Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
C0260-COUNCIL APPROVED PLANS - ISSUE D.pdf

Overview

General Information

Sample name:C0260-COUNCIL APPROVED PLANS - ISSUE D.pdf
Analysis ID:1543508
MD5:018732c25a95c5da3a89236fa5efa746
SHA1:08b3a4435963497defff04e10f82d5753dfae46d
SHA256:5dc1aaff1c2469c7ec4c766e9f654fc3eb6a91dbe784005feb91de68687f7bb4
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No high impact signatures.

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 2008 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\C0260-COUNCIL APPROVED PLANS - ISSUE D.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 1436 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 5904 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1560,i,13082462782588250039,15820702864386055181,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: classification engineClassification label: clean0.winPDF@14/46@0/0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-27 22-03-25-794.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\C0260-COUNCIL APPROVED PLANS - ISSUE D.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1560,i,13082462782588250039,15820702864386055181,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1560,i,13082462782588250039,15820702864386055181,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D.pdfInitial sample: PDF keyword /JS count = 0
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D.pdfInitial sample: PDF keyword stream count = 215
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D.pdfInitial sample: PDF keyword endobj count = 216
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D.pdfInitial sample: PDF keyword endstream count = 215
Source: C0260-COUNCIL APPROVED PLANS - ISSUE D.pdfInitial sample: PDF keyword obj count = 216
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1543508 Sample: C0260-COUNCIL APPROVED PLAN... Startdate: 28/10/2024 Architecture: WINDOWS Score: 0 6 Acrobat.exe 20 75 2->6         started        process3 8 AcroCEF.exe 107 6->8         started        process4 10 AcroCEF.exe 2 8->10         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1543508
Start date and time:2024-10-28 03:02:16 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 51s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowspdfcookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:10
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:C0260-COUNCIL APPROVED PLANS - ISSUE D.pdf
Detection:CLEAN
Classification:clean0.winPDF@14/46@0/0
Cookbook Comments:
  • Found application associated with file extension: .pdf
  • Found PDF document
  • Close Viewer

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 184.28.88.176, 2.20.245.132, 2.20.245.133, 34.193.227.236, 18.207.85.246, 107.22.247.231, 54.144.73.197, 172.64.41.3, 162.159.61.3, 2.20.245.141, 2.23.197.184, 95.101.148.135, 192.168.2.4, 23.192.223.240
  • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.

