Edit tour

Windows Analysis Report
Alejandro Garrido.pdf

Overview

General Information

Sample name:	Alejandro Garrido.pdf
Analysis ID:	1579363
MD5:	6fcc481c398275f4ce4e09111dcb3267
SHA1:	618c3c41ef2bf3a425a2a93b82472c2594c4303c
SHA256:	141796b0b44e3d608ef171d9e2978f2eda412c8bf75801a5284737bf24a3d212
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Potential document exploit detected (performs DNS queries)

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7344 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Alejandro Garrido.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7516 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7728 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1744,i,6040898802560817988,17395833604069419443,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.dr	String found in binary or memory: http://x1.i.lencr.org/

Source: classification engine

Classification label: clean0.winPDF@14/50@1/0

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-21 17-57-36-999.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Alejandro Garrido.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1744,i,6040898802560817988,17395833604069419443,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1744,i,6040898802560817988,17395833604069419443,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Alejandro Garrido.pdf	Initial sample: PDF keyword /JS count = 0
Source: Alejandro Garrido.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A910mthvh_rk3d9p_5qg.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A910mthvh_rk3d9p_5qg.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Alejandro Garrido.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Alejandro Garrido.pdf

Initial sample: PDF keyword obj count = 95

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false		high
x1.i.lencr.org	unknown	unknown	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.1.dr	false		high

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1579363
Start date and time:	2024-12-21 23:56:41 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Alejandro Garrido.pdf
Detection:	CLEAN
Classification:	clean0.winPDF@14/50@1/0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 23.218.208.137, 23.32.238.130, 2.19.198.75, 34.237.241.83, 18.213.11.84, 54.224.241.105, 50.16.47.176, 172.64.41.3, 162.159.61.3, 23.195.39.65, 199.232.210.172, 2.20.62.163, 23.217.172.185, 52.149.20.212, 13.107.246.63
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

Time	Type	Description
17:57:49	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

Input	Output
URL: PDF document Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: PDF document Model: Joe Sandbox AI	{ "brands": [ "Seaboard Marine" ] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	Rechnung736258.pdf.lnk	Get hash	malicious	LummaC	Browse	199.232.214.172
	Company Information.pdf.lnk	Get hash	malicious	Unknown	Browse	199.232.210.172
	Navan - Itinerary.pdf.scr.exe	Get hash	malicious	LummaC	Browse	199.232.210.172
	HX Design.exe	Get hash	malicious	Python Stealer, Blank Grabber	Browse	199.232.210.172
	1734733987ee1a8345da831d1ecbca38d8a0fdc4854f6779b69f21209db7e0a6d5a2d91fd2237.dat-decoded.exe	Get hash	malicious	AsyncRAT, DcRat	Browse	199.232.210.172
	1734732186278e5c87d1a316617c1125acd5c32aedeebfd021b1e761647265ea7426c527bd565.dat-decoded.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	199.232.214.172
	Statements.pdf	Get hash	malicious	WinSearchAbuse	Browse	199.232.210.172
	INVOICE_2279_from_RealEyes Digital LLC (1).pdf	Get hash	malicious	Unknown	Browse	199.232.214.172
	Z8oTIWCyDE.exe	Get hash	malicious	LummaC	Browse	199.232.210.172
	BB4S2ErvqK.exe	Get hash	malicious	LummaC	Browse	199.232.214.172

