Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Purchase_order-001.pdf

Overview

General Information

Sample name:Purchase_order-001.pdf
Analysis ID:1573568
MD5:b9ea0b9010bd7d0240958f962dd5117d
SHA1:eef8cc56809366554980f2c59ede43842fc20ec7
SHA256:92fd9207d8af4116e2fbbefd27d4f0be1063b2cb8249f998b751ddcf85e44348
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected landing page (webpage, office document or email)
IP address seen in connection with other malware

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 7064 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Purchase_order-001.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3452 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 7180 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1668,i,11315360981870695973,8460651063831671874,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 8160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://f005.backblazeb2.com/file/gavupdas-viauto-downloas-serve-updated/Purchase+Order_001.vbs" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 5936 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1956,i,10788683583747250684,14816824960367168231,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Purchase_order-001.pdfReversingLabs: Detection: 13%

Phishing

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentJoe Sandbox AI: Page contains button: 'AUTHORIZE & VIEW DOCUMENT' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'authorize & view document'
Source: https://f005.backblazeb2.com/file/gavupdas-viauto-downloas-serve-updated/Purchase+Order_001.vbsHTTP Parser: No favicon
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewIP Address: 149.137.136.16 149.137.136.16
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /file/gavupdas-viauto-downloas-serve-updated/Purchase+Order_001.vbs HTTP/1.1Host: f005.backblazeb2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: f005.backblazeb2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://f005.backblazeb2.com/file/gavupdas-viauto-downloas-serve-updated/Purchase+Order_001.vbsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: f005.backblazeb2.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: 77EC63BDA74BD0D0E0426DC8F80085060.1.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.1.drString found in binary or memory: http://x1.i.lencr.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: classification engineClassification label: mal52.winPDF@38/53@5/4
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-12 03-40-36-017.logJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://f005.backblazeb2.com/file/gavupdas-viauto-downloas-serve-updated/Purchase+Order_001.vbs"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: Purchase_order-001.pdfReversingLabs: Detection: 13%
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Purchase_order-001.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1668,i,11315360981870695973,8460651063831671874,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://f005.backblazeb2.com/file/gavupdas-viauto-downloas-serve-updated/Purchase+Order_001.vbs"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1956,i,10788683583747250684,14816824960367168231,262144 /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1668,i,11315360981870695973,8460651063831671874,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1956,i,10788683583747250684,14816824960367168231,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Purchase_order-001.pdfInitial sample: PDF keyword /JS count = 0
Source: Purchase_order-001.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Purchase_order-001.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Scripting		Boot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Purchase_order-001.pdf13%ReversingLabsDocument-PDF.Trojan.Heuristic
Purchase_order-001.pdf3%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    f005.backblazeb2.com
    		149.137.136.16
    		truefalse
      		high
      www.google.com
      		172.217.19.228
      		truefalse
        		high
        x1.i.lencr.org
        		unknown
        		unknownfalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://f005.backblazeb2.com/file/gavupdas-viauto-downloas-serve-updated/Purchase+Order_001.vbsfalse
            		high
            https://f005.backblazeb2.com/favicon.icofalse
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.1.drfalse
                		high

                World Map of Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public IPs

                IPDomainCountryFlagASNASN NameMalicious
                172.217.19.228
                		www.google.comUnited States
                		15169GOOGLEUSfalse
                239.255.255.250
                		unknownReserved
                		unknownunknownfalse
                149.137.136.16
                		f005.backblazeb2.comUnited States
                		30103ZOOM-VIDEO-COMM-ASUSfalse

                Private

                IP
                192.168.2.4

                General Information

                Joe Sandbox version:41.0.0 Charoite
                Analysis ID:1573568
                Start date and time:2024-12-12 09:39:41 +01:00
                Joe Sandbox product:CloudBasic
                Overall analysis duration:0h 5m 22s
                Hypervisor based Inspection enabled:false
                Report type:full
                Cookbook file name:defaultwindowspdfcookbook.jbs
                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                Number of analysed new started processes analysed:13
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Sample name:Purchase_order-001.pdf
                Detection:MAL
                Classification:mal52.winPDF@38/53@5/4
                EGA Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Found application associated with file extension: .pdf
                • Found PDF document
                • Close Viewer