Simulations

Behavior and APIs

TimeTypeDescription
22:03:36API Interceptor1x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):292
Entropy (8bit):5.21822587067576
Encrypted:false
SSDEEP:6:ONAQ+q2Pwkn2nKuAl9OmbnIFUt8pAgZmw+lFUjAQVkwOwkn2nKuAl9OmbjLJ:MAVvYfHAahFUt8pAg/+f+AI5JfHAaSJ
MD5:20AF007766D71F8D7999903B842FAEB6
SHA1:26B5AAAEDBD5CA567E31D6301668C5207AE5D9D1
SHA-256:61C6A4224EA4EC8489596D1A38C08B855783E24B29BA925CC825D01AEE1AF39D
SHA-512:16E0AADE4D2FA073550722BB5B2F75B09E2CB2840D4B5EC6CBB904CA86D4D2E371713ED453A0F29E382FAB82C32521A5DBDF842045EC2E43729930002C32D20A
Malicious:false
Reputation:low
Preview:2024/10/27-22:03:23.366 16b8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/27-22:03:23.368 16b8 Recovering log #3.2024/10/27-22:03:23.369 16b8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):292
Entropy (8bit):5.21822587067576
Encrypted:false
SSDEEP:6:ONAQ+q2Pwkn2nKuAl9OmbnIFUt8pAgZmw+lFUjAQVkwOwkn2nKuAl9OmbjLJ:MAVvYfHAahFUt8pAg/+f+AI5JfHAaSJ
MD5:20AF007766D71F8D7999903B842FAEB6
SHA1:26B5AAAEDBD5CA567E31D6301668C5207AE5D9D1
SHA-256:61C6A4224EA4EC8489596D1A38C08B855783E24B29BA925CC825D01AEE1AF39D
SHA-512:16E0AADE4D2FA073550722BB5B2F75B09E2CB2840D4B5EC6CBB904CA86D4D2E371713ED453A0F29E382FAB82C32521A5DBDF842045EC2E43729930002C32D20A
Malicious:false
Reputation:low
Preview:2024/10/27-22:03:23.366 16b8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/27-22:03:23.368 16b8 Recovering log #3.2024/10/27-22:03:23.369 16b8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):336
Entropy (8bit):5.166994340337331
Encrypted:false
SSDEEP:6:7JXN+q2Pwkn2nKuAl9Ombzo2jMGIFUt8BZmw+wVkwOwkn2nKuAl9Ombzo2jMmLJ:7KvYfHAa8uFUt8B/+o5JfHAa8RJ
MD5:014CE471408E743EA5C2B520DD564409
SHA1:EE50C1ED652EBD3AD5E23EA044A23BEFB4BC3081
SHA-256:237DA8E1A8D0FEEA14E604E13BB3899426AD3EFE49A2967852E609323C18EF1C
SHA-512:56B58FB765218EC8CC8306969EFBA573B1E34E69773637BC76AF8DDBB6FC1CF19EE40FF1215E45BDF6FEC16F2DA558EFFB6037B99D78958421D44F4C59E4664A
Malicious:false
Reputation:low
Preview:2024/10/27-22:03:23.487 1c28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/27-22:03:23.493 1c28 Recovering log #3.2024/10/27-22:03:23.494 1c28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):336
Entropy (8bit):5.166994340337331
Encrypted:false
SSDEEP:6:7JXN+q2Pwkn2nKuAl9Ombzo2jMGIFUt8BZmw+wVkwOwkn2nKuAl9Ombzo2jMmLJ:7KvYfHAa8uFUt8B/+o5JfHAa8RJ
MD5:014CE471408E743EA5C2B520DD564409
SHA1:EE50C1ED652EBD3AD5E23EA044A23BEFB4BC3081
SHA-256:237DA8E1A8D0FEEA14E604E13BB3899426AD3EFE49A2967852E609323C18EF1C
SHA-512:56B58FB765218EC8CC8306969EFBA573B1E34E69773637BC76AF8DDBB6FC1CF19EE40FF1215E45BDF6FEC16F2DA558EFFB6037B99D78958421D44F4C59E4664A
Malicious:false
Reputation:low
Preview:2024/10/27-22:03:23.487 1c28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/27-22:03:23.493 1c28 Recovering log #3.2024/10/27-22:03:23.494 1c28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\0a984f3a-dd8b-4e00-8a81-1c07f11c0c4b.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:modified
Size (bytes):475
Entropy (8bit):4.965217949670705
Encrypted:false
SSDEEP:12:YH/um3RA8sq4WsBdOg2Hncaq3QYiubInP7E4T3y:Y2sRdsxdMHG3QYhbG7nby
MD5:A3E0757DAAC0A016DE62FACF28FB0806
SHA1:B110B0AE6B5C61050896391541DDC98C310EE0C4
SHA-256:16CF3BDE2F3981612B050BC2AA5A95E4C106B2E71D2C761912BBD0453B7D7615
SHA-512:BB4ACA9AB9A9CC810958E9A52BB23EB43F897D82826DD046AF2253F766D068BEB97EDA9B1E7E872AB01CB06D3BF59707983BA1755218FBCAB871C64812CB108E
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374641009312153","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":243026},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:JSON data
Category:dropped
Size (bytes):475
Entropy (8bit):4.965217949670705
Encrypted:false
SSDEEP:12:YH/um3RA8sq4WsBdOg2Hncaq3QYiubInP7E4T3y:Y2sRdsxdMHG3QYhbG7nby
MD5:A3E0757DAAC0A016DE62FACF28FB0806
SHA1:B110B0AE6B5C61050896391541DDC98C310EE0C4
SHA-256:16CF3BDE2F3981612B050BC2AA5A95E4C106B2E71D2C761912BBD0453B7D7615
SHA-512:BB4ACA9AB9A9CC810958E9A52BB23EB43F897D82826DD046AF2253F766D068BEB97EDA9B1E7E872AB01CB06D3BF59707983BA1755218FBCAB871C64812CB108E
Malicious:false
Reputation:low
Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374641009312153","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":243026},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):4730
Entropy (8bit):5.251755968868231
Encrypted:false
SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo71cMJL/cBGaqZ:etJCV4FiN/jTN/2r8Mta02fEhgO73goN
MD5:BED1CD4369D8BB71EE2B1BFA1CB85E6C
SHA1:D73CAB44425D7900530273E73D896F0C44BCEF26
SHA-256:9FA0E562DC6DDD83C3FAC061C4B3387E7820ADA6BE58EEFB58E4B4A9B88BC365
SHA-512:A7BB15A369832BC82D0985C064CAE8FCFA4F8F1795B20F3D00327188FB9631D038635C0B10FC5CE071D0EB58C9856577514B4A24DC13315FA89BFDD3707A7185
Malicious:false
Reputation:low
Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):324
Entropy (8bit):5.172079833679538
Encrypted:false
SSDEEP:6:/9+q2Pwkn2nKuAl9OmbzNMxIFUt8pGNXZmw+pGN3VkwOwkn2nKuAl9OmbzNMFLJ:/4vYfHAa8jFUt8pGJ/+pGD5JfHAa84J
