA-512:AE65B29197093F265A318E199B9540AA58646DDF5621BDB40AB04A852B2A2EBD29C1AEC46D1534C8B60C2A01D2747A06D0C4B94D2F4FE833B1EF77F76B0F70A7
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1058
    Entropy (8bit):5.658026078804235
    Encrypted:false
    SSDEEP:
    MD5:B005995A0F5A7EA44968784404F8FCA6
    SHA1:F674702BB0A7E45AABAC0C23405F5C569DE7ED8C
    SHA-256:308A56CBCAFB0FFA4F5FD601F286257D624DFAADCBBA84F2556EBC692F42CED6
    SHA-512:B0D7D22CA61899412880AFD27366C389C8FFBEA713FE3AA850BB0E747291B8E77D87223FA9B8FA3F41EF91A57719E31EAF66DC6FD62F0278CE554AB92D2DA0BB
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.279886655155687
    Encrypted:false
    SSDEEP:
    MD5:C831D30A2EFE0E3AB5C9B80F2C23FCEE
    SHA1:4D21AD4EBA8A6F9C3B1E2402E745D8CA4144F71E
    SHA-256:0A408809F4488D666FAEC9F12FE0D096D5EAAEA3B798029BC45394532B109388
    SHA-512:BF5BC6C4923BAE9825B838E333FE41BFA3FCB47D354AE352964F2377F431D9B07855E4482ADD85FF411EC5BF2A91A7A72A557FC94CE99E5CDD2892A99C8E5E4E
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.379450072507449
    Encrypted:false
    SSDEEP:
    MD5:2266A367FBD9DA89FECB434007542B7F
    SHA1:FA8CE92E0CB1A92CC412BF871169C5D66783FAD8
    SHA-256:5E35528972D92A92F592A86F963E8C5CA75AD2081843EA9602DAF5B0F51A6F47
    SHA-512:C77D1352DE470E1665A32D2B97F5A8EEBA409E61B4559DC195922342DACC802EF24B7DB0E9E78BA5875674CEE6F52A299418DAFC4F4271EABD0AA341597DF204
    Malicious:false
    Reputation:unknown
    Preview:{"analyticsData":{"responseGUID":"edb31f3b-e646-41bf-b2ee-539136114ebc","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1727634088868,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1727454883900}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Reputation:unknown
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2818
    Entropy (8bit):5.141145613512559
    Encrypted:false
    SSDEEP:
    MD5:BF2710F934FEC03A6966B5D1FFA6F5DD
    SHA1:0138EB38363D3EE048BB0DA73AA12F02E4248EA5
    SHA-256:BD4C6074B366B56393146D09D02649B9A155CE697D3BF5CF0B7856FFE1A693C5
    SHA-512:08AA829B3279BB5B6EFBC9DAAF11CB913D45A09B7A612282995C6161EF0B5B591ADF59F50C253F8C7A6CB28CF38F40122E3C60F571F605B8DB82E9E8883BE677
    Malicious:false
    Reputation:unknown
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"5b6ad5f5b6cc8b96a18c16cfb1f347e6","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1727454882000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"1b73d2e9a51b953f9019b076c23d213c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1727454882000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"83e7c764efc178ae099a5d4b275a584c","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1727454882000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"857dc484e83d33e8a304d76bb904548b","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1727454882000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"42aa8023752eeb69e0a440c36e81ee31","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1727454882000},{"id":"Edit_InApp_Aug2020","info":{"dg":"328e2692edf908b74c8c9e4034a748ec","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):0.9887229626332673
    Encrypted:false
    SSDEEP:
    MD5:1D412E0241217FF826D110BF3DBAD4CC
    SHA1:3B8FD10B189374CB61E42D49DEA3DE95A4705972
    SHA-256:4F3CB21759BBB67CB5203159B4B5737E41C5B1B8539A633D7986EE2E840558D8
    SHA-512:042DDF5268C855508FFA8C7D80F5879FC07BEEBFD29DE5BAAE98CDA570AD3DC000EF5E09D143764CC844E9DEB8E01B244FE76EB99FD3F6FFF249E3BBF7E3507D
    Malicious:false
    Reputation:unknown
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.3455695064934743
    Encrypted:false
    SSDEEP:
    MD5:AE9ECF8C57AD11C3426E251C48BFF41D
    SHA1:707716363643E4FA7A0EBA32C0F04E5E84E2767D
    SHA-256:BECDD44FA856198D7F61E07E3E937568C92DCABB99988B7612C8624FDD3E2865
    SHA-512:9814B7C70A2020980970DEFEC95510C753ADCD61E06207DB87748664D7DA8EDEDC1D5F262232CAE442D77625879C5D03B6EBC84FA4CD0C2FE0716397C89C9F27
    Malicious:false
    Reputation:unknown
    Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSI25eab.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5162684137903053
    Encrypted:false
    SSDEEP:
    MD5:95FD38A5DFAA14F020780EE5544BBD03
    SHA1:85AC8BE857D51F1CC738B62BE9C7E08963EA244B
    SHA-256:EE7D2DD1F1C6118252217E91F9CB5C08FA8FE9D7D92A1B0DDE90828FF969AA4F
    SHA-512:4086E96A5EDB418839BDE09E65106E625474785E9A7C808E0EE3A0E3D0FFDCD4AADC1939E5BBB3377905793A3A4DC28956BB48711114493A464829FEFBDA72C3
    Malicious:false
    Reputation:unknown
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.9./.2.0.2.4. . .1.2.:.3.4.:.4.4. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-27 12-34-39-704.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.353642815103214
    Encrypted:false
    SSDEEP:
    MD5:91F06491552FC977E9E8AF47786EE7C1
    SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
    SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
    SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
    Malicious:false
    Reputation:unknown
    Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29752
    Entropy (8bit):5.426831002605378
    Encrypted:false
    SSDEEP:
    MD5:184757F54D23766C378BB6305003AEA8
    SHA1:9DA91EBA63F4FEDEEBC95040089E72ECEABCF809
    SHA-256:0176E465170F9018174F01C724C1CA7F073AFDFE3E2580B953FA4BE704FF0E87
    SHA-512:4372D8C78A2DAADC9AD3BE72EF023AFDF67144340E4D2814018C37BB55371A55B9576C1BCA41974407AE6F969EBF19D604B629DED16BB164101F427DA501363B
    Malicious:false
    Reputation:unknown
    Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