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                • Excluded IPs from analysis (whitelisted): 23.218.208.137, 23.32.238.147, 2.19.198.75, 23.32.238.89, 23.32.238.130, 52.22.41.97, 3.233.129.217, 3.219.243.226, 52.6.155.20, 162.159.61.3, 172.64.41.3, 23.195.61.56, 199.232.210.172, 23.32.238.163, 192.229.221.95, 142.250.181.131, 172.217.19.206, 64.233.163.84, 172.217.17.78, 172.217.19.10, 172.217.19.234, 142.250.181.10, 172.217.17.42, 172.217.17.74, 142.250.181.42, 216.58.208.234, 172.217.19.202, 142.250.181.138, 142.250.181.74, 172.217.17.46, 172.217.17.35, 23.218.208.109, 23.47.168.24, 4.245.163.56, 13.107.246.63
                • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, optimizationguide-pa.googleapis.com, clients1.google.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtCreateFile calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                03:40:43API Interceptor2x Sleep call for process: AcroCEF.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                239.255.255.250https://brand.site/896562718995127961820892Get hashmaliciousUnknownBrowse
                  https://chrysalis-lynx-nhfj.squarespace.com/Get hashmaliciousUnknownBrowse
                    https://kolobrownsalesye-fong.com/v/hum.ps1Get hashmaliciousUnknownBrowse
                      https://objmapper.com/CtmE0s2ZteC8BuQLNprxjCPB8gAgAcIi7niu-9oX3Q2eGet hashmaliciousUnknownBrowse
                        https://r.clk71.com/s.ashx?ms=AZ71:223314_102051&e=susanne_hentschel%40qvc.com&eId=74256157&c=h&url=https%3a%2f%2fwww.carltonusa.com%2fGet hashmaliciousUnknownBrowse
                          https://analytics-prd.aws.wehaa.net/trackings?value=1&action=click&category=external&origin=detailpage&url=http://notifix.info/scales/ec49f59be146f69f3ea00c211d5cccd90524b2cf7f8aec665534fc020c910734b9e18d0945bd518a0e55b407c5bf7443cf6179/paige_williams@newyorker.com&cat=firstpage&label_item_id=9633&label_owner_id=646&label_url=http://notifix.info/scales/ec49f59be146f69f3ea00c211d5cccd90524b2cf7f8aec665534fc020c910734b9e18d0945bd518a0e55b407c5bf7443cf6179/paige_williams@newyorker.com&idle=8d15bf95831b32126e4b3bd02a20cf592eade0e3442422aeaf0db14b2e91ae186a5549c468519863594ece59910ee541&tenant=minnesotastate.jobsGet hashmaliciousCaptcha PhishBrowse
                            https://analytics-prd.aws.wehaa.net/trackings?value=1&action=click&category=external&origin=detailpage&url=http://notifix.info/scales/0af634fca2eaf3a11c0597691f5616c7d16f5580d650d17201024b374ebe92a8e0c492c822b6be6f4332bb93acc2ba02298f78/christa_sgobba@condenast.com&cat=firstpage&label_item_id=9633&label_owner_id=646&label_url=http://notifix.info/scales/0af634fca2eaf3a11c0597691f5616c7d16f5580d650d17201024b374ebe92a8e0c492c822b6be6f4332bb93acc2ba02298f78/christa_sgobba@condenast.com&idle=8d15bf95831b32126e4b3bd02a20cf592eade0e3442422aeaf0db14b2e91ae186a5549c468519863594ece59910ee541&tenant=minnesotastate.jobsGet hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                              REMITTANCE_10023Tdcj.htmlGet hashmaliciousUnknownBrowse
                                phish_alert_iocp_v1.4.48 - 2024-12-11T151927.331.emlGet hashmaliciousUnknownBrowse
                                  https://planner.cloud.microsoft/Get hashmaliciousHTMLPhisherBrowse
                                    149.137.136.16https://lnkfwd.com/u/MhDkLABRGet hashmaliciousHTMLPhisherBrowse
                                      rQTI6IKszT.exeGet hashmaliciousUnknownBrowse
                                        LKEAHetlG6.exeGet hashmaliciousUnknownBrowse
                                          zCYHTVvEqm.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                            http://www.ln.run/BSrHQ/Get hashmaliciousUnknownBrowse
                                              https://f005.backblazeb2.com/file/roboties48/index.htmlGet hashmaliciousUnknownBrowse
                                                https://na4.docusign.net/Signing/EmailStart.aspx?a=ba2f41e9-baaf-4cfa-bac9-97afaa73a1c7&acct=97628bf5-2dcc-4379-8c8b-719995aa39f7&er=432aa911-ffaa-47c2-9cba-5584ad4ba6ecGet hashmaliciousHTMLPhisherBrowse
                                                  https://f005.backblazeb2.com/file/yahoos66/glogin.htmlGet hashmaliciousUnknownBrowse
                                                    https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=tg1j7YnlEUCGCEN8r-hdbL2y774DAIJEjU_nCKb9wOlUNUlFWjRMS0ZCNloyVTM4R0U3T0c1TjBCVi4uGet hashmaliciousHTMLPhisherBrowse
                                                      https://ecv.microsoft.com/BcEEKIqBNUGet hashmaliciousHTMLPhisherBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        bg.microsoft.map.fastly.netRequest for Quotations and specifications.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                        • 199.232.210.172
                                                        MHDeXPq2uB.exeGet hashmaliciousRedLineBrowse
                                                        • 199.232.210.172
                                                        n70CrSGL8G.exeGet hashmaliciousRedLineBrowse
                                                        • 199.232.214.172
                                                        1.eGet hashmaliciousDanaBotBrowse
                                                        • 199.232.210.172
                                                        xuhu.exeGet hashmaliciousAsyncRATBrowse
                                                        • 199.232.210.172
                                                        Review_Approval_rocjr.pdfGet hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                        • 199.232.210.172
                                                        https://computeroids.com/hp-printer-driver?utm_source=Google&utm_medium=Click&utm_campaign=HP&utm_term=%7Bkeywords%7D&utm_content=%7Bmedium%7D&tm=tt&ap=gads&aaid=adaHxflMmgPq7&camp_id=12260099411&ad_g_id=118845692873&keyword=install%20hp%20printer%20to%20computer&device=c&network=searchAd&adposition=&gad_source=5&gclid=EAIaIQobChMI0JDUvuabigMV_Uf_AR2MuQCMEAAYASAAEgKQMPD_BwEGet hashmaliciousPureLog StealerBrowse
                                                        • 199.232.210.172
                                                        phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                        • 199.232.210.172
                                                        Employee_Letter.pdfGet hashmaliciousHTMLPhisherBrowse
                                                        • 199.232.214.172
                                                        SSTS218947014.pdfGet hashmaliciousScreenConnect Tool, PhisherBrowse
                                                        • 199.232.210.172
                                                        f005.backblazeb2.comhttps://lnkfwd.com/u/MhDkLABRGet hashmaliciousHTMLPhisherBrowse
                                                        • 149.137.136.16
                                                        rQTI6IKszT.exeGet hashmaliciousUnknownBrowse
                                                        • 149.137.136.16
                                                        LKEAHetlG6.exeGet hashmaliciousUnknownBrowse
                                                        • 149.137.136.16
                                                        zCYHTVvEqm.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
                                                        • 149.137.136.16
                                                        http://www.ln.run/BSrHQ/Get hashmaliciousUnknownBrowse
                                                        • 149.137.136.16
                                                        https://f005.backblazeb2.com/file/roboties48/index.htmlGet hashmaliciousUnknownBrowse
                                                        • 149.137.136.16
                                                        https://na4.docusign.net/Signing/EmailStart.aspx?a=ba2f41e9-baaf-4cfa-bac9-97afaa73a1c7&acct=97628bf5-2dcc-4379-8c8b-719995aa39f7&er=432aa911-ffaa-47c2-9cba-5584ad4ba6ecGet hashmaliciousHTMLPhisherBrowse
                                                        • 149.137.136.16
                                                        https://f005.backblazeb2.com/file/yahoos66/glogin.htmlGet hashmaliciousUnknownBrowse
                                                        • 149.137.136.16
                                                        https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=tg1j7YnlEUCGCEN8r-hdbL2y774DAIJEjU_nCKb9wOlUNUlFWjRMS0ZCNloyVTM4R0U3T0c1TjBCVi4uGet hashmaliciousHTMLPhisherBrowse
                                                        • 149.137.136.16
                                                        https://ecv.microsoft.com/BcEEKIqBNUGet hashmaliciousHTMLPhisherBrowse
                                                        • 149.137.136.16