MD5:492FE98F42118E2335607DA554A36DF1
SHA1:6D4CA449639AAE2D125215EDD9788A5BF72929C4
SHA-256:522B9EB0730E1175A36EEA44988B3D4007F20DA7B7A61D80D87C1C667664C412
SHA-512:D6E828680E708B476C988CA1D8281F05546115A7BBE418ACF7BDDEA99C197D48504CB9B0C174FBE2DB6C5158AB13DF9AC24197EFDE3BC4036757550FECD956C9
Malicious:false
Reputation:low
Preview:2024/10/27-22:03:23.683 1c28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/27-22:03:23.768 1c28 Recovering log #3.2024/10/27-22:03:23.768 1c28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:ASCII text
Category:dropped
Size (bytes):324
Entropy (8bit):5.172079833679538
Encrypted:false
SSDEEP:6:/9+q2Pwkn2nKuAl9OmbzNMxIFUt8pGNXZmw+pGN3VkwOwkn2nKuAl9OmbzNMFLJ:/4vYfHAa8jFUt8pGJ/+pGD5JfHAa84J
MD5:492FE98F42118E2335607DA554A36DF1
SHA1:6D4CA449639AAE2D125215EDD9788A5BF72929C4
SHA-256:522B9EB0730E1175A36EEA44988B3D4007F20DA7B7A61D80D87C1C667664C412
SHA-512:D6E828680E708B476C988CA1D8281F05546115A7BBE418ACF7BDDEA99C197D48504CB9B0C174FBE2DB6C5158AB13DF9AC24197EFDE3BC4036757550FECD956C9
Malicious:false
Reputation:low
Preview:2024/10/27-22:03:23.683 1c28 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/27-22:03:23.768 1c28 Recovering log #3.2024/10/27-22:03:23.768 1c28 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241028020328Z-173.bmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:PC bitmap, Windows 3.x format, 164 x -115 x 32, cbSize 75494, bits offset 54
Category:dropped
Size (bytes):75494
Entropy (8bit):2.704171264807143
Encrypted:false
SSDEEP:768:Uj0k3S08obGl/GGBE7pZwRlXkwaEYrbh4H3Q0fjQrcZj/Z8unuBOlxBpQIIE2hlg:B01sTMa
MD5:2787BE066762419C1EA998DA19DE6E20
SHA1:725C12614369DEA791B81C32697C2BA27FB5AEA4
SHA-256:F4F5999EE9526FDF8829BB4B6319F736D3944A654B8E4615E94FC4DAEA6FC1CB
SHA-512:204FE62866944C42AD273818D6EED029BBD8DA602F2B6548103F27239D11A74A6A28535652DAF7A3F77A29A49239A54DE3FBB5D9A38BEA174CB701F770F47107
Malicious:false
Preview:BM.&......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 17, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 17
Category:dropped
Size (bytes):86016
Entropy (8bit):4.445093125773179
Encrypted:false
SSDEEP:384:SeZci5tmiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:Fps3OazzU89UTTgUL
MD5:645AB686B0F9BFA62507C1D69C4872F1
SHA1:9B114D9BDCC0544770E981A5AD4C892661FD6E5D
SHA-256:56870F71A292DAA37220080C1DE580D54978D8AD0D7D57D41615A7C7D05752EC
SHA-512:13C451355832BE560BB9AE504EA2C5D210A40940101B1F36752A42477DCA04A227BDD84BFCFD2D925F208F3EB72D5A0A1720FCB4087F35C6F7605509BECA28D1
Malicious:false
Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:modified
Size (bytes):8720
Entropy (8bit):2.214994153302622
Encrypted:false
SSDEEP:24:7+tQw9nuwKnRqLrzkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf/:7MBnCRqvmFTIF3XmHjBoGGR+jMz+LhX
MD5:D31F83EFC3FCBD8D5491C718B43B847C
SHA1:B609DBD270EA1BDD36EA03B10EB3DDF668944A00
SHA-256:47940A9534D5F5E3600D1D2362D870DD2DA161C175FFFBA7CA1A850A96889AAA
SHA-512:278A97EB1B1E28DB702D339EE52DF55118B1B0B728635D55FB02F4D4F85569C714A48F07461B9ED20C3B759F3EAA68703692DB470274D1D498F1153754C3F857
Malicious:false
Preview:.... .c......S.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:Certificate, Version=3
Category:dropped
Size (bytes):1391
Entropy (8bit):7.705940075877404
Encrypted:false
SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:false
Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:data
Category:dropped
Size (bytes):192
Entropy (8bit):2.745945613111056
Encrypted:false
SSDEEP:3:kkFklOgPtfllXlE/HT8ku/XNNX8RolJuRdxLlGB9lQRYwpDdt:kKXYeT8rVNMa8RdWBwRd
MD5:488E3356115C537C998661137B1C432B
SHA1:1425F2B615D6693F24BC9892D0986BFCDF7FB6B9
SHA-256:B39B8C720A5A2192CA9733F0735547D9FFB9D0723CDCF75CA26B089125A65CFF
SHA-512:083D343F39780AF1BC342FD1B8954A3AC328EB76F4A3385D612E7D88174CFD82E9005AF39ECEF4986B68B66AA1BB7F27FBBFD173B21B5500105BB08232946A4B
Malicious:false
Preview:p...... ..........{..(..(....................................................... ..........W...."...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):295
Entropy (8bit):5.3681518624417945
Encrypted:false
SSDEEP:6:YEQXJ2HXjxihERUgrHVoZcg1vRcR0YfI2DoAvJM3g98kUwPeUkwRe9:YvXKXja4UM2Zc0vjGMbLUkee9
MD5:70221709194F4E4B6BAB904EFB0083B5
SHA1:56A2BC6D90F61C2AF771FAF90EFEC607A57881FF
SHA-256:21DE53507860487D44FCA67294D15FC85429921AB8EA7E42B2389CFF66DDCFCA
SHA-512:C99444DD59BB005AB513C885B3BD6D595E7EB39A5CD4FE87C543415569F77191E7AF7EB0668B02A9DFA723CF7ECA4CE02391E174E7BF5E90EE8C93FE36B0E53E
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.319294830044746
Encrypted:false
SSDEEP:6:YEQXJ2HXjxihERUgrHVoZcg1vRcR0YfI2DoAvJfBoTfXpnrPeUkwRe9:YvXKXja4UM2Zc0vjGWTfXcUkee9
MD5:D074ACE9FCD08E38AE9F91F07FB2D883
SHA1:1ED40E86D1C0A49F21A768FB78C1F26EF59D85C7
SHA-256:106F60A1FAAE9CB311004C6BB25402A95F9C6B0882E0E9D52F8EB8FAEFFEFE49
SHA-512:47797C61199C94B6CF87D37D5348F5C031843B547FE2E988DAC283E1D2DD730A66906BE532D808B1436FC4FD36A7DEC9A610B81CDEFEAA4D5F2C4CB6A08625EC