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.243822247731912
Encrypted:	false
SSDEEP:	6:Rq2Pwkn2nKuAl9OmbnIFUt8nNZmw+n/kwOwkn2nKuAl9OmbjLJ:RvYfHAahFUt8N/+/5JfHAaSJ
MD5:	92587FA4BEC8EAC808C395F0A2E5FBD4
SHA1:	8664F5A49F590F63296873E4886347D25FBFF3D9
SHA-256:	0EF072CF8A37A50C9087F72CA33D04763A3EE956BBB02D1368B3DE7959503BA4
SHA-512:	F53BC9802DE9444ECF47D8C5217A0104E2EB2B342B16E34E476D2A545B33310BCC00814192E1CFDF0802314AEA1365A543F978F4528270A06B90D2CA826182BD
Malicious:	false
Reputation:	low
Preview:	2024/12/21-17:57:34.743 1d80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/21-17:57:34.745 1d80 Recovering log #3.2024/12/21-17:57:34.745 1d80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.243822247731912
Encrypted:	false
SSDEEP:	6:Rq2Pwkn2nKuAl9OmbnIFUt8nNZmw+n/kwOwkn2nKuAl9OmbjLJ:RvYfHAahFUt8N/+/5JfHAaSJ
MD5:	92587FA4BEC8EAC808C395F0A2E5FBD4
SHA1:	8664F5A49F590F63296873E4886347D25FBFF3D9
SHA-256:	0EF072CF8A37A50C9087F72CA33D04763A3EE956BBB02D1368B3DE7959503BA4
SHA-512:	F53BC9802DE9444ECF47D8C5217A0104E2EB2B342B16E34E476D2A545B33310BCC00814192E1CFDF0802314AEA1365A543F978F4528270A06B90D2CA826182BD
Malicious:	false
Reputation:	low
Preview:	2024/12/21-17:57:34.743 1d80 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/21-17:57:34.745 1d80 Recovering log #3.2024/12/21-17:57:34.745 1d80 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.21095256918837
Encrypted:	false
SSDEEP:	6:U9SQ+q2Pwkn2nKuAl9Ombzo2jMGIFUt8EpgZmw+pQVkwOwkn2nKuAl9Ombzo2jM4:UwQ+vYfHAa8uFUt8Kg/+pQV5JfHAa8RJ
MD5:	06AFFF8307E06FD33F4AF7B40E94AD85
SHA1:	2AD101FE83CBBE2C7ADB721D0EB4324C4D1BD6EB
SHA-256:	86B4E7DB161B8A230A5E24A2A63EA0B66C6E9A5D9E7A639DE049F3F33D3A0897
SHA-512:	D2A8351817CA5275DC89D75D5E7F36A538E4DE614181141F76F5E0C183B2D7ED647D9E40337CF3B21B389BA3341FB91EA271BF33C2DCAC2BE6999E9A489F6C60
Malicious:	false
Reputation:	low
Preview:	2024/12/21-17:57:34.786 1e7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/21-17:57:34.791 1e7c Recovering log #3.2024/12/21-17:57:34.792 1e7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.21095256918837
Encrypted:	false
SSDEEP:	6:U9SQ+q2Pwkn2nKuAl9Ombzo2jMGIFUt8EpgZmw+pQVkwOwkn2nKuAl9Ombzo2jM4:UwQ+vYfHAa8uFUt8Kg/+pQV5JfHAa8RJ
MD5:	06AFFF8307E06FD33F4AF7B40E94AD85
SHA1:	2AD101FE83CBBE2C7ADB721D0EB4324C4D1BD6EB
SHA-256:	86B4E7DB161B8A230A5E24A2A63EA0B66C6E9A5D9E7A639DE049F3F33D3A0897
SHA-512:	D2A8351817CA5275DC89D75D5E7F36A538E4DE614181141F76F5E0C183B2D7ED647D9E40337CF3B21B389BA3341FB91EA271BF33C2DCAC2BE6999E9A489F6C60
Malicious:	false
Reputation:	low
Preview:	2024/12/21-17:57:34.786 1e7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/21-17:57:34.791 1e7c Recovering log #3.2024/12/21-17:57:34.792 1e7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9b960b16-a398-4a34-8491-336ddf17e0bd.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6b408b.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	475
Entropy (8bit):	4.967403857886107
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
MD5:	B7761633048D74E3C02F61AD04E00147
SHA1:	72A2D446DF757BAEA2C7A58C050925976E4C9372
SHA-256:	1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
SHA-512:	397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\efa74e5d-64dd-4cf7-b1fa-931ee4b88930.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	475
Entropy (8bit):	4.96775079901533
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqIsBdOg2HAcaq3QYiubInP7E4TX:Y2sRdskdMHr3QYhbG7n7
MD5:	0AF3C31E142EE67979B8829EB0C45D28
SHA1:	4EEF48F1C682723B3B2680C3BE3689A161A54B87
SHA-256:	CDCF2F662C6F2DA2BA63D5F268283E087B4870DAB030CD991C73733CFB414E2E
SHA-512:	D1C06EA0B23ED4027883F5E4D403EA79F4F4553AC674E03E733156BAF85F42F81D014696294BF799972EA1F741D8E05CCBCB031ACA0D9212F59E6F9662B5F8BB
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379381867177740","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":629393},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.262134166643262
Encrypted:	false
SSDEEP:	96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7SzlyzOvARZ:etJCV4FiN/jTN/2r8Mta02fEhgO73gof
MD5:	8C1D713DAFEF1E94A8A99D643FB701BF
SHA1:	3799549F0BB72E26D8428A8BAD920B05989A3C44
SHA-256:	504C637C14927972F648F331875357952A9B526BF6B6D2B767A80D6780C23A6F