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        ZOOM-VIDEO-COMM-ASUSteste.i686.elfGet hashmaliciousMirai, Moobot, OkiruBrowse
                                                        • 149.137.206.106
                                                        x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                        • 198.251.214.52
                                                        x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                        • 149.137.95.155
                                                        pbnpvwfhco.elfGet hashmaliciousUnknownBrowse
                                                        • 149.137.206.127
                                                        la.bot.sparc.elfGet hashmaliciousUnknownBrowse
                                                        • 149.137.206.109
                                                        https://lnkfwd.com/u/MhDkLABRGet hashmaliciousHTMLPhisherBrowse
                                                        • 149.137.136.16
                                                        la.bot.mips.elfGet hashmaliciousUnknownBrowse
                                                        • 64.211.148.226
                                                        novo.ppc440fp.elfGet hashmaliciousMirai, MoobotBrowse
                                                        • 204.80.105.51
                                                        https://reviewscope.s3.us-east-005.backblazeb2.com/info.htmGet hashmaliciousUnknownBrowse
                                                        • 149.137.136.9
                                                        rQTI6IKszT.exeGet hashmaliciousUnknownBrowse
                                                        • 149.137.136.16

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):292
                                                        Entropy (8bit):5.189915277452635
                                                        Encrypted:false
                                                        SSDEEP:6:770f+q2Pwkn2nKuAl9OmbnIFUt8O7hdXZmw+O7hd3VkwOwkn2nKuAl9OmbjLJ:74mvYfHAahFUt8OVdX/+OVdF5JfHAaSJ
                                                        MD5:193FBBC770C122B92A648CCDCCA8507C
                                                        SHA1:C7DCB3A85C2F48F982D8190C73060CE5AD05A1C8
                                                        SHA-256:01D5ECFF1A2E3CC32585A24497E2771B56C53F4D646731A174529F8563B56767
                                                        SHA-512:063B0564EEFB366F2C2072530481EEA3A0F2EEB84152199F57FA541B7A83A732BB43013EC37ACB6F24E94020764480189C4E02573C3E9792D0A03C17186D908D
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:2024/12/12-03:40:33.582 1be8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/12-03:40:33.585 1be8 Recovering log #3.2024/12/12-03:40:33.585 1be8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):292
                                                        Entropy (8bit):5.189915277452635
                                                        Encrypted:false
                                                        SSDEEP:6:770f+q2Pwkn2nKuAl9OmbnIFUt8O7hdXZmw+O7hd3VkwOwkn2nKuAl9OmbjLJ:74mvYfHAahFUt8OVdX/+OVdF5JfHAaSJ
                                                        MD5:193FBBC770C122B92A648CCDCCA8507C
                                                        SHA1:C7DCB3A85C2F48F982D8190C73060CE5AD05A1C8
                                                        SHA-256:01D5ECFF1A2E3CC32585A24497E2771B56C53F4D646731A174529F8563B56767
                                                        SHA-512:063B0564EEFB366F2C2072530481EEA3A0F2EEB84152199F57FA541B7A83A732BB43013EC37ACB6F24E94020764480189C4E02573C3E9792D0A03C17186D908D
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:2024/12/12-03:40:33.582 1be8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/12/12-03:40:33.585 1be8 Recovering log #3.2024/12/12-03:40:33.585 1be8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):336
                                                        Entropy (8bit):5.182401706473758
                                                        Encrypted:false
                                                        SSDEEP:6:77lN+q2Pwkn2nKuAl9Ombzo2jMGIFUt8O7PHZZmw+O7HcFHVkwOwkn2nKuAl9OmT:7ivYfHAa8uFUt8O7HZ/+OE5JfHAa8RJ
                                                        MD5:4662F6571BA695783073534F28497134
                                                        SHA1:73EA2A65F0C95FF6247868BF7C4B6E19181ECE96
                                                        SHA-256:495571B263E371537CE90765F58F9374DAD465CFF06EADC291D2DC454C78A0BB
                                                        SHA-512:FD10E0B5E1946E2593C4D2C450F24BF12896BDC56377ECE0AC5BC86BB1E95B16521BDF4E844B930BBD04495454F00433D01B284F87A8C19E32B12D2881EEADC0
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:2024/12/12-03:40:33.877 1c88 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/12-03:40:33.880 1c88 Recovering log #3.2024/12/12-03:40:33.919 1c88 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):336
                                                        Entropy (8bit):5.182401706473758
                                                        Encrypted:false
                                                        SSDEEP:6:77lN+q2Pwkn2nKuAl9Ombzo2jMGIFUt8O7PHZZmw+O7HcFHVkwOwkn2nKuAl9OmT:7ivYfHAa8uFUt8O7HZ/+OE5JfHAa8RJ
                                                        MD5:4662F6571BA695783073534F28497134
                                                        SHA1:73EA2A65F0C95FF6247868BF7C4B6E19181ECE96
                                                        SHA-256:495571B263E371537CE90765F58F9374DAD465CFF06EADC291D2DC454C78A0BB
                                                        SHA-512:FD10E0B5E1946E2593C4D2C450F24BF12896BDC56377ECE0AC5BC86BB1E95B16521BDF4E844B930BBD04495454F00433D01B284F87A8C19E32B12D2881EEADC0
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:2024/12/12-03:40:33.877 1c88 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/12/12-03:40:33.880 1c88 Recovering log #3.2024/12/12-03:40:33.919 1c88 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\4686515a-804f-4933-b6b0-71fcaf051171.tmp

