Edit tour

Windows Analysis Report
schillings 1001 casey.pdf

Overview

General Information

Sample name:	schillings 1001 casey.pdf
Analysis ID:	1542321
MD5:	024d95668a55d343ce3480eecae71127
SHA1:	939f41b020eaa336b671e3f20aeb4b292b0ca93f
SHA256:	e489e2d06b9397325cbb4e476d89382e7ccbdf88d9dd28ce0a9c13b8581ddbe5
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 6280 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\schillings 1001 casey.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 5792 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 3704 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1744,i,14201725614896609430,17820809391108696731,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	DNS query: name: x1.i.lencr.org
Source: global traffic	DNS query: name: x1.i.lencr.org

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: classification engine

Classification label: clean0.winPDF@14/45@2/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6572

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 13-37-38-867.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\schillings 1001 casey.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1744,i,14201725614896609430,17820809391108696731,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1744,i,14201725614896609430,17820809391108696731,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: schillings 1001 casey.pdf	Initial sample: PDF keyword /JS count = 0
Source: schillings 1001 casey.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: schillings 1001 casey.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe
https://www.adobe.co	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.57.18	true	false	unknown
x1.i.lencr.org	unknown	unknown	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	URL Reputation: safe	unknown
https://www.adobe.co	ReaderMessages.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1542321
Start date and time:	2024-10-25 19:36:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	schillings 1001 casey.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/45@2/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 162.159.61.3, 172.64.41.3, 217.20.57.18, 2.19.126.143, 2.19.126.149, 2.23.197.184, 88.221.168.141
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
VT rate limit hit for: schillings 1001 casey.pdf