SHA-512:	A9A87A0EC8513F7C0DB583DDCBF831E084975289C91F364C10B20D5401B03DED4C33FA06AA9811C273ED78022C68455029B50FD9558CF1184F1C3B8A9D2F7494
Malicious:	false
Preview:	*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..\|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.159257022936584
Encrypted:	false
SSDEEP:	6:HCQ+q2Pwkn2nKuAl9OmbzNMxIFUt8KYSpgZmw+KWQVkwOwkn2nKuAl9OmbzNMFLJ:iQ+vYfHAa8jFUt8H4g/+XQV5JfHAa84J
MD5:	BE680FADE70D9546FE8F3F617AB1BD5D
SHA1:	6D0017A12DC88833BD3BB3E4FB7A6A17AE0B1F25
SHA-256:	9627724CC3121D0D6555F5D696C98A3CD41E2007E6DE8DBA49CD7C85BFB759BC
SHA-512:	48FC94B44F8EF26ED3D2307A7DF4D0CDD9CE5986E7B4879610683D3F112575AF5F353358693EAC41AD4F11DD1BC21D137CDBE0827DC05FD7B9CBF61406F3196E
Malicious:	false
Preview:	2024/12/21-17:57:35.711 1e7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/21-17:57:35.712 1e7c Recovering log #3.2024/12/21-17:57:35.715 1e7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.159257022936584
Encrypted:	false
SSDEEP:	6:HCQ+q2Pwkn2nKuAl9OmbzNMxIFUt8KYSpgZmw+KWQVkwOwkn2nKuAl9OmbzNMFLJ:iQ+vYfHAa8jFUt8H4g/+XQV5JfHAa84J
MD5:	BE680FADE70D9546FE8F3F617AB1BD5D
SHA1:	6D0017A12DC88833BD3BB3E4FB7A6A17AE0B1F25
SHA-256:	9627724CC3121D0D6555F5D696C98A3CD41E2007E6DE8DBA49CD7C85BFB759BC
SHA-512:	48FC94B44F8EF26ED3D2307A7DF4D0CDD9CE5986E7B4879610683D3F112575AF5F353358693EAC41AD4F11DD1BC21D137CDBE0827DC05FD7B9CBF61406F3196E
Malicious:	false
Preview:	2024/12/21-17:57:35.711 1e7c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/21-17:57:35.712 1e7c Recovering log #3.2024/12/21-17:57:35.715 1e7c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241221225738Z-157.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.0534103168385296
Encrypted:	false
SSDEEP:	192:CjbdtkoD0X79L30ZyhVmPAfqYFoNqVCG48f89ZSagq7MlIydj:+tkJX7F30ohWWJ
MD5:	601B64D1CF1C327BAE52CF00874130A2
SHA1:	A3C4FB7B4CEB76E5B2FDFA8E0341E6C37898F2EA
SHA-256:	1DC8D670D56AC87B07D0590C9905FD6FBC694DED50B9BAA40D277D34A8C00D1B
SHA-512:	5698F7C78A796EDB73A630B75E9547F96B64BDB6CBD3DA15EE1B6596CDCEEDB2886C490A05AB9567ACD4CD645855E0AABA79F4E76B8AE2A9A2634EACFD2C71FB
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445186102240577
Encrypted:	false
SSDEEP:	384:yezci5tOiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rhs3OazzU89UTTgUL
MD5:	8198594E223DD7BD7C67615FD301DF3A
SHA1:	B394EC8766597993BCC340351B42E27EC7CFBE64
SHA-256:	38495AAFA77C6A91AE195CD8CEDDA19014CE25240F8A439FEA62ADD338377EFD
SHA-512:	87CDD685539BF4BDDA1B35E66F95EB588442DD394A639A3C4E63EF1BE7334333704022DC0B13AFBD04FC78A302C231016619B6F825CC5346AF387C8C167BB4FF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7712535735245134
Encrypted:	false
SSDEEP:	48:7MAp/E2ioyVfioy9oWoy1Cwoy13KOioy1noy1AYoy1Wioy1hioybioyfoy1noy1n:7LpjufFyXKQutb9IVXEBodRBk9
MD5:	BE38317FFBE86B83CAED69915B9FA247
SHA1:	1EC154BB7CC44172A3CE87B16B985A0746AAE274
SHA-256:	766DB174F4880AC51B831B39381D6B1374178463B2F3ED7C0F5B5D74F2B1F13E
SHA-512:	9DF59C1B1AE8D869D17EFE97DF0CA2446DCC3B3EEBD2E4A07E1B09207BC42CF9BB5C475D636CCF9D0C5D65307CC266016DA8B69DDAB719F667B96FD2EC42ECC4
Malicious:	false
Preview:	.... .c.....S1a................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.746484906506307
Encrypted:	false
SSDEEP:	3:kkFklWUpvfllXlE/HT8kpozvNNX8RolJuRdxLlGB9lQRYwpDdt:kKPEQT8g+NMa8RdWBwRd
MD5:	4717E00FC1A31C4A24088044D343537C
SHA1:	77D64AC46BEEDAE2C0AE1FDB2CE49EE882CA990E
SHA-256:	C066486E447B0B6E167B453B35A51C4E9E2D86A3F120262CD73BEB42DC599139
SHA-512:	C958265A0FFC7007A30AC386468B68B90FB0CF2221194E8702FBE9300CFE9A42CA91AFAF6AD44607FD559B5E5B7DBFE7BA2B83231982539372740AF068EBF5FD
Malicious:	false
Preview:	p...... ........e+...S..(....................................................... ..........W....L...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.2539954282295116
Encrypted:	false
SSDEEP:	6:kKPDT9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:3ODImsLNkPlE99SNxAhUe/3
MD5:	76861C344FA1C8B2000D5B4465322221
SHA1:	8024FA88C9CAA36981BF085D7990C36DFA62E10A
SHA-256:	E29906269B44551C8EEB9CA0A7AB0CF2F9FAF398477304763ABC980D75DF7B96
SHA-512:	151AAD1FD7D4E78F0F7A944B6DF1BA4091F22105D6C30ADDB2B16A7D2FE2BF9071FFFB439660CF44F409666BEC23E86CD40B5B09CE1DBC2543CC934B65223305
Malicious:	false
Preview:	p...... .............S..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7432