    Static File Info

    General

    File type:PDF document, version 1.7, 1 pages
    Entropy (8bit):7.450651836961248
    TrID:
    • Adobe Portable Document Format (5005/1) 100.00%
    File name:Project Proposal.pdf
    File size:49'747 bytes
    MD5:9b85f102a4d5abb6260746d762e6a242
    SHA1:5d1e77baa5e6ec00f8938e9dc88a51920751193e
    SHA256:1509d336bc7fd7a8bc6e3ae8b888c305df17a1d3fbab3419c2b8867e799138b5
    SHA512:ac20ec3af45b4180d588a1a30d38498c57f0a882c6955afd0a60442db295cffb7c85de67cd4098d2cdf9638fad3715012b4ddbbe84b04f1d4aa4f4b95a816ad9
    SSDEEP:768:y2IlLI6rn0Bs7dvi1YNrq30QxQEyDcd4NqIWCrQrn2vgvLal5G3Z8SKdYLbISnQY:gXdFW3WEFu4bqvkC5u6SoYgSiXd22G
    TLSH:B8231D1389089B86E1294694BE071E6D2F067B0DE4C235FE316E4EDB3F607725C9E16E
    File Content Preview:%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 12 0 R/MarkInfo<</Marked true>>/Metadata 26 0 R/ViewerPreferences 27 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/R

    File Icon

    Icon Hash:62cc8caeb29e8ae0

    Static PDF Info

    General

    Header:%PDF-1.7
    Total Entropy:7.450652
    Total Bytes:49747
    Stream Entropy:7.442087
    Stream Bytes:46499
    Entropy outside Streams:5.386085
    Bytes outside Streams:3248
    Number of EOF found:2
    Bytes after EOF:

    Keywords Statistics

    NameCount
    obj17
    endobj17
    stream6
    endstream6
    xref2
    trailer2
    startxref2
    /Page1
    /Encrypt0
    /ObjStm1
    /URI2
    /JS0
    /JavaScript0
    /AA0
    /OpenAction0
    /AcroForm0
    /JBIG2Decode0
    /RichMedia0
    /Launch0
    /EmbeddedFile0

    Image Streams

    IDDHASHMD5Preview
    10262a2b3333330e2b707b479c5943387e3261c14c6055ebf8