Simulations

Behavior and APIs

Time	Type	Description
13:37:49	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	3coxOaV92n.exe	Get hash	malicious	ScreenConnect Tool	Browse	84.201.210.18
	Qjq85KfhBC.exe	Get hash	malicious	ScreenConnect Tool	Browse	217.20.57.21
	khwHsyfsJ1.exe	Get hash	malicious	ScreenConnect Tool	Browse	84.201.210.34
	xrWUzly94Z.exe	Get hash	malicious	ScreenConnect Tool	Browse	217.20.57.18
	AmedVA2n92.exe	Get hash	malicious	ScreenConnect Tool	Browse	217.20.57.18
	https://accesspage853.ubpages.com/4k5-ffdfg	Get hash	malicious	Unknown	Browse	217.20.57.19
	https://thegramp.nimbusweb.me/share/11336505/nigrk0yirmsg8qt4s4nm	Get hash	malicious	HTMLPhisher	Browse	217.20.57.25
	https://coinbase-team.net-s07.live/Zendesk/invite/ca2fd752-4355?rid=Ztd9NzC	Get hash	malicious	Unknown	Browse	217.20.57.27
	Gcca4WygdZ.exe	Get hash	malicious	ScreenConnect Tool	Browse	217.20.57.34
	l4MyhIt40P.exe	Get hash	malicious	ScreenConnect Tool	Browse	217.20.57.39
bg.microsoft.map.fastly.net	3coxOaV92n.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.210.172
	e5mSvqt7Ho.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.210.172
	96r3GgxntQ.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.214.172
	xrWUzly94Z.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.210.172
	EPCo9k8NIn.exe	Get hash	malicious	ScreenConnect Tool	Browse	199.232.214.172
	https://accesspage853.ubpages.com/4k5-ffdfg	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://beta.adiance.com/wp-content/plugins/arull.php?7096797967704b5369323074645079557a5054436e4e5379314f7a644d725474524c7a732f564c7a4f4b794d6a574277413dhttps://digidunesen.sa.com/v2Xhk/#X%5Bemail%5D	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	https://link.edgepilot.com/s/8e0e5379/EMW5cxymxkqj1qgquAdAJg?u=https://1drv.ms/o/c/67a50aba8b4bc7df/Es0QkMhT9wJGqs_vzb8xaRQBgzED6dWk5_dCMe34N16rYQ?e=5%253aTtRWoI%26sharingv2=true%26fromShare=true%26at=9&c=E,1,DNZ_Csfpwg3nzWxVo2TSq2LzcEM3C6hdkfA-QbvL5dwYrcj0RsSt_vroZV-UqAThZkP5E_WMmdbQ82a_nveA3iNTPpg_CIcQxQFCbK60ykcRIVrxnkr2VnkbdtuE&typo=1	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://8i.eryonficket.com/g60ff/#aGVzc2dyb3VwaW52QGhlc3MuY29t	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://www.evernote.com/shard/s512/sh/13954171-1260-d858-de69-06ffb19cd62f/IpXIE2ZoTfkUL7pCMibo1Wvq-pGORrIcZV-gRtF0-ppZOJhbsY-7OG4AYQ__;!!A-_UObntj2w!TCF-dwwxew6_4xwX0vz37obzz_Nme89BLzz0LCDHIEcMt0H-fDdV9LeqXfzP36mva0iIJhqBnntAwfDFEkCvUyHvgSgA8Q$	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.219044891749107
Encrypted:	false
SSDEEP:	6:N3v+q2Pv2nKuAl9OmbnIFUt8036WZmw+03qTRVkwOv2nKuAl9OmbjLJ:Nf+v2HAahFUt80KW/+0a9V5bHAaSJ
MD5:	65C944CE2706A169B085AF37C23747E5
SHA1:	B4EFFDB09FBFF6F1278072E2143F4FEFB18C4CF0
SHA-256:	06350DDA1E4C5F17065E68D4D3394699D85A579807A0154B9831100AC8D3672C
SHA-512:	AFA6EF9A171A0841D2C2785477B2305393A4CF8E3AD969425471C170663094B7E913EEE2157DD849803DFBA6B6B057700CE6EA5F864EF8B7B49F665C2F51978C
Malicious:	false
Reputation:	low
Preview:	2024/10/25-13:37:36.557 163c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-13:37:36.560 163c Recovering log #3.2024/10/25-13:37:36.561 163c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.219044891749107
Encrypted:	false
SSDEEP:	6:N3v+q2Pv2nKuAl9OmbnIFUt8036WZmw+03qTRVkwOv2nKuAl9OmbjLJ:Nf+v2HAahFUt80KW/+0a9V5bHAaSJ
MD5:	65C944CE2706A169B085AF37C23747E5
SHA1:	B4EFFDB09FBFF6F1278072E2143F4FEFB18C4CF0
SHA-256:	06350DDA1E4C5F17065E68D4D3394699D85A579807A0154B9831100AC8D3672C
SHA-512:	AFA6EF9A171A0841D2C2785477B2305393A4CF8E3AD969425471C170663094B7E913EEE2157DD849803DFBA6B6B057700CE6EA5F864EF8B7B49F665C2F51978C
Malicious:	false
Reputation:	low
Preview:	2024/10/25-13:37:36.557 163c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/25-13:37:36.560 163c Recovering log #3.2024/10/25-13:37:36.561 163c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.224742817005399
Encrypted:	false
SSDEEP:	6:N3odR3+q2Pv2nKuAl9Ombzo2jMGIFUt803C2Zmw+03cU6HNVkwOv2nKuAl9Ombzz:NYiv2HAa8uFUt80y2/+0MRT5bHAa8RJ
MD5:	629CAB7CD3186652515DCD13FBDD7EE3
SHA1:	283A9570E375296267AF7E747BC9DE71806BBAB8