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	10880
Entropy (8bit):	5.214360287289079
Encrypted:	false
SSDEEP:	192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
MD5:	B60EE534029885BD6DECA42D1263BDC0
SHA1:	4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
SHA-256:	B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
SHA-512:	52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	243196
Entropy (8bit):	3.3450692389394283
Encrypted:	false
SSDEEP:	1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
MD5:	F5567C4FF4AB049B696D3BE0DD72A793
SHA1:	EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
SHA-256:	D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
SHA-512:	E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.3601161362300305
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJM3g98kUwPeUkwRe9:YvXKXiqZc0vNVnGMbLUkee9
MD5:	09B99484033DD722886FD2A3D2D8DA9E
SHA1:	ED4C5742C00E6AD410364FE18E1A611ADED8F17D
SHA-256:	D556A55CFBD4582D703A8614F92BD3BC827CA126E6C1698D0F7BBEE582F3AE52
SHA-512:	F0764BB11BAF7A8886ACAC00D7DAADE949D0D113E9EB1A7B6997688FD147D8485DFCE4E3F0844CD45746195392F1F86BFD16242D73D097B8212FB39B6961D6EE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.308189432822462
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJfBoTfXpnrPeUkwRe9:YvXKXiqZc0vNVnGWTfXcUkee9
MD5:	AD2EFC4D2567A4CED45437A91058CF4B
SHA1:	998F0871F13A566B8621ED149D7DB0DCD928AF0D
SHA-256:	BF66176972D4A75EAFC7487605833D810C53A955350663F5AFB4B51330F3DE29
SHA-512:	9EE8A7BC0E8C28E4303CB5543B298E627038AAF3E32692D89C4AB4CD827C0348C689B43B0F75B747AD166574E53DFBF8407981CE3693E008D64CDDA531DCB83B
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.286737749348467
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJfBD2G6UpnrPeUkwRe9:YvXKXiqZc0vNVnGR22cUkee9
MD5:	B667CD10944CA93A71A26B9DC6BBFAAD
SHA1:	B169AF69C6DD419E39BDDDBA43879B9201FE0A13
SHA-256:	B95C4A23001113550EE50E6A6779E14E4C8F55E9B6F7BFD086CC1A0CA6BB6BD6
SHA-512:	E29B44E057F5034989F98D1645FF5ED6D0F67FFF823566E452A80ED310F9155FB2C1941BF30F1CA82FC42D9967A9837131B542F23EE4E3FE37CFD565F38777AF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.34701270382564
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJfPmwrPeUkwRe9:YvXKXiqZc0vNVnGH56Ukee9
MD5:	53BCD9E89F07DE4125F922B97AFAE8F8
SHA1:	709C91DD699FF0E8C16EA2E59A04D49DB4C07B88
SHA-256:	AAC1D5C377DE7336C3ADE427945EC18F92CF54744335561D597A5935FCD02EEA
SHA-512:	56769D5DEC416C969D8D9FAD68C7C44DAA5D4803BE81E04846FF1B8B87E81FF7C20F04358424398CE2834F889F6359AFB7A58D65A79FE428B684F2FEAA413520
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1123
Entropy (8bit):	5.688223946586743
Encrypted:	false
SSDEEP:	24:Yv6XPzvN6pLgE9cQx8LennAvzBvkn0RCmK8czOCCSW:Yv4chgy6SAFv5Ah8cv/W
MD5:	AD36DA49BA43EC0AA0B5066720CE1B42
SHA1:	BBEBAF574424895432761C4804FE882F9E7A69D5
SHA-256:	033A5824CCD83A6CDC32BE8CEE11BE43895C2127C27B16F144DDFAE429BAD079
SHA-512:	BDC5800A066703E74A726AF56A86F29EED5FDC9D3180DD9AA180148A73383D8C066BE902A3A071D5EFA72905B7690FA739B1BF89E71980E15EC1C41812617DD1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.292890623220813
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJf8dPeUkwRe9:YvXKXiqZc0vNVnGU8Ukee9
MD5:	EB565E5EEBCB16B246D27DE36AD9AC80
SHA1:	4748263438224D7D031C687D00F7360A4EA4305C
SHA-256:	EC3DEFE00D2BA1D76CC76DC9E4154E58AA9E5DD7B134A2CEED7B501DD12EDEDA
SHA-512:	FC6AAF277E3D35EA75D3417E9643D393029BC39B5949911FBAF486105A65C522B7799A77895F4DABA99BBDB67625EBCCD65619B87954F9122810798A51263D41
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.29742972651141
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJfQ1rPeUkwRe9:YvXKXiqZc0vNVnGY16Ukee9
MD5:	1B3DE28A3F50C114891456C7347A39ED
SHA1:	2FADAF4B4AEEB671026B3A76DE06EE8E51B383E4