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):294
Entropy (8bit):5.298001044271625
Encrypted:false
SSDEEP:6:YEQXJ2HXjxihERUgrHVoZcg1vRcR0YfI2DoAvJfBD2G6UpnrPeUkwRe9:YvXKXja4UM2Zc0vjGR22cUkee9
MD5:0843546F5BAEB8DC966BC93603CEC4B8
SHA1:9DB15454F8279446382BCBE89C7A59ADBAAEF3FC
SHA-256:114B9E0F0F4ECD112707D432D4563D857C692C864C93097B921559BC9F20FDD3
SHA-512:FF8DED4C4378C487D8E44A670D2619F36F9907CBF5000059E95A32CBE7A9CEECE67A3F1F19D06C86596D45BCFF612746C1F1BE22D975ECE0BD10CDB079EC7ADE
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):285
Entropy (8bit):5.3553303853430805
Encrypted:false
SSDEEP:6:YEQXJ2HXjxihERUgrHVoZcg1vRcR0YfI2DoAvJfPmwrPeUkwRe9:YvXKXja4UM2Zc0vjGH56Ukee9
MD5:898261C29BE5350D2BE724D98040ECCE
SHA1:C2483B3F5C25445BCC36F56B68FE864E276A389A
SHA-256:97E93469F128F76626D825C6819203B88478BFFFE552BA094C7AD84747E306D7
SHA-512:7D178EA6A543BC388969F4BACBFCDEF5EC8E04E6FA18C834CB2253DBAD5E83377FCD8C5E294AA8AF0E58086DA858FADCA02E933DAE8313EE654D53CF4F669F6E
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1055
Entropy (8bit):5.662152561792527
Encrypted:false
SSDEEP:24:Yv6XFUHzv4pLgEscLf7nnl0RCmK8czOCCSz:YvtQhgGzaAh8cv/z
MD5:8730FBD84B3478694B232C0CAE8DE87A
SHA1:51CD4BDBB2FC7A1A181E7CFD98154C9E5082F5B6
SHA-256:D5845B4D09CA9715BD07739FC1BD12188EF63FB34450E1F81972D31B25AA8D7C
SHA-512:2B506852A15A5E556BD7D2C0093C93AC65622E6E274F100178BA6D17212593B4C2C6E209FD1E5337F5B4E6679F41B56D01B4D835F125E2AD822009046CE0DAE5
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1050
Entropy (8bit):5.654371181263917
Encrypted:false
SSDEEP:24:Yv6XFUHzvqVLgEF0c7sbnl0RCmK8czOCYHflEpwiVV:YvtCFg6sGAh8cvYHWpwc
MD5:7529914B47A96CE7BECD723E04A83EC0
SHA1:35BB412F13A69E1B6A2450248F9397A8250881BE
SHA-256:FAA9102F8152C4C5D8B949FEEABAFCDAC7D31BA5D5BB974773E65ED2EC1B9C05
SHA-512:DF5DF466ADCFAAE73568C41ADB2BA6126F7B1B23F061A0898F5FFACE336F814B405A6DC98D9448088B792CD4E2794E94FD6778EA4A0C71C3A67AC1FBC814953C
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):292
Entropy (8bit):5.307616345442566
Encrypted:false
SSDEEP:6:YEQXJ2HXjxihERUgrHVoZcg1vRcR0YfI2DoAvJfQ1rPeUkwRe9:YvXKXja4UM2Zc0vjGY16Ukee9
MD5:A7F624D92DA23898A510E7667A9F1FEE
SHA1:FEAF90C1D56D44295AAE78AC7306553F8C10B865
SHA-256:D7E5B7A2F1AAA0E9FA9485DA921797FD080C81ACEA743886B618B7E4EC51044E
SHA-512:E8B739C977D8026B73C15ADADE499CAFADB199F826E9A0C974D5309DE6463F295BB1E62ABE9922C8EA9B02A84DCCB8C35F8C716E7943FB9247EC3482B0E8B37C
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1038
Entropy (8bit):5.648217285400088
Encrypted:false
SSDEEP:24:Yv6XFUHzvX2LgEF7cciAXs0nl0RCmK8czOCAPtciBV:Yvtvogc8hAh8cvAz
MD5:60EDBB8FB1E2169AD232983C8726F8A8
SHA1:05CBDF95CBB51D4552EB36DA1DCECF5A22565EDB
SHA-256:4C74258467366B6187210E05C17A2BC8929DAB98B3AA3A3E566FD7D53EAB9666
SHA-512:3B53BEA7CA46AACFF018FED14C98693F659292DDE8E673F8D112C41BADD72CEF30B8DCA39F7981954BFDA8B96C053C936DD9310919EE04054349371937F97515
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1164
Entropy (8bit):5.700165958669054
Encrypted:false
SSDEEP:24:Yv6XFUHzv7KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5V:YvtDEgqprtrS5OZjSlwTmAfSKv
MD5:5DE05A3BEF0D570D8036BB11A23903C8
SHA1:CEC7F08CEF0FB3F930C1D5FBEC6F9AA12C4C8683
SHA-256:4C7226D2C196BE35D5C9B8AE25C64FAB04AA3AC65DF45961854D090D5332C268
SHA-512:B704F73FA730E09C2AB1FA10768AE6B8402196A06E178CD82D2ED6CD1CA2596AC8414576981C445BC3328A6B323465553F4A641D929AA4A7D98765A467B9566A
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):289
Entropy (8bit):5.309251106213765
Encrypted:false
SSDEEP:6:YEQXJ2HXjxihERUgrHVoZcg1vRcR0YfI2DoAvJfYdPeUkwRe9:YvXKXja4UM2Zc0vjGg8Ukee9
MD5:F6D69A0BA9593A50FE06F00CE36F52DB
SHA1:E0D3AD7A9AAFC28A99157D6ABA183A94C9252EEB
SHA-256:902ABAE4B725664D0F7690D27598FF43D571595699674CAADFEE38775FAEA04E
SHA-512:758FE5FA8FFB9AD66AF810192BA1A6E7C83074DE6F749EACACC1D01158715E1783A8962BD22CBA58666DB639AB9C86114578FB2BE1E50101F330940B11A10CDD
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1395
Entropy (8bit):5.775504113387191
Encrypted:false
SSDEEP:24:Yv6XFUHzvmrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNC:YvteHgDv3W2aYQfgB5OUupHrQ9FJg
MD5:19FF123D4E7FC78B35D30FAA417C9D79
SHA1:41F2FD25D5DE82048F622971C29A0AB3BB1200B9
SHA-256:0243069953F6014E3997218A1905A58AE09A10B2101177503DEBF761FEE6C84C
SHA-512:5CB6D6831608EF2FEE17FE5778713DC2B12F488B89CB4CFE5002ED0C97FDA89CD4A77D8E5585826C19DC155FB2F9155D76B910F854CCB0AD7666A1B863A7FAF5
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):291
Entropy (8bit):5.292734622401623
Encrypted:false
SSDEEP:6:YEQXJ2HXjxihERUgrHVoZcg1vRcR0YfI2DoAvJfbPtdPeUkwRe9:YvXKXja4UM2Zc0vjGDV8Ukee9
MD5:50610DCDCB76829F91EB2FC7E50027F3
SHA1:659B6BE925F6BB756435969AAB3C986570026043
SHA-256:A2F83A3CA6DC19A843B0190124EA4FEE9020BDB7532A6E07A4680484C48E398F
SHA-512:EFB908D1FB74E9C777C5F42B3A466BA18B3218DA54556BB2BC4EAF95BB24CEE065A8302C4ABA67A382002714DCD584FE8834A5186C60FBACE4D067A52F9E1F88