SHA-256:	30F5022F22EBE1FC330A64EF535979B97D01B2A62C387C44C7C833AB590545B6
SHA-512:	06AA03E78E0C0C246B30C30231B46B00501BF2A795985D92AC8C5FB0B02301D6D4D155ADD207DF83E7F5CB154D329FD211E513F4F5B54974C663F34CB53C11C5
Malicious:	false
Reputation:	low
Preview:	2024/10/25-13:37:36.724 1a68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-13:37:36.727 1a68 Recovering log #3.2024/10/25-13:37:36.728 1a68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.224742817005399
Encrypted:	false
SSDEEP:	6:N3odR3+q2Pv2nKuAl9Ombzo2jMGIFUt803C2Zmw+03cU6HNVkwOv2nKuAl9Ombzz:NYiv2HAa8uFUt80y2/+0MRT5bHAa8RJ
MD5:	629CAB7CD3186652515DCD13FBDD7EE3
SHA1:	283A9570E375296267AF7E747BC9DE71806BBAB8
SHA-256:	30F5022F22EBE1FC330A64EF535979B97D01B2A62C387C44C7C833AB590545B6
SHA-512:	06AA03E78E0C0C246B30C30231B46B00501BF2A795985D92AC8C5FB0B02301D6D4D155ADD207DF83E7F5CB154D329FD211E513F4F5B54974C663F34CB53C11C5
Malicious:	false
Reputation:	low
Preview:	2024/10/25-13:37:36.724 1a68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/25-13:37:36.727 1a68 Recovering log #3.2024/10/25-13:37:36.728 1a68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\925f9d79-2fc0-4a8f-a822-06614ce21117.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	476
Entropy (8bit):	4.97071351869182
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqz0sBdOg2Hxqcaq3QYiubPP7E4T3y:Y2sRdsG5dMHxF3QYhbH7nby
MD5:	A254A2F0B5C1ADB23C93F2601EA1B97C
SHA1:	EF81EF527F2AE626C6A53C3DE273374BA7905BF3
SHA-256:	CCEAA8D8C75974FEA4384038CB51F592B3CD0ACA178B56FCA06B8CAAB1539A33
SHA-512:	1FC81E7E503A6C7BA3033CA60D369CB30CAE638A176C2AE3253424DB462853E50CD0B128CF3B417A553CD58B8C6E8180011F2EAD9C2DDEF90F5D1B47061E9AD8
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374437863132629","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":242905},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.12","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	476
Entropy (8bit):	4.97071351869182
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqz0sBdOg2Hxqcaq3QYiubPP7E4T3y:Y2sRdsG5dMHxF3QYhbH7nby
MD5:	A254A2F0B5C1ADB23C93F2601EA1B97C
SHA1:	EF81EF527F2AE626C6A53C3DE273374BA7905BF3
SHA-256:	CCEAA8D8C75974FEA4384038CB51F592B3CD0ACA178B56FCA06B8CAAB1539A33
SHA-512:	1FC81E7E503A6C7BA3033CA60D369CB30CAE638A176C2AE3253424DB462853E50CD0B128CF3B417A553CD58B8C6E8180011F2EAD9C2DDEF90F5D1B47061E9AD8
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13374437863132629","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":242905},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.12","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4288
Entropy (8bit):	5.2105800158036875
Encrypted:	false
SSDEEP:	96:GQux1TtQoLOdBrjx5uaLOKhtr8OU8tZdUtFuHHoQHWSJCfSJTZ:zux1TNOdBrjxQIOK/4OvZdUPuHHoQHW2
MD5:	17C445EDA7C6E22F0C7D88D2A93B8BC0
SHA1:	1777B0A1BFF14EF0F750613BA3445EB8E0A0E5FA
SHA-256:	AE1C828A16E914BB79CF23CAF08F9B812C5789913C2D127944590031696C6D19
SHA-512:	12BE457DA02A45016AAD4C911CDD6BA6175DBA711CEC3A119484A1D53EBF91FDC681B0912ED424CB1C29AEED59C40A44F911251FBA994D2A2CF2B58B6B97EE88
Malicious:	false
Preview:	*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-7e305c39_d2cf_4529_a05a_c594b19b130d-https://rna-resource.acrobat.com/.08..ur................next-map-id.2.Snamespace-3b7a0125_ffe4_43e4_9267_9114e9bd4ef0-https://rna-v2-resource.acrobat.com/.1..kr................next-map-id.3.Snamespace-b5707108_0a77_4f86_8085_b3b780fa5fd7-https://rna-v2-resource.acrobat.com/.2a60.o................next-map-id.4.Pnamespace-706bf942_8f67_4abb_a866_2428106408be-https://rna-resource.acrobat.com/.3....^...............Pnamespace-7e305c39_d2cf_4529_a05a_c594b19b130d-https://rna-resource.acrobat.com/$...r................next-map-id.5.Snamespace-8636f107_899a_42b0_9217_ddfd773d1c84-https://rna-v2-resource.acrobat.com/.4..p.r................next-map-id.6.Snamespace-7b9f8588_400e_4560_9274_0b14323a49a1-https://rna-v2-resource.acrobat.com/.5]..ro................next-map-id.7.Pnamespace-c8af9c4a_d01c_48c1_9e5d_35b6c87a8d52-https://rna-resource.acrobat.com/.6...uo..............