SHA-256:	4B8AFEC1878B42EA5F07375B54F4C540F58FC487D0CA6CD331BA056206C445FC
SHA-512:	9907450BF5A3BD51799767BF4A06E388AF68BE786EE79272C69E7D1679E4D868ECCE8A641EDD1E73C8B5CED8067CC31D035B0DB9276CFB4300C7F0F19CA34163
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.303198877020277
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJfFldPeUkwRe9:YvXKXiqZc0vNVnGz8Ukee9
MD5:	B963EF86AD5C7DE53DFE8E6214F41070
SHA1:	B1D8261D6A2DDDE7AA1A4D18072BDEA038A8DD49
SHA-256:	07B5E248A786EF7D4E1A35DF55212DC0DD8A16B58822CE3BDE18F565A6C43E5D
SHA-512:	DFD26893B52173F0B88CDA5977AEFA5386F657B05FB159C3CE01794E1488A7BC300C8E4ADEE35F9F6C59B3A6649DD2918356BD6C81DA8C3C8B10EE6F388DFA7E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.3180250153548005
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJfzdPeUkwRe9:YvXKXiqZc0vNVnGb8Ukee9
MD5:	37D42001BAA8FC0AFA912EC1B5095C3F
SHA1:	074EA5D262F86B4A2999D8137B0DD7BEBA3B8E00
SHA-256:	EEF8719F219F4883BBCBB8F6D458419B3643583E86EA9D07A4DE5EEAD386EAC3
SHA-512:	21D55F51A16F0DD39C7B1BDFA346D509A3F9270974BA9A9B420DDA50B8937A7A480757A1353BE97B9C6F402F660289D8F9DF3B410362EC6C70EB275885D7DBFC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.299181304094683
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJfYdPeUkwRe9:YvXKXiqZc0vNVnGg8Ukee9
MD5:	3C36F5371DA5BCE9A7158C81C0C08B60
SHA1:	3F168AF3DF2F66361F4E882B465ADE23E6D186CE
SHA-256:	E0CD981B84AA0328030A727B1A9C6176CB0910D35BA8D8058A6A5313A6EA56D7
SHA-512:	4242807C1CC6E80C9F5D337C8559C666FD8C2133FAB82E1C7C6F3155E4BCD9C2B3D0F2368574F2B3996CAFCF5F8FEC4F4748BEEF8F1D0054C7229E63F0CA4F26
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	5.285516254184892
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJf+dPeUkwRe9:YvXKXiqZc0vNVnG28Ukee9
MD5:	2F3962684A9796722108E93B9FE4CFE9
SHA1:	80F122C6E917773341A8414CBC97172B8F8563CF
SHA-256:	F186C77D5535BEBBE82E0C9BB221CA953A48A42FC772BAE90E602A0C8A558600
SHA-512:	37219E89CD830203DD9D05E86761FD160471E836EDEF3F1D4803BFC7986A4DC44F4896E3C6C6F82006A54C0A4DCF8181B0F0B6F45D8875D80DFCC5EF484A2238
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.282734028544527
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJfbPtdPeUkwRe9:YvXKXiqZc0vNVnGDV8Ukee9
MD5:	A42B1D4D3402E6E48170CB3A20799075
SHA1:	78ED6E0B6780396FA7204F89FE12C1C51752D2A9
SHA-256:	BB44A0059296B85C473881F4192EA8790BFC74767C24BA78B01BCFC73119BC8B
SHA-512:	9B8EDA879DB9F9513AD3099F5EFE541B8BFF57F2467DDB4AD8331228AB74C0B2B0E007E8721FC5BAD5264688EAD919C565FB22F5BA5D047834804EEE975CA9E8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.287949425960171
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJf21rPeUkwRe9:YvXKXiqZc0vNVnG+16Ukee9
MD5:	93627F9AF871FB6273B90C395B316B57
SHA1:	A1ED0B772F2497C5F8B47665BF59D7F2FE2F3E97
SHA-256:	92BD28D6A1E1D8DCD65EB8F14B825665540C9C3EF36DAF2FE2267B3172892469
SHA-512:	FFB5304D21A089888A79A3547D413A85C94BE5800E5A94C90B5622780041074101B0783AE47964D920A23722A54D0DA3E540A5B84856EA2AA9576DE8E861A6CA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1090
Entropy (8bit):	5.665035921096436
Encrypted:	false
SSDEEP:	24:Yv6XPzvNmamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSW:Yv4uBgkDMUJUAh8cvMW
MD5:	F9E56FC8DDB2E2EEB38AEBCD1CDACEE6
SHA1:	057415593D11F5DB84961F23E828E765FA3DB208
SHA-256:	2B770BB401A26C61A0A192038D5B13630CA37A99D3D018D52B31FEFCE77E6294
SHA-512:	CD85C2BB4758D67B17686E243B481555BD25C21C95C6C4BD661F5290F532DC727998538E775529C30D8712C4B1C5794B60144866B3FA08698A63E330E005428A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.264028326146616
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJfshHHrPeUkwRe9:YvXKXiqZc0vNVnGUUUkee9
MD5:	914BF1AA6D159D55A752D76E9EC23541
SHA1:	26FB8A56F333B28BEA874918E8EE726BA8C88356