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):287
Entropy (8bit):5.297809989749907
Encrypted:false
SSDEEP:6:YEQXJ2HXjxihERUgrHVoZcg1vRcR0YfI2DoAvJf21rPeUkwRe9:YvXKXja4UM2Zc0vjG+16Ukee9
MD5:121369D695D8A2C04441540E08F4AD81
SHA1:BE3174C76B03454DBAA08E7ED880671AF34149C1
SHA-256:80BC867729D9F1507FC5D947A615746F3E4C8632DF8087BE78A660A3C2C8E6BB
SHA-512:AF611A9F09BCD67E86604917D85B18257FE0323D963C3243DE48474AFB26500D7D55C8D011DCB3766916DB35A6EDA4E581B343F14F7779CA1397A2D51E11427D
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):1026
Entropy (8bit):5.633334246280882
Encrypted:false
SSDEEP:24:Yv6XFUHzvMamXayLgE7cMCBNaqnl0RCmK8czOC/BSz:YvtSBgACBOAh8cvMz
MD5:284F6B72A715A47911F3363E371EA317
SHA1:496D53DB5B5D2F70EDA47DBC38F44978A542F583
SHA-256:93D1D0023B8141C46F4132C328526C2CA51C17CF0B2CEE7DB243506B8749F219
SHA-512:2623296F90A1D1F68CDCF27DCAEBE324C3C6824DDC4DFB42F807A97875C55D08D8F0673817B46F2E7AB26944B43C993D89789567115FC5F9A881595F2F323559
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):286
Entropy (8bit):5.273906855478661
Encrypted:false
SSDEEP:6:YEQXJ2HXjxihERUgrHVoZcg1vRcR0YfI2DoAvJfshHHrPeUkwRe9:YvXKXja4UM2Zc0vjGUUUkee9
MD5:1CC5DB52B2D4E327832FE25564F8E8E1
SHA1:DC2241944283148D1F23E6BD5FE1EFCA2FFC0D1A
SHA-256:364A56345E5A3B34C16B6BB0A5454EEEF62B0E40E8D48499B2281D5240A8B39A
SHA-512:650DCFFE8CFA99206FC847EFC5E1AD0E3DC0139A0ED63A9D906236C168D6D9BF94243EA85807F3F165C4BC1192ADEE6E93A2BDBCDBC05276F184E42FED1E6E17
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):782
Entropy (8bit):5.365521722729898
Encrypted:false
SSDEEP:12:YvXKXja4UM2Zc0vjGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWO:Yv6XFUHzvz168CgEXX5kcIfANhz
MD5:0505B3F4AAB94C8DE4EFEA4AD1B5C471
SHA1:FA998D734DF01B968FAE2BE47428977767BAA39E
SHA-256:96269CA8A7145AF945FD400B44072CC8511EC30B9A98D0A9F0DA4CBDD0435435
SHA-512:0D101CD8BE989FDB717DE3EC1AADFD89082831A00BD345495FF6F165828A2F4ABFA67A276CD6A48179A6E7FBE19D24FC23DAD0E3505410E4A280873C48980BD4
Malicious:false
Preview:{"analyticsData":{"responseGUID":"90a135c1-2932-4a18-9a4f-588637d9e857","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1730254035129,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1730081010163}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):4
Entropy (8bit):0.8112781244591328
Encrypted:false
SSDEEP:3:e:e
MD5:DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:false
Preview:....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:JSON data
Category:dropped
Size (bytes):2818
Entropy (8bit):5.11514653638984
Encrypted:false
SSDEEP:24:YeukVUGaVcphayPaN3FiRCEs3cyW6J7skrEARRjDg8PjGYj0SSfivC2xe2LSS5nx:YeYcuOC3c+ouNlshOn8wMdfb9k
MD5:F6838D8ED1A87A1EB7C3BEC313370C6B
SHA1:781CEACA67BBF1ECCD2A9F914C7D9C5D888380AF
SHA-256:C80975595C6460329B584340A842E0A891A567928B8D70708F82B2D2BA14B80D
SHA-512:E0EB6095A903F6425F6CAD03CF8C4C9196C4FC62C3B54534B7904ED1D5E78263FABBEECC7ABF7374B5BCC2411C8E2A5CB686AFA10D669416DEA8518936F2C678
Malicious:false
Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"d22b74387a308ebba1c42cc100573093","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1730081009000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"448a10e2c821d225f2b8342f3832f81f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1730081009000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"5464c85cc11a44fd62c8d345d1a95ae4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1730081009000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"27739370cab7197b0872ab983bdc3c3c","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1730081009000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"1ae2592773f573c4cda14873af3ba51f","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1730081009000},{"id":"Edit_InApp_Aug2020","info":{"dg":"13b73651e9baaeda79ddebf312d45155","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:dropped
Size (bytes):12288
Entropy (8bit):1.1879588807849273
Encrypted:false
SSDEEP:48:TGufl2GL7msEHUUUUUUUUDjSvR9H9vxFGiDIAEkGVvpn7:lNVmswUUUUUUUUDj+FGSItD7
MD5:2A97EC8038B98490E1A1FFA149D9893E
SHA1:390A186AB78CA46E2F84EFAE4DF463F13DBE8743
SHA-256:6184008AE4205F28546107711E174D35716FE7DDDF0AE5B41BED7633A594D57C
SHA-512:A658542A4A77FA3443023178CE96909384F8689D03C3A8FC49B4DBBB6BBF3AB0B471B62B5FC8AB9BFDE312D9E39074D48FD6EB6EAEC361D247451E8B98D73B9E
Malicious:false
Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:SQLite Rollback Journal
Category:dropped
Size (bytes):8720
Entropy (8bit):1.608029458079351
Encrypted:false
SSDEEP:48:7MnKUUUUUUUUUUDHvR9H9vxFGiDIAEkGVvzqFl2GL7msx:7tUUUUUUUUUUD/FGSItJKVmsx
MD5:951B04D3F2A20C9709ADE1C1B9627687
SHA1:CA9CF1ED0E880991814DF58F4FC87462DF1E11D4
SHA-256:928B2ED4525C0F8CBA27DD1A116A032034864AFC7C387785119B546035FF80C9
SHA-512:5EA1BC04D19595832890CE4BBD9742FDB38FF7358C8BEB85C37D293582EEAAD8E54E74987E88209DB12B9873BCC185D194E28E88D4C56E52B035B81B0F8DD5BB
Malicious:false
Preview:.... .c.....+.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSId0769.LOG