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.242296664477586
Encrypted:	false
SSDEEP:	6:NXFN+q2Pv2nKuAl9OmbzNMxIFUt80dZmw+0UNVkwOv2nKuAl9OmbzNMFLJ:NXOv2HAa8jFUt80d/+0Uz5bHAa84J
MD5:	2FCFE338295484E86BEBC24D858913E0
SHA1:	5E3690E1519B423C24B0B4369EDD72A4440DFF10
SHA-256:	00C2BCA10AC2D083D04C973F091C7745794A7DCE819DE5524330C0A5C479F9FE
SHA-512:	4810B81C7F14D564F0078B849530F214D876946A47FAE1ED1387B403DCE00C250E5AC5A6B578B613ADA8C4AFDD9478018040F2711A4C781BC6D8142FE9A19B59
Malicious:	false
Preview:	2024/10/25-13:37:37.618 1a68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-13:37:37.656 1a68 Recovering log #3.2024/10/25-13:37:37.673 1a68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.242296664477586
Encrypted:	false
SSDEEP:	6:NXFN+q2Pv2nKuAl9OmbzNMxIFUt80dZmw+0UNVkwOv2nKuAl9OmbzNMFLJ:NXOv2HAa8jFUt80d/+0Uz5bHAa84J
MD5:	2FCFE338295484E86BEBC24D858913E0
SHA1:	5E3690E1519B423C24B0B4369EDD72A4440DFF10
SHA-256:	00C2BCA10AC2D083D04C973F091C7745794A7DCE819DE5524330C0A5C479F9FE
SHA-512:	4810B81C7F14D564F0078B849530F214D876946A47FAE1ED1387B403DCE00C250E5AC5A6B578B613ADA8C4AFDD9478018040F2711A4C781BC6D8142FE9A19B59
Malicious:	false
Preview:	2024/10/25-13:37:37.618 1a68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/25-13:37:37.656 1a68 Recovering log #3.2024/10/25-13:37:37.673 1a68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025173741Z-174.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	0.7382048777503072
Encrypted:	false
SSDEEP:	96:WlasREd27Mo6LCzDJjQj59uibpzvzwo3mC+PKVPJFB/UHdo:WLREIQgDJs7DbpPwo3mC+PsJFhUHdo
MD5:	6EB0FE33267A6BFAF773E41707BB0A5D
SHA1:	DB786A5574443820A5177841C4544AE2EEC46F7D
SHA-256:	2C6B404147510C4F556AE92F166F0AA4052B4BF4651FF900B52C99233DF761AF
SHA-512:	FFC0F86ADD5C98B280073C391332D5F71DC5AFF2170BF3EE1420F2C14E024A2DFA3363DF23FAF82F1ECACA020A0BFE16BDAFBAC45389F48E013126156B6DE10F
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.438881481883522
Encrypted:	false
SSDEEP:	384:ye1ci5GNiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:ShurVgazUpUTTGt
MD5:	73325E67B07400868D153018D1871522
SHA1:	6451D37E573FAA791A8F8CD5F5E7C63F56F96420
SHA-256:	72D2B40A5A58CF6D9BD11119680A4B3E26977046BE2A4AE4B718D5454B8F98D3
SHA-512:	DF036E1BB7BEDA351ABB3E354563E4B54BB1E41A19CBA46BF9F3CA8A407D20DB952F08E09720793480770FAAFBB56A5682AAC249C1A05FA674FFD5E031AB758C
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7652243484057113
Encrypted:	false
SSDEEP:	48:7MYJioyVWioyEoy1C7oy16oy1wKOioy1noy1AYoy1Wioy1oioykioyBoy1noy1OL:7DJuWcXXjBiFb9IVXEBodRBkO
MD5:	F916204241BD225DA0C5A0A0D006F1C1
SHA1:	B003DF4D9C48318BCD00CBC993CB398D6C5B52E7
SHA-256:	3987644B306A418B6D99DEB6BE23C5513DA588828221409A3156F1A30D4A9C29
SHA-512:	FE87E3E07CB02D64C581A56BC21A791E00BA3837E67EEC7E697CC11185A35E3BF04AB004253A62BC085F2413B1BCFC64D3338EF2AE8D0858FBA1BE80D83BFE01
Malicious:	false
Preview:	.... .c....._dE................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.779094196322516
Encrypted:	false
SSDEEP:	3:kkFklk0tfllXlE/HT8kzpZNNX8RolJuRdxLlGB9lQRYwpDdt:kK90eT86dNMa8RdWBwRd
MD5:	F0691392B1786A4CFC4291FCE2B212E7
SHA1:	DB4B8560996C401D67BA4301A43DA59E46068D0B
SHA-256:	2EEA1E1D894F827E56B19CD714EC275D1B1642D3E8F6D77C00F8745047952CA5
SHA-512:	BF77EAEFA705196E0E13E6DA3465863FE37330B4D8A690FA11D909EBC36296FFAC70FDC8A709F90E9E67F86C2F9209C9B4A2C85BC45E011B01F7599C43C41186
Malicious:	false
Preview:	p...... .........G...'..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6572