SHA-256:	4109E3F1741BA3D0377F4A20CA625551083C26888C54B690F1782885B74D8260
SHA-512:	B2CADA3AC8EDD22932BCA337653BC93FB66BE50EBF77FD6815F479121289B6F3E2B2EC33E629353C1B5FB73EE7E4F7276CBE4007F993F1E01C27799D07C54A5A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	282
Entropy (8bit):	5.269957969049383
Encrypted:	false
SSDEEP:	6:YEQXJ2HXPAXJaeVoZcg1vRcR0Y6VUoAvJTqgFCrPeUkwRe9:YvXKXiqZc0vNVnGTq16Ukee9
MD5:	29CC2A4B8948883BFEC2B58377DFE7CB
SHA1:	8FA48AC7E1262FCFA8D5C49C393738A35302E84A
SHA-256:	854F2F667D370144C325C24953B79BF200A60B0E878BC92DA8BEA00CC9288DB9
SHA-512:	726598F6D22DF0CFAAE92EEBEF026BCAA0188389553F40EE6E56BC893483127C7802F3C5DAFDE9957D152C0200DAFEEE34E6E2C9623A20C2C2A5512D09247164
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"8e1e87c0-2c1a-4f14-93a6-9dfb5a3a0145","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1735001249282,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.142014490186987
Encrypted:	false
SSDEEP:	24:YZsakDay5yqPISUIA8dgjzsj0SgyhgCw202LSKC+8ILfLdAu1wV1z5Dmr93ufSvj:YuPpyz+xhgHRkP8I7LdAoolRmr9/b
MD5:	94F48A1CE2EDC1CE47A5205FE687A940
SHA1:	9CBE34285B91C4531E430AA1CA24E2DE4A4988EB
SHA-256:	E44C2CCD0F8DD7080F1CB1AB501AED4825ABD1BCDF6CF50B4D1BB1C42FF4BAE2
SHA-512:	6CF30344EE2E91D837A399936A7A14A61893606CC38D6F1BDADA4099AE8CCC9C8E729976B7FE09A7831E517155F8152EF7C1792282A778BCB0D4C0656524EDAE
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"6ae9152edc191a3cce183a5a2ce25d06","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1734821863000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"385147c60ea4d1b6813b230dfff54b9d","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1734821863000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b48042dec089d540dcb536b440abd320","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1734821863000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"b0c19692585b2cdbc88c7ce5dffaf97c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1734821863000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"eac3472d241156b37ac131b6a6471553","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1734821863000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"1084a19133a5a26fed1d15a4073bae1d","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.1883461328711484
Encrypted:	false
SSDEEP:	48:TGufl2GL7msEHUUUUUUUUr/SvR9H9vxFGiDIAEkGVvpXf:lNVmswUUUUUUUUr/+FGSItrf
MD5:	4AF4AA1AFA2C290FFC878E2FF18D07BC
SHA1:	FA09404D2A6596726846B03829F9561C175415D8
SHA-256:	0E3C4E75FA5489D0ED664D40C1D6F5317021C2862BDED53A689A19E9238C0E6D
SHA-512:	5BC14E857FCA9CF96905A506DE8B77AB5302A3FF98866D9138B4693ED883FD6757AB0EEBC33E66852BFF3CB123CA6C7F669D31A51F767A672094CCBA335B573E
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.607249706977411
Encrypted:	false
SSDEEP:	48:7MzKUUUUUUUUUUrDvR9H9vxFGiDIAEkGVvnqFl2GL7msmn:7xUUUUUUUUUUrTFGSIt9KVmsm
MD5:	2E6F52EE1CE3C65346637C79A6B67F58
SHA1:	C425E6684E1AC299C7D7258044F2B39CF145230E
SHA-256:	15A0021734A3D76F538D3DC87ED400F5F72F3BAAB673058B47ED8BD9BC8D85AE
SHA-512:	5E72527E9464DB1E8B97ADA2F52BCB565A5A724F82ABBA9F1B8735A3166E891E6DEF6AC7D9550763A04D408A3D1554E59AB3FBD08B6A68C29D23685E1F018373
Malicious:	false
Preview:	.... .c......H.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	66726
Entropy (8bit):	5.392739213842091
Encrypted:	false
SSDEEP:	768:RNOpblrU6TBH44ADKZEgkua/fozBfqGmQs8FG3+0wT5s23dRYyu:6a6TZ44ADEkP/fozBfqGTT5zNRK
MD5:	A3804F163EC0D53D6AA6B79C668D16C2
SHA1:	445BE63419C2963BA48A20E8FE11553762173B48
SHA-256:	676CCA0EC2E87DC001BB6DF382ACBF089F599DD15F75C9EEDEF0F49DA44BFBF1
SHA-512:	DAA5D62C7E6015E5D4893FC162B67495AF08DFFA7392C5FA0525B4AFF98EABA3855A14F58BEFF33E485995B9729CB9BDF512046FC2B2320510613F90B07532DE
Malicious:	false
Preview:	4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