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):475
                                                        Entropy (8bit):4.967403857886107
                                                        Encrypted:false
                                                        SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                                                        MD5:B7761633048D74E3C02F61AD04E00147
                                                        SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                                                        SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                                                        SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\903845d4-3050-49d7-9858-481c82126a7b.tmp

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:JSON data
                                                        Category:modified
                                                        Size (bytes):475
                                                        Entropy (8bit):4.962772845380381
                                                        Encrypted:false
                                                        SSDEEP:12:YH/um3RA8sqm0WsBdOg2HOGAcaq3QYiubInP7E4TX:Y2sRdsAdMHxr3QYhbG7n7
                                                        MD5:3E8BD2080F682E1BAE74BA7776FE2037
                                                        SHA1:750E91942F7B42D7858D28C158C423CC0F353AED
                                                        SHA-256:B07603FB477C8BBA277D8D6EB61E195417174F54A99A3014A3A22B1B1D00DA67
                                                        SHA-512:3BB54095D33F5B44EB4F54D1D2F6A20934A40D5E51A982991EB2D07FD351AC9CF6D0DFB2F529DE778CA6FB524DDCACEFCD14D2F06F52D9A3F8F72DEE8CCC3D74
                                                        Malicious:false
                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13378552845648887","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":587691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):475
                                                        Entropy (8bit):4.967403857886107
                                                        Encrypted:false
                                                        SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                                                        MD5:B7761633048D74E3C02F61AD04E00147
                                                        SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                                                        SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                                                        SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                                                        Malicious:false
                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF6936e0.TMP (copy)

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):475
                                                        Entropy (8bit):4.967403857886107
                                                        Encrypted:false
                                                        SSDEEP:12:YH/um3RA8sqLsBdOg2HHfcaq3QYiubInP7E4TX:Y2sRdsVdMHO3QYhbG7n7
                                                        MD5:B7761633048D74E3C02F61AD04E00147
                                                        SHA1:72A2D446DF757BAEA2C7A58C050925976E4C9372
                                                        SHA-256:1A468796D744FCA806D1F828C07E0064AB6A1FA0E31DA3A403F12B9B89868B67
                                                        SHA-512:397A10C510FAA048E4AAB08A11B2AE14A09EE47EC4F5A2B47CE1A9580C2874ADE0F9F8FC287B9358C0FFEA4C89F8AB9270B9CA00064EA90CD2EF0EAD0A59369F
                                                        Malicious:false
                                                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340980889952523","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":146406},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4730
                                                        Entropy (8bit):5.261215274061149
                                                        Encrypted:false
                                                        SSDEEP:96:etJCV4FAsszrNamjTN/2rjYMta02fDtehgO7BtTgo7fMh3Z:etJCV4FiN/jTN/2r8Mta02fEhgO73gou
                                                        MD5:8064116E6A2995BC5046E51C2D20E4E8
                                                        SHA1:85CF540DB64A1A4BB567B78555AAF7FB0CF0351C
                                                        SHA-256:0E01CC6C8B3C3D7961D153660D238F97AFCBBBDCD7A438318F1BA38D7EA0BBF2
                                                        SHA-512:25F11883070ED86141948F0D597573EE69FF775C5641B9E820922C907605B0BB50195ACA13E9BF176618C9F31AF92A96CCDD80816EEFB46C603D03C5D5D30FC9
                                                        Malicious:false
                                                        Preview:*...#................version.1..namespace-['O.o................next-map-id.1.Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/.0>...r................next-map-id.2.Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/.1O..r................next-map-id.3.Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/.2.\.o................next-map-id.4.Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/.3....^...............Pnamespace-158f4913_074a_4bdf_b463_eb784cc805b4-https://rna-resource.acrobat.com/..|.^...............Pnamespace-6070ce43_6a74_4d0a_9cb8_0db6c3126811-https://rna-resource.acrobat.com/n..Fa...............Snamespace-fd2db5bd_ef7e_4124_bfa7_f036ce1d74e5-https://rna-v2-resource.acrobat.com/DQ..a...............Snamespace-cd5be8d1_42d2_481d_ac0e_f904ae470bda-https://rna-v2-resource.acrobat.com/i.`do................next-map-id.5.Pnamespace-de635bf2_6773_4d83_ad16_