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:qKPC4iyzDtrh1cK3XEihW7VK/3AYvYwgF/rRoL+sn:XPCyl/3AYvYwglFoL+sn
MD5:	AC4D831D284E1A0B031212C23457E437
SHA1:	81956E4DEC35B1BB75D7DE5C9D2CF2B68C1C6416
SHA-256:	B91563F11F3D99A8267709DC454B7591DA1E1409742DECBF5DC79F3E2589A469
SHA-512:	F647862252580EE86825D9564CB6E8C407DAFF395CDD3FF05A3764C514CAE7B7E9A6946661AD6C7C15F1639E03987FD419BF31E5C9BA038156B0492A057AE659
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.357753878562165
Encrypted:	false
SSDEEP:	6:YEQXJ2HXj0j+QdhlzFkF0YitRJWEeoAvJM3g98kUwPeUkwRe9:YvXKXjQZDtf5GMbLUkee9
MD5:	1E8C1CAE88B89030C2BE3748EE69BE88
SHA1:	D46AAA128980D1B0E7BAD484F29522C972EABDC8
SHA-256:	373D63E532AA2B6CA69CDE3165DA3331655300658D8CC24F778466BB5F4E07EA
SHA-512:	C71EAC190F0942FCC27BA092CA98F489417718D70A69DEF7154DCB46797AEDFB37AAC3B8C1B267B91DC6F489C458B51D9257D51C5B9794FA42EC3382A6E33ADC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.294378062529539
Encrypted:	false
SSDEEP:	6:YEQXJ2HXj0j+QdhlzFkF0YitRJWEeoAvJfBoTfXpnrPeUkwRe9:YvXKXjQZDtf5GWTfXcUkee9
MD5:	431B885528A267E648CCD3656159A68E
SHA1:	B97CC738DDF7FF6E14478667B8D0FFDB6B91AEB5
SHA-256:	CBC1EB2D888A7B3E62BF1D8582846B3F9017161613AECB3BC930F4D927A0A135
SHA-512:	B38301AB996B8369F73B69EADF3695E03C9A05C4343B88792EE6E61BCB63437045B63DD479B4F8C46042373599FB308E79A7574EB4E41D46B83E5E23069CA021
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.274149704237202
Encrypted:	false
SSDEEP:	6:YEQXJ2HXj0j+QdhlzFkF0YitRJWEeoAvJfBD2G6UpnrPeUkwRe9:YvXKXjQZDtf5GR22cUkee9
MD5:	174E6F2239DD3753AE01150DB29CF277
SHA1:	88BBC9C04E619FF10491DA10E52118942548600B
SHA-256:	03DAB70B10F8B27C71A7CD9EE7F886FC4E9689089251DDB51FAE1698EE92FB3B
SHA-512:	1EC7905C5933D8BB19CC5903CCD335DAD8434E2E60B16B158CD2A9AEEE2D46E9505A849AD47414F3A477B649BFD8EAD971F4DE355337DE3B043CABC42DD48858
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.337696837046504
Encrypted:	false
SSDEEP:	6:YEQXJ2HXj0j+QdhlzFkF0YitRJWEeoAvJfPmwrPeUkwRe9:YvXKXjQZDtf5GH56Ukee9
MD5:	0A0B4425881E183F5E4A85EA496966E6
SHA1:	784DEA3AC13526FA8B503C1B5F06C3EF2D4575AB
SHA-256:	D05E08F7463BEC54FE23DDC05722EB1E04634DE5EFB71A9D5B25D1572F43B672
SHA-512:	B98BE1C928A1B173FB19FFEACBB180F3F254E813E57CA86A0D4BDCEE56785A287B5AC2E6A6B8A969542D880A2423B1D6DB810A8A1EB8CDBFD8002D4077997D4D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1055
Entropy (8bit):	5.656312948235458
Encrypted:	false
SSDEEP:	24:Yv6X8ZpfepLgEscLf7nnl0RCmK8czOCCSbbn:YvpZpfehgGzaAh8cv/H
MD5:	F96CB1A7F4B62F8C8478B2D544568985
SHA1:	CC72A7F5FBCA03857105ACC00F96A64500B7B9BF
SHA-256:	1C6554B3A647DBC16783152920AD91DCBCB39AECF37B50249FA232A1208A67D3
SHA-512:	9E908640176EEF0ABF1DA90B81E9A7AAE7983BEDC58F50CDFBE439D924156E9B59CEC92ED53E860831555BFA98FB345BC8302996A92EFA6FDE32C707703E9120
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_1","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"eb1a4bce-8215-46f1-b44c-154b21a85d60","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingScheme":tr