C:\Users\user\AppData\Local\Temp\MSIb02f5.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.493870954423123
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8da5CH:Qw946cPbiOxDlbYnuRKiH
MD5:	31B43D2D3D6C8CF581FC0DEA6FB208DE
SHA1:	9894C941C8F4F5C2996D852D3147A7CD087D4249
SHA-256:	064EFF28613DA7D1AA132668847652FE165A80B091F75661BF15B7DDA7E29922
SHA-512:	50F2960C33D468D1E0CB4AB8191B9FE32E8A9D66DF80BE594FE1F5C2E4A83434F45D1DE0E6E4356102B3B3241D1619EBE372E88C525410969A9019140049E8AC
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.1./.1.2./.2.0.2.4. . .1.7.:.5.7.:.4.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A910mthvh_rk3d9p_5qg.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.0882636662028755
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOonSjMInSjtLCSyAAO:IngVMre9T0HQIDmy9g06JXqW9W5lX
MD5:	693C38103064AF8D887EC04423A1A4B7
SHA1:	2E3D4759295E52DA482C396AD2FF8595A78880AD
SHA-256:	FD8AE052BEF5CE65276F724A537504E2857E48CBF4925A106F456EB18FF37596
SHA-512:	0B763EA7F3C7DFE2E834421E2C997F642A8ECC9D9520C985A7ECF7EB490477CE796BBEFC8F7EAAC8CFB01A3D74A71CD619C6D0339BB3052F5502C8EB5864EEB0
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<DE955F95248B854FA39207CDCFC73188><DE955F95248B854FA39207CDCFC73188>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-21 17-57-36-999.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.345946398610936
Encrypted:	false
SSDEEP:	384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
MD5:	8947C10F5AB6CFFFAE64BCA79B5A0BE3
SHA1:	70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
SHA-256:	4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
SHA-512:	B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
Malicious:	false
Preview:	SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	16603
Entropy (8bit):	5.340487654130203
Encrypted:	false
SSDEEP:	384:GsGR+Yv3M3W9Biou89YFxYOHDMFD1nHlI3I+80OiDGyPJFG6Yd64wBwBIThYvYwJ:ezzF
MD5:	E9533743BBBF51A889EADB0F29447075
SHA1:	EB9726608A9F805075B2AB24375588CCEF1B7CC7
SHA-256:	E88CB464AEE474895BC2F0B40EB54A0F67CCBB9DF4A9227C25C6D96F36C2D0C3
SHA-512:	5C08403CD09856BBF75D491B05BED6DBCAC2431E4486FE58108781F238DA42D37CF18A6930DDF40AF78CEFE368225BC5C98F8758CEB83EC4367C8CA740411853
Malicious:	false
Preview:	SessionID=9a152349-2397-44fd-a71f-012fb6e4e4af.1734821857025 Timestamp=2024-12-21T17:57:37:025-0500 ThreadID=7508 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9a152349-2397-44fd-a71f-012fb6e4e4af.1734821857025 Timestamp=2024-12-21T17:57:37:026-0500 ThreadID=7508 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9a152349-2397-44fd-a71f-012fb6e4e4af.1734821857025 Timestamp=2024-12-21T17:57:37:026-0500 ThreadID=7508 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9a152349-2397-44fd-a71f-012fb6e4e4af.1734821857025 Timestamp=2024-12-21T17:57:37:026-0500 ThreadID=7508 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9a152349-2397-44fd-a71f-012fb6e4e4af.1734821857025 Timestamp=2024-12-21T17:57:37:026-0500 ThreadID=7508 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.393115069570076
Encrypted:	false
SSDEEP:	768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rE:g
MD5:	4C462B34F4B4D8C759D49D680C60CC82
SHA1:	AC530B81BDD3A71CED13DAC8A738390A958B77F0
SHA-256:	D7CAF8EAEBD00F03DB1E02FA7D52C672FF4F9B093990309640984597E718F76E
SHA-512:	A6498A2980DBC74825DFCED8FDD6836ED29BC1C9A5E68EC8C420769BEB36BEE58F02A4A81045AA91E2A86B2DBDEBDCF91A28E9CF604EBF56D1E588E7B058E678
Malicious:	false
Preview:	03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : *************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***********************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\930854ac-9282-42ad-8f4d-ddb42d449ac5.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\a9aa0c15-f286-4131-9138-8edd47a9a56c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\b749b831-7756-471c-9209-ad72a1a60db5.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\c646e222-e86a-40fc-8e9a-fe8c427a831f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
MD5:	18E3D04537AF72FDBEB3760B2D10C80E
SHA1:	B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
SHA-256:	BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
SHA-512:	2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.4, 3 pages
Entropy (8bit):	7.937967053463872
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Alejandro Garrido.pdf
File size:	220'018 bytes
MD5:	6fcc481c398275f4ce4e09111dcb3267
SHA1:	618c3c41ef2bf3a425a2a93b82472c2594c4303c
SHA256:	141796b0b44e3d608ef171d9e2978f2eda412c8bf75801a5284737bf24a3d212
SHA512:	8dbaa030355defdd0a35f275f241474e1af6dd5eefb6699fedf1d953605fd415a91ba567d85e983c80605b65f66c5f86dc56a4d0d4180e4a9134ff107507306f
SSDEEP:	6144:ra/wWCl5N/XfQfMdVVUJiCJLYYYU39GFUmDv0rTi:GaNXQx8yLYYYm9hmL
TLSH:	7924F136F4694C0CEBCEDA34DD76282F4B6D786B46DE2C49D12C666CA40AF84E3C1187
File Content Preview:	%PDF-1.4.%.....1 0 obj.<</Creator (Chromium)./Producer (Skia/PDF m127)./CreationDate (D:20241221200827+00'00')./ModDate (D:20241221200827+00'00')>>.endobj.3 0 obj.<</ca 1./BM /Normal>>.endobj.6 0 obj.<</N 3./Filter /FlateDecode./Length 293>> stream.x.}..J