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:dropped
Size (bytes):246
Entropy (8bit):3.5004142083842487
Encrypted:false
SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K85SlVnH:Qw946cPbiOxDlbYnuRKFld
MD5:E662040B84840F838231374B18F5FBF2
SHA1:740AC0043526AC2C9A8EF7D8DFBE823EAF406CEB
SHA-256:82C9BA2E7F8FFFEBE65FB889FF4523F216B15934D72F145B52B3A4781FCD267B
SHA-512:0394FF544E975F480153B96277891323B17497AA622074A83FF1D8A05D5A713233F72D79B6941B8BE6183066F02559F18DC0751AFE9E93E109B06FF2E25F41E5
Malicious:false
Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.1.0./.2.0.2.4. . .2.2.:.0.3.:.3.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A912a8xm3_zqs40n_4kw.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:dropped
Size (bytes):144514
Entropy (8bit):7.992637131260696
Encrypted:true
SSDEEP:3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:false
Preview:PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..|....,.A.....Z..a<.C._..../G|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9hias7u_zqs40o_4kw.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:dropped
Size (bytes):144514
Entropy (8bit):7.992637131260696
Encrypted:true
SSDEEP:3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:false
Preview:PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..|....,.A.....Z..a<.C._..../G|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-27 22-03-25-794.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393)
Category:dropped
Size (bytes):16525
Entropy (8bit):5.345946398610936
Encrypted:false
SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:false
Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with very long lines (393), with CRLF line terminators
Category:dropped
Size (bytes):15092
Entropy (8bit):5.3388030816843575
Encrypted:false
SSDEEP:384:VjVm9bEFVMQ2zdTU6kjOqAm7foVJADoDsDeDh2FLRVrdTT1bxhUIg7PHCBC/qK85:9v5
MD5:D9CB63D7E146EB0CC00ED7AB1E7C680E
SHA1:A8ECCA01609FF843B748595D61A383509CDC3B15
SHA-256:618E810661EDE4F72F9C571E1F2AF4DE15BAC69F705A923973DBE81F415B49FA
SHA-512:28D3FBB135E44ADE48A3AC49014DB25BE3985D6D8B8039C843FBEB246F4DD21BD51D36395E48FF81E82FDB697B82DDFD9F2F609C605F73796780EE90548B17AD
Malicious:false
Preview:SessionID=aae1218e-8f3a-46cb-865f-6f38651148b5.1730081005828 Timestamp=2024-10-27T22:03:25:828-0400 ThreadID=888 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=aae1218e-8f3a-46cb-865f-6f38651148b5.1730081005828 Timestamp=2024-10-27T22:03:25:832-0400 ThreadID=888 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=aae1218e-8f3a-46cb-865f-6f38651148b5.1730081005828 Timestamp=2024-10-27T22:03:25:832-0400 ThreadID=888 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=aae1218e-8f3a-46cb-865f-6f38651148b5.1730081005828 Timestamp=2024-10-27T22:03:25:832-0400 ThreadID=888 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=aae1218e-8f3a-46cb-865f-6f38651148b5.1730081005828 Timestamp=2024-10-27T22:03:25:832-0400 ThreadID=888 Component=ngl-lib_NglAppLib Description="SetConfig: N