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.6499901902309695
Encrypted:	false
SSDEEP:	24:Yv6X8ZpfIVLgEF0c7sbnl0RCmK8czOCYHflEpwiVgbn:YvpZpfIFg6sGAh8cvYHWpwH
MD5:	7150031E9EF5EDEE5D56BCBFE2B20737
SHA1:	6AC9D00FEFD04A8FFD5C415A6AA0AC4D1F4AA00D
SHA-256:	71F0B180CDAB229A1FF74DEA04D3D64408FA1181E5CAE10EE25901ABAC815388
SHA-512:	3CCCDFAFE0C67E4FCD1D8626F9956B28482B286024F7B262FC7D11187757F9E4BBEC79364EDE184D9E69317CC485DD860B3B582C69EDDAB0D3B85FCFE65B6044
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.282870920170783
Encrypted:	false
SSDEEP:	6:YEQXJ2HXj0j+QdhlzFkF0YitRJWEeoAvJfQ1rPeUkwRe9:YvXKXjQZDtf5GY16Ukee9
MD5:	69FDBA3ED4FDB8B2241691173EAB3359
SHA1:	ADFA2B59099DF22AB549B9C03B05DDC1561763A5
SHA-256:	18A30400DB45E066933074BB849ADCAF38E4E8016D77BB51D8BBF6B81C768C9E
SHA-512:	2972972BB5CEE6F46C3D4963723096FB6E3D1621B44D2894A2DD8F20CEF3E91EF337D11B608729B1FB463CC7584B0A82E6975DC035B1FB92D836E77D764E691D
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.6434976825982766
Encrypted:	false
SSDEEP:	24:Yv6X8ZpfN2LgEF7cciAXs0nl0RCmK8czOCAPtciBgbn:YvpZpfNogc8hAh8cvAQ
MD5:	4FD3863949A3214F82C9ED5CDD1520F7
SHA1:	AD3F59653A2DBC123E20951DA8DF55CD0B433EBE
SHA-256:	FEAEFF1918157BFB9295ABC85AEFD6AA42CE51E9F50E75C13C169790C7A72618
SHA-512:	FAF44BC6416A2C164E693E7C0F9A3152A7E2642274E6FE1227F95162E126E49D954EB68331D7F246A51F89DBDC38900467BACBB0B49944B2846DFB978E4B2111
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.693831032473971
Encrypted:	false
SSDEEP:	24:Yv6X8ZpflKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5gq:YvpZpflEgqprtrS5OZjSlwTmAfSKd
MD5:	B4EC5EBD66580B98CC86F22573333C71
SHA1:	168107D344D408B3DEF4CEBC624735EFCCAB1939
SHA-256:	7D7143CD546C4D21A395D88A90C96C43E3DB3069FCEF3A11218944EFF51182BD
SHA-512:	34BA5A0B952A39FFCDF4D437C012A82D4A7399ACDADF69B0B583DBE9F34FDDB9F9E623C04ED1F2EBA7053CE4E82BA8E2CCDEFE32162822C841E45C1BBB12997C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.290112316312469
Encrypted:	false
SSDEEP:	6:YEQXJ2HXj0j+QdhlzFkF0YitRJWEeoAvJfYdPeUkwRe9:YvXKXjQZDtf5Gg8Ukee9
MD5:	9F18ADE8ADDC969A7BF81B174E2FDB7F
SHA1:	6FF46C3DF12E5DEF0BE8EB0411B60E6059176B36
SHA-256:	23842F0D7AB03EB4567593DE52B105B553FAF044417CFC5429E3E7B6AC825665
SHA-512:	2E2DA47C91E5427742EEFBF1745260A389ACE460959C3D8AC9C674A6B36B82E91E209DFF4D4CF6234844997FAAA656B19AACD97AC8AD23A1E710A27553EC2D44
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.770471322303747
Encrypted:	false
SSDEEP:	24:Yv6X8ZpfYrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNIbn:YvpZpfYHgDv3W2aYQfgB5OUupHrQ9FJs
MD5:	31C023649F689D22E3193F15DE64B02C
SHA1:	4FE390A13F3B06EEF48B3E3225F6074687F93DBE
SHA-256:	25B5793B7FBB1FE1E4AA08360089DEFFAC7535A17B970B65B28484BBE7F1182A
SHA-512:	3B5C7E64E9A70B57ED917C296D5DCAEAC7617AB385278233E6826DE5DBC572438560A8AB02DC0244BB3845A0D10E10B1F92FDD8702E282FE695F4396D4A76DBD
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.273727370575252
Encrypted:	false
SSDEEP:	6:YEQXJ2HXj0j+QdhlzFkF0YitRJWEeoAvJfbPtdPeUkwRe9:YvXKXjQZDtf5GDV8Ukee9
MD5:	5AB5128625B13FE3CBE5D222272DF018
SHA1:	B0622948E4E3B8615734B71F98284DD6A56F715E
SHA-256:	EE9D2EF2761608027F906564A01EA73F8F1004566CEF111391C6E8853E2A4D83
SHA-512:	D0C10776F4673C39EC9F410F76094D29C07CDFEF983F09F75703377E0FF586BE14E422DB45DC03D1AB5A679D92E4CA193D41264F1FC8B253ADF23180C47951AF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.2726334595082305
Encrypted:	false
SSDEEP:	6:YEQXJ2HXj0j+QdhlzFkF0YitRJWEeoAvJf21rPeUkwRe9:YvXKXjQZDtf5G+16Ukee9
MD5:	130698735EB8325EA12E96BBD0AAA738
SHA1:	81293F3713527EBCA81933A04C3AEEEFBFEA1482
SHA-256:	FAF2C7D8C08B96BB833DB6BA2117FA5A0B745374EADF910C8900286F84C998A1
SHA-512:	9BA6FF4CB698F70166840585B9DD30E4043AAD9F7B259191449D59F0F5E9D23E644A731D07F5AA7B64B8673F0F5BF81C6944021ABDCBED26E95AC8DBE8562198
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	5.627755464886463
Encrypted:	false
SSDEEP:	24:Yv6X8ZpfCamXayLgE7cMCBNaqnl0RCmK8czOC/BSbbn:YvpZpfcBgACBOAh8cvMH
MD5:	C21DB0E4EF9C0EF106A6B4DC1A8328DE
SHA1:	6426EBD21D6366A7437DEFC1C26AC92DFCF89B35
SHA-256:	328E0455DE476E1E947E1B7D582CD8038014FC0F70DB12F6C0EA64AD7F8E3410
SHA-512:	05AEC4CBD1FA26C46F240279B4191B4E3C44DEE71752F355BE0CCE7DEBA43D56C3B43C49C30DA2C5F445B0A582CD7F89C39EA2DDCD2F0F4A65D50CB64A461174
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"92038_285529ActionBlock_0","campaignId":92038,"containerId":"1","controlGroupId":"","treatmentId":"6291f52b-6cb0-4d31-bc46-37ce85e9eb25","variationId":"285529"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1751323379000,"s