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.937967
Total Bytes:	220018
Stream Entropy:	7.959960
Stream Bytes:	204417
Entropy outside Streams:	5.097936
Bytes outside Streams:	15601
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	95
endobj	95
stream	15
endstream	15
xref	1
trailer	1
startxref	1
/Page	3
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
5	0000000000000000	ae5346137a9e9e70ca286f401b6a4d26
7	0000000000000000	93f37f40a91095a9867d0cbd9f3a2ca7
10	0000000000000000	5964ae359ce8a5c49a21aca67ab64fb3
13	0000000000000000	0ad62f912c4a664d135284cdf1285179
15	0000000000000000	eee982c01ca6ea42abf8080c402cdd24

Network Behavior

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 21, 2024 23:57:48.645931959 CET	53659	53	192.168.2.4	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 21, 2024 23:57:48.645931959 CET	192.168.2.4	1.1.1.1	0x8570	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 21, 2024 23:57:48.875998974 CET	1.1.1.1	192.168.2.4	0x8570	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 21, 2024 23:57:50.659264088 CET	1.1.1.1	192.168.2.4	0x27ee	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Dec 21, 2024 23:57:50.659264088 CET	1.1.1.1	192.168.2.4	0x27ee	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7344, Parent PID: 2580

General

Target ID:	0
Start time:	17:57:33
Start date:	21/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Alejandro Garrido.pdf"
Imagebase:	0x7ff6bc1b0000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7516, Parent PID: 7344

General

Target ID:	1
Start time:	17:57:34
Start date:	21/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7728, Parent PID: 7516

General

Target ID:	3
Start time:	17:57:34
Start date:	21/12/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2116 --field-trial-handle=1744,i,6040898802560817988,17395833604069419443,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff74bb60000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Alejandro Garrido.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9b960b16-a398-4a34-8491-336ddf17e0bd.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6b408b.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\efa74e5d-64dd-4cf7-b1fa-931ee4b88930.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241221225738Z-157.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7432

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Windows Analysis Report
Alejandro Garrido.pdf