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):29752
Entropy (8bit):5.385109837370719
Encrypted:false
SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rJ:l
MD5:3AE8F5CA44EBA4D0FC0AC1315CB49908
SHA1:E0BC408C7BE39CDF63315D488AB06221A0D58BE9
SHA-256:B95F23B6102CC28824374D1111ABF6B6B39E1DA4FD355B67DED6B19FC78A6084
SHA-512:E31407535FF8A7740233925487497D1B0384C04AF36CB399F74B09B02C83E33F62107658455191595D1842720CEF421D6C42A2BB78EA26F246F2D0E6C7F23708
Malicious:false
Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\93a0ccc5-f7af-4776-97ce-90b2e8b1b8fb.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:dropped
Size (bytes):1407294
Entropy (8bit):7.97605879016224
Encrypted:false
SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\cd82fa27-61e2-4322-9e88-8a1218543282.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:dropped
Size (bytes):386528
Entropy (8bit):7.9736851559892425
Encrypted:false
SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:5C48B0AD2FEF800949466AE872E1F1E2
SHA1:337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:false
Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\d760537e-ff50-4b6e-b99e-8c84d9364a57.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:dropped
Size (bytes):758601
Entropy (8bit):7.98639316555857
Encrypted:false
SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:3A49135134665364308390AC398006F1
SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:false
Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\eb1d59f2-def1-4972-bb5c-5b3bb307046b.tmp