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):324
                                                        Entropy (8bit):5.202389679657141
                                                        Encrypted:false
                                                        SSDEEP:6:77aSN+q2Pwkn2nKuAl9OmbzNMxIFUt8O7ZZZmw+O7udd3VkwOwkn2nKuAl9OmbzE:7mzvYfHAa8jFUt8OH/+OqF5JfHAa84J
                                                        MD5:7A2A986B3DA4FC390F46CDE27980A237
                                                        SHA1:7F222A3ED4045261209E089AFE19F59F2A8C783C
                                                        SHA-256:9DC1D8FEA81F6806C1F5B5CAEB3C6D718B0F98AE648F34976D993C3F9AFC5C59
                                                        SHA-512:145DBDFB348484A336D0AB928A91C155E3A2C1A1C8583E3BD22C6A1082281D9315C8D716CDBD1EF5B4A7DAABBCB4656DFD6F51C1BCAA13A2F17196D8FDE450E4
                                                        Malicious:false
                                                        Preview:2024/12/12-03:40:33.945 1c88 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/12-03:40:33.947 1c88 Recovering log #3.2024/12/12-03:40:33.948 1c88 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:ASCII text
                                                        Category:dropped
                                                        Size (bytes):324
                                                        Entropy (8bit):5.202389679657141
                                                        Encrypted:false
                                                        SSDEEP:6:77aSN+q2Pwkn2nKuAl9OmbzNMxIFUt8O7ZZZmw+O7udd3VkwOwkn2nKuAl9OmbzE:7mzvYfHAa8jFUt8OH/+OqF5JfHAa84J
                                                        MD5:7A2A986B3DA4FC390F46CDE27980A237
                                                        SHA1:7F222A3ED4045261209E089AFE19F59F2A8C783C
                                                        SHA-256:9DC1D8FEA81F6806C1F5B5CAEB3C6D718B0F98AE648F34976D993C3F9AFC5C59
                                                        SHA-512:145DBDFB348484A336D0AB928A91C155E3A2C1A1C8583E3BD22C6A1082281D9315C8D716CDBD1EF5B4A7DAABBCB4656DFD6F51C1BCAA13A2F17196D8FDE450E4
                                                        Malicious:false
                                                        Preview:2024/12/12-03:40:33.945 1c88 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/12/12-03:40:33.947 1c88 Recovering log #3.2024/12/12-03:40:33.948 1c88 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241212084037Z-150.bmp

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                                                        Category:dropped
                                                        Size (bytes):65110
                                                        Entropy (8bit):2.273879121899696
                                                        Encrypted:false
                                                        SSDEEP:384:CDfCFAc4ceuuzCq5O6OQUulwXpJ2IDJoM5l2j/7AQ01F:CrC54cwCq5O6OQUNFJ7ioL1F
                                                        MD5:81BB0C0220A6A80FCE3927FBC8C4919E
                                                        SHA1:BC34CF170BE90F843091048D38F1BE5639C31CDF
                                                        SHA-256:04E8F558AB2FE045EB458625983ED37F85589B9D8F4D01BBCE093402A6166EC0
                                                        SHA-512:883AA41FF58A23CDE1B28FE51133E26A56B31B2EF9D4E8A7F6B7005BE1B03C3C8752AC0A0B267F439F8445832DF69C9D8D45F95C053A7A9A9B3B5CCC0614B3DF
                                                        Malicious:false
                                                        Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
                                                        Category:dropped
                                                        Size (bytes):86016
                                                        Entropy (8bit):4.4450837493399815
                                                        Encrypted:false
                                                        SSDEEP:384:yezci5teiBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:rxs3OazzU89UTTgUL
                                                        MD5:7B08E4BA97D4FDA76B2971D171ABCCA8
                                                        SHA1:3A88210DCE7FAF2F2D3F87B0541B01BA79E42DB7
                                                        SHA-256:2F6A7C6847F57A14D7F1E0245CD37C6B2541C3921333654B7888C530AEDA83D0
                                                        SHA-512:DAA08CDC8C0A9C40EA99BAE14B0F8C0FF1115E9E3B696403492FD63403FAC3CFF655CFF0E694F23F8C5ED917C1210C3B87DA2D60D05F20F3664C648FD154DF74
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:SQLite Rollback Journal
                                                        Category:dropped
                                                        Size (bytes):8720
                                                        Entropy (8bit):3.7725158763076085
                                                        Encrypted:false
                                                        SSDEEP:48:7MEup/E2ioyV6ARioy9oWoy1Cwoy1XAaKOioy1noy1AYoy1Wioy1hioybioytAOb:7jupjurRFNSXKQHMbb9IVXEBodRBkH
                                                        MD5:C75FDEB1B5658BDF74051F90649C0D98
                                                        SHA1:6428EB1BBEE03AAA5B509EFE2AEC5E5F355AA4CA
                                                        SHA-256:5DFD51620561641817FEE3E903E5A0166B2E810B99D034901E0437DE4284D13E
                                                        SHA-512:9ADE6376327E95D8C1C6AD9DC888F0B99DC00CD0AC75518A0F77A4E17FE9F906ABB5A0F0C5ADA5F464F791FD5A7FA7675BFCC66D752DB3410522FF8E2C2B2D9C
                                                        Malicious:false
                                                        Preview:.... .c.....)c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:Certificate, Version=3
                                                        Category:dropped
                                                        Size (bytes):1391
                                                        Entropy (8bit):7.705940075877404
                                                        Encrypted:false
                                                        SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                                        MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                                        SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                                        SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                                        SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                                        Malicious:false
                                                        Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                        Category:dropped
                                                        Size (bytes):71954
                                                        Entropy (8bit):7.996617769952133
                                                        Encrypted:true
                                                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                        Malicious:false
                                                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):192
                                                        Entropy (8bit):2.7673182398396405
                                                        Encrypted:false
                                                        SSDEEP:3:kkFklUhdttfllXlE/HT8kDlXNNX8RolJuRdxLlGB9lQRYwpDdt:kKNh/eT8MNMa8RdWBwRd
                                                        MD5:3B777FD241AC553474157AC52C4771D3
                                                        SHA1:0741864A7FDC87E25C916A8731C95732876706B1
                                                        SHA-256:7ACF6EE0A4143D0648777B664F740ECD8F141C37DE971A11A3A2D2FE31407600
                                                        SHA-512:0ED06F5EB414868792244BD11F3BD2010FA84709BE060D7AD56D175486F21E06559BBC948E506E0E5137466A7FC57F7731EC89F05ACE69830F17F3F130AE03BE
                                                        Malicious:false
                                                        Preview:p...... ............qL..(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:data
                                                        Category:modified
                                                        Size (bytes):328
                                                        Entropy (8bit):3.2539954282295116
                                                        Encrypted:false
                                                        SSDEEP:6:kK3tL9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:/sDImsLNkPlE99SNxAhUe/3
                                                        MD5:AAE974F7E34E972F25085B12FC281013
                                                        SHA1:66883F463B586CFBD2C1B3C8F670B0DB85B96C5D
                                                        SHA-256:288186F19DE117387FEF3C16929B2B26C3313E597BF6113E0299098A37732051
                                                        SHA-512:8EE57840F830E2227D4F63161AE2D5B1B112BE2C14B151878137398EF7E99E4061855C3ABF3CA92FAED8093109D42969F552EFA3D7DC728A3D2F1454A9098D08
                                                        Malicious:false
                                                        Preview:p...... ........]..qL..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:PostScript document text
                                                        Category:dropped
                                                        Size (bytes):1233
                                                        Entropy (8bit):5.233980037532449
                                                        Encrypted:false
                                                        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                        MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                        Malicious:false
                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6312