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.246313663073628
Encrypted:	false
SSDEEP:	6:YEQXJ2HXj0j+QdhlzFkF0YitRJWEeoAvJfshHHrPeUkwRe9:YvXKXjQZDtf5GUUUkee9
MD5:	CDD957019A8A9EEAEB8B0C851E36DAB2
SHA1:	18547053DD226FFDC672C41B6B311496FD87375B
SHA-256:	1B620B03F037ABF01083B31BA8CEFC9661593BD68FCC3FA14AE263B53876BAFA
SHA-512:	76EED6E1057CA112C1E66F917F554C6AF5DF77DAB44C365BF581B4C3CA28BBF89FBE8538A57CA3E316E40F3D7DFF8B5965506D3FF62FB17545CE6ADFBC37770E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.36635917819226
Encrypted:	false
SSDEEP:	12:YvXKXjQZDtf5GTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWCdbn:Yv6X8ZpfV168CgEXX5kcIfANhbbn
MD5:	86946143BD72DB638FC8F483A0E1B6F3
SHA1:	FAE7EAC435E5F8E3B8660D43A882B9A97AD6C8EA
SHA-256:	C3A8B8CE1FED4129357D9E126AAD8B460DCEFC78423EBAE06D472173116F44F8
SHA-512:	9D02CB4CEDD80949E8F55A1756F042E7822233962ABE277F04FF6F32CC38ED0ED11A058A1CE4FB6BBC01C9ED1F15EE15B950D218139C7D352DF8ED44550206DE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"e320d1fe-c2a2-4ed3-a256-b7d58e2ebb10","sophiaUUID":"0515ACAE-DCC7-4733-8101-9751FF724CB9"},"encodingScheme":true,"expirationDTS":1730056499444,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1729877864486}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.1216463129539145
Encrypted:	false
SSDEEP:	24:YOaeSqIaWhI3ayRSiP04gXC3AcQYBYDG6aoVVESljoj0Sw9Su3/xo2++2LSwvbYy:Y4zyvlNcuG6Jqnu3mOiU1MS9A
MD5:	8D67A1F2641146B76A956EF11D5591D8
SHA1:	6052AD93F249541679F2455C100A06B6D7090E0B
SHA-256:	EBB935E54D4ACE3A21D65729147597BF90E8CC7C88874F73665ED10A1268F586
SHA-512:	1D7C6B2CE1A9403B5B2CB5A0CB37AF8ABEBB221287886110C4659D4B84D9BDFD8D2874D36EE5F7A216C8695E8595007A1DC6124678A991E27E098418BC77F833
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"efd8037a5606b8f58e3a63770123541b","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1729877864000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"740e1d8c14f0d75436a6014b0e7e4902","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1729877864000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"0c1587846b1516884de0d21f9c91efb2","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1026,"ts":1729877864000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"fed382fc62cc0d3fe0d22a252a2665e8","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1055,"ts":1729877864000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"ec2c9691ad139ed71d49dfd9df79bf12","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1729877864000},{"id":"Edit_InApp_Aug2020","info":{"dg":"72d30488a75fc4d72955040b241223f0","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 26, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 26
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.3656579065323775
Encrypted:	false
SSDEEP:	48:Tll2GL7msMF6gU9rtPth0Ob1lSvp2jNKNDF:fVmsMF6v9rtPth0Ob1l0gj8lF
MD5:	1397055D2FAD2EFB1C55297261C48DAB
SHA1:	FA239160C6E17AA5A83E4BF775EED2428EFD5483
SHA-256:	D9AF1185D84C1381B6D3A6559EBDD8FB6CB1BC0058CE05C94F81785BAE027F00
SHA-512:	B353F2FF537BF37EB2814D2FE5631CA088F7FDBB822CA694FB3F3997B0415D89B8D26B72D4704F7AD634314A6ADD8CC106180FDC9573E9E38C6BF5734243AA44
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.8404735101751597
Encrypted:	false
SSDEEP:	48:7M9F6gU9rtPth0Ob1lSvp2jAKNqUqGufl2GL7ms/:78F6v9rtPth0Ob1l0gjFEUKNVms/
MD5:	4A9A9E69243C8181F40E591FF3E04F2D
SHA1:	EC687D33BA0DB2F3107BA17FB10D37C7793F4F91
SHA-256:	81F95EE988F80F3A1CFF0FB5BBC4A833F548DFE70A1BCFA1C6246FCB2B7D87C8
SHA-512:	038726E8236014614293DE230A4B98058E7A2CE97E113215070BB6215DF0E511F77BD348A45F89E25C1684419C23411B164B4B5FC1BCB29877449AB10AC80C47
Malicious:	false
Preview:	.... .c.......{3..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIbab5a.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.522811667751431
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8jqKd:Qw946cPbiOxDlbYnuRKid
MD5:	65CBDEDF2FCC021A48D14B4E89D6D903
SHA1:	BD9D60716FA871253BC70354182738F902F3A601
SHA-256:	E38045744AD83B2DCD14497D55ABE4A84511EF80C40ABEB5D7D77555BD82BC85
SHA-512:	FFE3FA0CDFC2B51195BABD474AEC2D24DB8D44C60C18D7C3C2D8BC157FC712D664520043C01FD582DEFE793ADF19380A552F6D9E06CBA419B6DCF927287E70AA
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.5./.1.0./.2.0.2.4. . .1.3.:.3.7.:.4.4. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 13-37-38-867.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.325555449275219
Encrypted:	false
SSDEEP:	384:JekpMW7ujsO+Z3k/V1WPGHEQRmpvtV7C36g2OwfBhBUtBX66p0o6V6xG4W7wtNF2:nO2
MD5:	39628FA3AE1A78F558A4947A4847C830
SHA1:	083A80F18FBEA378E9944FF9B6B74FE68CD56D92
SHA-256:	E634D52BBCA86894E6CF9CA673A8FA4035AD705990F27198651E88F969FE73AC
SHA-512:	F488D486C5DA8E071B212070005D5F91E4D06CD8D6E65BBBA1D8D5CE9FE929C8935841A93180297EE8B4F50069F06455850DAFAB1525B2F33797248BEDBF0A69
Malicious:	false
Preview:	SessionID=ee10203f-55ea-443a-a3fb-eaf6336a26b5.1696508793278 Timestamp=2023-10-05T14:26:33:278+0200 ThreadID=5108 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ee10203f-55ea-443a-a3fb-eaf6336a26b5.1696508793278 Timestamp=2023-10-05T14:26:33:279+0200 ThreadID=5108 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ee10203f-55ea-443a-a3fb-eaf6336a26b5.1696508793278 Timestamp=2023-10-05T14:26:33:279+0200 ThreadID=5108 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ee10203f-55ea-443a-a3fb-eaf6336a26b5.1696508793278 Timestamp=2023-10-05T14:26:33:279+0200 ThreadID=5108 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ee10203f-55ea-443a-a3fb-eaf6336a26b5.1696508793278 Timestamp=2023-10-05T14:26:33:279+0200 ThreadID=5108 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.339293470201601
Encrypted:	false
SSDEEP:	384:RxlEgc1St5KyrxGhAaQYA3MisNpLwyuHYX7nR9B1x47Kz0odrW4N7S7mvM2BVAol:vm/
MD5:	0405E03A8D36FEA5E80D8D985E811B49
SHA1:	7DC142181B2CEDE6C1D0F500E0B6EE9DDC0B2DB2
SHA-256:	CE69BDD63A00D3A52275AF8A53BFE18FD93F626E4B51671575551B1B1F2DBAEF
SHA-512:	251987884867078DC94FD9A79B4706F7C35492DAF86BCC6E722F9C9860FC118F13EB9E677B61B3048A1ECE9C544A897E2F50262F2E824CF5ADFED3822EF31696
Malicious:	false
Preview:	SessionID=8d5e4d94-8a51-4979-905b-e69aeda0d5a5.1729877858879 Timestamp=2024-10-25T13:37:38:879-0400 ThreadID=6920 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=8d5e4d94-8a51-4979-905b-e69aeda0d5a5.1729877858879 Timestamp=2024-10-25T13:37:38:880-0400 ThreadID=6920 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=8d5e4d94-8a51-4979-905b-e69aeda0d5a5.1729877858879 Timestamp=2024-10-25T13:37:38:880-0400 ThreadID=6920 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=8d5e4d94-8a51-4979-905b-e69aeda0d5a5.1729877858879 Timestamp=2024-10-25T13:37:38:880-0400 ThreadID=6920 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=8d5e4d94-8a51-4979-905b-e69aeda0d5a5.1729877858879 Timestamp=2024-10-25T13:37:38:881-0400 ThreadID=6920 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.4036085825308575
Encrypted:	false
SSDEEP:	768:SllhexEhcIWcsRoUh39w7P/t8k+yyUXhS4:SllhexEhcIWcsRoUh39w7P/t8k+yyUXP
MD5:	8841ED318F9A9343533C0BEA3CF79CF9
SHA1:	43C410665F21E7930B9D1240FC199A415E7C09AF
SHA-256:	639190B2261B199EC575767F5696F0D23DF6CB329D7282F08E39F3E82B44C474
SHA-512:	36004DB06EDA1D66E419D0BCCD8A54F97E49F88BF34623824A9C7A223E3E578EB6C418543BCCC956DB50522D7F6C76FD5ED227D3B7FD2FB9E02DD5FEEB237AB8
Malicious:	false
Preview:	05-10-2023 02:07:19:.---2---..05-10-2023 02:07:19:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 02:07:19:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 02:07:19:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 02:07:19:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 02:07:19:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 02:07:19:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 02:07:19:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 02:07:19:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 02:07:19:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 02:07:19:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 02:07:19:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\13b63814-bb76-4037-bff6-1f3ace436337.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLkwYIGNPMGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLkwZGuGZn3mlind9i4ufFXpAXkru
MD5:	CA6B0D9F8DDC295DACE8157B69CA7CF6
SHA1:	6299B4A49AB28786E7BF75E1481D8011E6022AF4
SHA-256:	A933C727CE6547310A0D7DAD8704B0F16DB90E024218ACE2C39E46B8329409C7
SHA-512:	9F150CDA866D433BD595F23124E369D2B797A0CA76A69BA98D30DF462F0A95D13E3B0834887B5CD2A032A55161A0DC8BB30C16AA89663939D6DCF83FAC056D34
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\3822fbfa-6936-4453-964c-cc92be3eca7b.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\4c8161f8-73d1-4c9f-8719-f0d03df2075e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\c6079727-de43-4111-8f6e-43fded50375e.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