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:dropped
Size (bytes):1419751
Entropy (8bit):7.976496077007677
Encrypted:false
SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:18E3D04537AF72FDBEB3760B2D10C80E
SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:false
Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):98682
Entropy (8bit):6.445287254681573
Encrypted:false
SSDEEP:1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
MD5:7113425405A05E110DC458BBF93F608A
SHA1:88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:false
Preview:0...u0...\...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File
Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:data
Category:dropped
Size (bytes):737
Entropy (8bit):7.501268097735403
Encrypted:false
SSDEEP:12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
MD5:5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:false
Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R*.......~....)....i.*n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

Static File Info

General

File type:PDF document, version 1.7
Entropy (8bit):7.996441934324836
TrID:
  • Adobe Portable Document Format (5005/1) 100.00%
File name:C0260-COUNCIL APPROVED PLANS - ISSUE D.pdf
File size:4'497'058 bytes
MD5:018732c25a95c5da3a89236fa5efa746
SHA1:08b3a4435963497defff04e10f82d5753dfae46d
SHA256:5dc1aaff1c2469c7ec4c766e9f654fc3eb6a91dbe784005feb91de68687f7bb4
SHA512:a20c0430a5b2e75dcf1a587dc2f466a9ac4cbb36133a575553c665c74937a9b59c1efc0be7ac80fd982a81df6f56e03309a4da70ff2e16d583bbf02a1f705ea7
SSDEEP:98304:WQ5raBd3Rov3bw2cjKkj7svAcJvOGLopgHCN1Vw39Mw2ut:1uBdBs32/v/cJ58yCNAf2ut
TLSH:C42633B5C73EF098C581E249934976CB45C1C4E2CE45631B7CAD860F7FA9E228A187F9
File Content Preview:%PDF-1.7.%.....2 0 obj.<<./Metadata 4 0 R./Outlines 5 0 R./Pages 6 0 R./Type /Catalog./Version /1.7.>>.endobj.4 0 obj.<<./Length 3382./Subtype /XML./Type /Metadata.>>.stream.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:n

File Icon

Icon Hash:62cc8caeb29e8ae0

Static PDF Info

General

Header:%PDF-1.7
Total Entropy:7.996442
Total Bytes:4497058
Stream Entropy:7.996718
Stream Bytes:4471381
Entropy outside Streams:5.083878
Bytes outside Streams:25677
Number of EOF found:1
Bytes after EOF:

Keywords Statistics

NameCount
obj216
endobj216
stream215
endstream215
xref0
trailer0
startxref1
/Page0
/Encrypt0
/ObjStm2
/URI0
/JS0
/JavaScript0
/AA0
/OpenAction0
/AcroForm0
/JBIG2Decode0
/RichMedia0
/Launch0
/EmbeddedFile0

Image Streams

IDDHASHMD5Preview
2296c6ed28e8e8e8cb2a42aa6cf498aab6fcc32d5e9fcc4f88d
2386c6ed28e8e8e8cb2a42aa6cf498aab6fcc32d5e9fcc4f88d
2516c6ed28e8e8e8cb2a42aa6cf498aab6fcc32d5e9fcc4f88d
2596c6ed28e8e8e8cb2a42aa6cf498aab6fcc32d5e9fcc4f88d
2656c6ed28e8e8e8cb2a42aa6cf498aab6fcc32d5e9fcc4f88d

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:22:03:22
Start date:27/10/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\C0260-COUNCIL APPROVED PLANS - ISSUE D.pdf"
Imagebase:0x7ff6bc1b0000
File size:5'641'176 bytes
MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:1
Start time:22:03:23
Start date:27/10/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:0x7ff74bb60000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:3
Start time:22:03:23
Start date:27/10/2024
Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2112 --field-trial-handle=1560,i,13082462782588250039,15820702864386055181,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:0x7ff7699e0000
File size:3'581'912 bytes
MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

Disassembly

No disassembly