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:PostScript document text
                                                        Category:dropped
                                                        Size (bytes):1233
                                                        Entropy (8bit):5.233980037532449
                                                        Encrypted:false
                                                        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                        MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                        Malicious:false
                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:PostScript document text
                                                        Category:dropped
                                                        Size (bytes):1233
                                                        Entropy (8bit):5.233980037532449
                                                        Encrypted:false
                                                        SSDEEP:24:kk8id8HxPsMTtrid8OPgx4sMDHFidZxDWksMwEidMKRxCsMWaOtidMLgxT2sMW0l:pkxPhtgNgx4pyZxakazxCIK2gxap
                                                        MD5:8BA9D8BEBA42C23A5DB405994B54903F
                                                        SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                                                        SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                                                        SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                                                        Malicious:false
                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:PostScript document text
                                                        Category:dropped
                                                        Size (bytes):10880
                                                        Entropy (8bit):5.214360287289079
                                                        Encrypted:false
                                                        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                        MD5:B60EE534029885BD6DECA42D1263BDC0
                                                        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                        Malicious:false
                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6312

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:PostScript document text
                                                        Category:dropped
                                                        Size (bytes):10880
                                                        Entropy (8bit):5.214360287289079
                                                        Encrypted:false
                                                        SSDEEP:192:SgAYm4DAv6oq6oCf6ocL6oz6o46ok6o16ok6oKls6oVtfZ6ojtou6o2ti16oGwX/:SV548vvqvSvivzv4vkv1vkvKlsvVtfZp
                                                        MD5:B60EE534029885BD6DECA42D1263BDC0
                                                        SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                                                        SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                                                        SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                                                        Malicious:false
                                                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):243196
                                                        Entropy (8bit):3.3450692389394283
                                                        Encrypted:false
                                                        SSDEEP:1536:vKPCPiyzDtrh1cK3XEivK7VK/3AYvYwgqErRo+RQn:yPClJ/3AYvYwghFo+RQn
                                                        MD5:F5567C4FF4AB049B696D3BE0DD72A793
                                                        SHA1:EBEADDE9FF0AF2C201A5F7CC747C9EA61CFA6916
                                                        SHA-256:D8DBFE71873929825A420F73821F3FF0254D51984FAAA82E1B89D31188F77C04
                                                        SHA-512:E769735991E5B1331E259608854D00CDA4F3E92285FDC500158CBD09CBCCEAD8A387F78256A43919B13EBE70C995D19242377C315B0CCBBD4F813251608C1D56
                                                        Malicious:false
                                                        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):295
                                                        Entropy (8bit):5.361505303446816
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJM3g98kUwPeUkwRe9:YvXKXExvla+WZc0vmuZGMbLUkee9
                                                        MD5:4745E20BC101619F5B92900BDFAF68A8
                                                        SHA1:8DB3B04655AB3DF690E12CB764AEDC957EEDC904
                                                        SHA-256:311428270C2FEA69B926AAF942BA05E5CA7BACA3E76FC8EF0C8D2F1F43AC2B6F
                                                        SHA-512:F344CAFA9FD22C44E4FC77C067257146454A6B6AD1917AE576C857739FF02FF7F1EA5EA8112C7F68926355BA0508A1D0218AD9048279E16B62A21988A3BC6B39
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):294
                                                        Entropy (8bit):5.310815905285705
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJfBoTfXpnrPeUkwRe9:YvXKXExvla+WZc0vmuZGWTfXcUkee9
                                                        MD5:475B8054358BCC338DF0C229B5E6FF7F
                                                        SHA1:4EC12B3B3CFF1617B7B5284D67139E45DB5EFE4B
                                                        SHA-256:7297120C5D086E31EFA19CD3D782D2B0C60AC46016533C41700D150044CB1166
                                                        SHA-512:446828F0230D86A242ECFD51F8D214C5391EC41ADE5065F6C9AF4B83382B86681E6F26833321CFEC60FA58617E12040D30D53045302D4FEC45DE2D9C2EED3490
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):294
                                                        Entropy (8bit):5.289522119512584
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJfBD2G6UpnrPeUkwRe9:YvXKXExvla+WZc0vmuZGR22cUkee9
                                                        MD5:9D9B0F6CBF3D65630D177300B4470ACC