Static File Info

General

File type:	PDF document, version 1.7, 2 pages
Entropy (8bit):	7.624945091545947
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	schillings 1001 casey.pdf
File size:	31'924 bytes
MD5:	024d95668a55d343ce3480eecae71127
SHA1:	939f41b020eaa336b671e3f20aeb4b292b0ca93f
SHA256:	e489e2d06b9397325cbb4e476d89382e7ccbdf88d9dd28ce0a9c13b8581ddbe5
SHA512:	c0897d887ab9e57039e38774537696fa049797583d6716aa4d3db8dc4e777e32fb486181b1d00430f8aa6c237ecb5acfdf4ddfdc5419e44314b03131b90cc38b
SSDEEP:	768:HnBx/HPWlVC1eSZWU2udoeatiSU/6FlGxcA2N:hRWLCzWU2uOTt7U/7c5N
TLSH:	C7E2E0CE9113894CFD9FC80046B93F8F9F08BD622A64B4F6117B3D5CD6F0AB569A2641
File Content Preview:	%PDF-1.7.4 0 obj.<<./Type /Page./Resources.<<./XObject.<< /PAGE0001 7 0 R >>./ProcSet 6 0 R.>>./MediaBox [ 0 0 612 792]./Parent 3 0 R./Contents 5 0 R.>>.endobj.5 0 obj.<<./Length 47.>>.stream.q.610.6 0.0 0.0 791.0 0.7 0.5 cm./PAGE0001 Do.Q.endstream.endob

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.624945
Total Bytes:	31924
Stream Entropy:	7.611101
Stream Bytes:	30248
Entropy outside Streams:	5.079249
Bytes outside Streams:	1676
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	13
endobj	13
stream	4
endstream	4
xref	1
trailer	1
startxref	1
/Page	2
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 25, 2024 19:37:49.455349922 CEST	56209	53	192.168.2.12	1.1.1.1
Oct 25, 2024 19:38:04.098942041 CEST	54112	53	192.168.2.12	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 25, 2024 19:37:49.455349922 CEST	192.168.2.12	1.1.1.1	0xaf7	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false
Oct 25, 2024 19:38:04.098942041 CEST	192.168.2.12	1.1.1.1	0x519d	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 25, 2024 19:37:48.365602016 CEST	1.1.1.1	192.168.2.12	0xd1a6	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 25, 2024 19:37:48.365602016 CEST	1.1.1.1	192.168.2.12	0xd1a6	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.18	A (IP address)	IN (0x0001)	false
Oct 25, 2024 19:37:48.365602016 CEST	1.1.1.1	192.168.2.12	0xd1a6	No error (0)	default.qdr.p1.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com		217.20.57.34	A (IP address)	IN (0x0001)	false
Oct 25, 2024 19:37:49.463912010 CEST	1.1.1.1	192.168.2.12	0xaf7	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 25, 2024 19:38:04.108050108 CEST	1.1.1.1	192.168.2.12	0x519d	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 25, 2024 19:38:06.479176998 CEST	1.1.1.1	192.168.2.12	0x9c4	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 25, 2024 19:38:06.479176998 CEST	1.1.1.1	192.168.2.12	0x9c4	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 6280, Parent PID: 4088

General

Target ID:	0
Start time:	13:37:35
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\schillings 1001 casey.pdf"
Imagebase:	0x7ff77b230000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 5792, Parent PID: 6280

General

Target ID:	2
Start time:	13:37:36
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff763240000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 3704, Parent PID: 5792

General

Target ID:	4
Start time:	13:37:36
Start date:	25/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2076 --field-trial-handle=1744,i,14201725614896609430,17820809391108696731,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff763240000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report schillings 1001 casey.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\925f9d79-2fc0-4a8f-a822-06614ce21117.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025173741Z-174.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6572

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Windows Analysis Report
schillings 1001 casey.pdf