                                                        SHA1:C88DA59CF9B21A1EDA9FAC8170FFCD68611D5640
                                                        SHA-256:4A397BB4E059F75701EF28ABB8A2C559DDA857E3F701F7B30719335A69600858
                                                        SHA-512:6CBDD9D17A73BCE278DCDD90187214FEFFD124B0D510205331AF3894D416F1BF1FC154CBEFB5FE3EA2BB1A170F04FCDAACBDB4E29DCE012740930C8E622A1937
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):285
                                                        Entropy (8bit):5.348450613751786
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJfPmwrPeUkwRe9:YvXKXExvla+WZc0vmuZGH56Ukee9
                                                        MD5:F05B0396167D1C4D8140A5A44CAAAE4E
                                                        SHA1:DE469CFC058F4FC32904F114FA99578540DEF8DB
                                                        SHA-256:0155A7DBD085F0E9CC3DC7D6F4A62DF5AC3007E66D57D6715960C6643081C293
                                                        SHA-512:2231D4C286B7D1FA04530FC5DEF4AB7D0C2C0CCEC6E99D258153A038B7A8470C04065E6C629D1790A3B82A628922A407F68D309AE34302B2ED14C77FCF9964CD
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):1123
                                                        Entropy (8bit):5.691769220877036
                                                        Encrypted:false
                                                        SSDEEP:24:Yv6XExs/zvWpLgE9cQx8LennAvzBvkn0RCmK8czOCCSK:Yvsehgy6SAFv5Ah8cv/K
                                                        MD5:66496232C868C2D99D2860A0EB77A50B
                                                        SHA1:2073FFA9D1C0DE9ACDD969BE9AC54D9CCE1992BC
                                                        SHA-256:4309CF56A7411BEE733437592BCBCD467B081A30A66BB3F94D022681C8B938F2
                                                        SHA-512:265DFC1B19E4787402EDF5464FA5D162E52295BC96D5A549BE1AAD094F66889DC9BF5567AC5382473C04A52344B1A5E06DE436EA3D429FA2A72746657AFD1D75
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):289
                                                        Entropy (8bit):5.295120752733234
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJf8dPeUkwRe9:YvXKXExvla+WZc0vmuZGU8Ukee9
                                                        MD5:FE15052ED03BE5C14B795DE5CED92AF1
                                                        SHA1:12A8C999282A4712DC9E47CF01DEA408BA46DF9C
                                                        SHA-256:3C73B117F350C9B1C4C720B1A1E2E4DCAEE8B7FB27A347884F8044F62EACB41C
                                                        SHA-512:49C1551D4A97E8C5E883B472A7EA5C4F08A499148F1AD3FF1FD53617A68C1E70100A5467AB5319F1CD8A01F92CC553F138B6EA730731096D5DC1CEBBE160EA16
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):292
                                                        Entropy (8bit):5.299653116401064
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJfQ1rPeUkwRe9:YvXKXExvla+WZc0vmuZGY16Ukee9
                                                        MD5:FBDE19EAF036BC7C7270C65AB6E11D2B
                                                        SHA1:B28D9BAED496651B7516BB7BF2FDE1225BE2D631
                                                        SHA-256:BDEEA3557B90AE3145087D1D6A37FF3BDE742DE7F1D2CFBC935123CDF3025C51
                                                        SHA-512:35802FD5DA07A6382E7649632750BB2BC5D2D76879972E19991AD9579C22932CCF4C53E2320A192FDE944879A22F3EE145922AAC8E9A407FBB60A083997BB63B
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):289
                                                        Entropy (8bit):5.303923799004334
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJfFldPeUkwRe9:YvXKXExvla+WZc0vmuZGz8Ukee9
                                                        MD5:D697197A0F741DAF1B9B2D425A8452ED
                                                        SHA1:8C20A968118271C43AE4E0DC640C30727EB26CFE
                                                        SHA-256:41F950EC995DDFF3F38CAEEAF58C0B43C772C07B700FF4EEF84D09663236E213
                                                        SHA-512:7C2EE736323008969455F997E52B6909FC9AA85C97E5A821B45EAB2F4902BBE02342C408B13B13E910E2D7609AA14AD6E08547BC192971F986426CC203AD2C90
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):295
                                                        Entropy (8bit):5.320265274151913
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJfzdPeUkwRe9:YvXKXExvla+WZc0vmuZGb8Ukee9
                                                        MD5:8BDCB949C2E5001FEF27CCF6917411A6
                                                        SHA1:41FE16CEA2BA48C65AEF72CB76A00B6AC9C81920
                                                        SHA-256:EDE67E061D42E63834E4E9DC7986B4B8B4631D34333C7D39B8A7C516E1792C10
                                                        SHA-512:46E1D826D1AC12DFAD760AD373DE978FCE494D0B0FED6B5AE3BC3D8CB2B8194CFA097C352DC9A0F8DB9D414F5030C00E3333CD3B62FFB225EE5AE7E622A26046
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):289
                                                        Entropy (8bit):5.301205213895014
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJfYdPeUkwRe9:YvXKXExvla+WZc0vmuZGg8Ukee9
                                                        MD5:5B24526D4B47989D44DF06EB3492383C
                                                        SHA1:4BE6D026146891AA037A8907465975238B0DA45A
                                                        SHA-256:21D747528C8FE4C710448A3FAD5078775E49D212ABA9463893F312006610D184
                                                        SHA-512:EB937F1F90A5165E90D229F16495B8774C901F2AFAB066B80BF8A95104022AF56ECE12B2B0C89C1C034CA53A1530219CAE150A904204A637945CB83ADE88A05D
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):284
                                                        Entropy (8bit):5.287276805272377
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJf+dPeUkwRe9:YvXKXExvla+WZc0vmuZG28Ukee9
                                                        MD5:BBF3EE08A4C1FDECBE3034F9619F3215
                                                        SHA1:A74BCCE91A20F7879A4B9D25B41EBA47F341B6EE
                                                        SHA-256:AFC0044796115222508C5A1405990D2C16E9FAACBE7C4F59D923AC9040611EA7
                                                        SHA-512:38649E035A35BE540135F752C1640C328D939698C59D37246B7BE0C3C472D68FAA34C856D778620243CD58DEA4737F3FB853FC5E80642654F1502F3C5AA15CEF
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):291
                                                        Entropy (8bit):5.284744028311867
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJfbPtdPeUkwRe9:YvXKXExvla+WZc0vmuZGDV8Ukee9
                                                        MD5:0E921F349B7D1A69345E1A1117C339CC
                                                        SHA1:25DBAD6FEA931539C320160EFC2C503D4352EA14
                                                        SHA-256:D9DBDE1AB80463E5F12E9640375CF427FA5E77BAE7AA7E45C0B071626BAF9451
                                                        SHA-512:597ED8498281CC1D7CD2F21D05F6AF59F71F14ADF071CDDC3BFC77B60044A8FAFAD15E8259743C5CBDABDE3B5BDD3B90C31876DE2A6223F81779A43CD82E7E09
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):287
                                                        Entropy (8bit):5.289708028495138
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJf21rPeUkwRe9:YvXKXExvla+WZc0vmuZG+16Ukee9
                                                        MD5:212D6FBCC11342B6C9D01D368496F07A
                                                        SHA1:8B2F45A4DA510CF56DF00757B2B66E15E410E1E9
                                                        SHA-256:7CBFB91CD0198D15363F16A490D09B2E3DCCFF25614D82CB568AF531A97A205E
                                                        SHA-512:F6FE3BF0D2F876B79448DAD1CD27EF98B495132D68D1FA6047DAB35D8AB66CD507A71A7BB22FF704885819FB09100FF808F6CE9864ACD0348357427842D58F51
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):1090
                                                        Entropy (8bit):5.670337246977815
                                                        Encrypted:false
                                                        SSDEEP:24:Yv6XExs/zvKamXayLgE+cNDxeNaqnAvz7xHn0RCmK8czOC/BSK:YvscBgkDMUJUAh8cvMK
                                                        MD5:FA43C5BA3FD9F508D95583D7F4D8217F
                                                        SHA1:8B702D5B49613AFFBF02443F1781DB23335CFFAD
                                                        SHA-256:2068C276F0723EA7EBFEF596A15531FF5EABC79D780DF0F088125BB2E498EACA
                                                        SHA-512:435187A8A002714756403A21B2783559B63E75256701CD3A4187866A646A033ED0C57448470D4A99CBA71F50BCEEE23F318835DEDFB0414826A9AA1B12E458E9
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):286
                                                        Entropy (8bit):5.264760852207429
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJfshHHrPeUkwRe9:YvXKXExvla+WZc0vmuZGUUUkee9
                                                        MD5:3F79DB741788DC1B31A510E6C59EA63B
                                                        SHA1:643186C51C6DEC37456999E436FA5CAAC7BAFA58
                                                        SHA-256:95DA3522C7498D2930E055E8AF856FC1229DFEC63FC0E707E2C6B20268DAD590
                                                        SHA-512:0ADF60F5024D3C40FBEE4328EA2FD0446C8F759C1C774D37C8A94AD67C8816A5782474F6C8B09B73146BB2579D5DB221A771D628343F76D4D4F4441CFB765CD5
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):282
                                                        Entropy (8bit):5.278949108581385
                                                        Encrypted:false
                                                        SSDEEP:6:YEQXJ2HXPc7l3vsMapIHHVoZcg1vRcR0YX2JqoAvJTqgFCrPeUkwRe9:YvXKXExvla+WZc0vmuZGTq16Ukee9
                                                        MD5:28BD014C5F35DC2077DD017BD8480966
                                                        SHA1:9A3D8692282A980E18B5E3DCB84C63D4CE415570
                                                        SHA-256:4C0EE19603325C914D65DBECA32F99DFC8B65B538B572211AF98FFBD0B423766
                                                        SHA-512:D95DC259852078AC5F72956CD932327B9DEA902DA0A7AEC1E5A7A49961477861DB808DA5F4BAEE5770B45A468B6C8E202BDC6948180674375804C0645A2EA0D5
                                                        Malicious:false
                                                        Preview:{"analyticsData":{"responseGUID":"86540e51-8bfc-447d-9735-4a081f0f3daa","sophiaUUID":"BB455677-E4C2-45EB-A908-4974DBA96F4C"},"encodingScheme":true,"expirationDTS":1734168568740,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):4
                                                        Entropy (8bit):0.8112781244591328
                                                        Encrypted:false
                                                        SSDEEP:3:e:e
                                                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                                        Malicious:false
                                                        Preview:....

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:JSON data
                                                        Category:dropped
                                                        Size (bytes):2814
                                                        Entropy (8bit):5.133219510871227
                                                        Encrypted:false
                                                        SSDEEP:48:Y0WPaqljwhh/GQSB+wABrOPEKxWjDVUi2xv9YuH:ejwhh/GQSB+1lOyunlLH
                                                        MD5:2BCADA0739617795EB8936DAE481A3BE
                                                        SHA1:68CCEF0B4EF32682ECAC51FE374F921377B6D41B
                                                        SHA-256:73C7D1D5B4D221B6F98F7C5B08A4E31A998E2BF9CAE9CA6CEB76A6D363147F72
                                                        SHA-512:53928A40F38700FBCB71113ABF5A9578B0C75967ADD4AFC5503559A96917D8071A44942BE48F9C2BFF6D74D7EC15F9C74166D944A7401A247C5FA0ED1AC43AB4
                                                        Malicious:false
                                                        Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"e1778c26f7119aecd24f1559b00ef802","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1733992843000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"067f27e1a1435d0c8cfa3096791d50ab","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1733992843000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"58993f115c362e7e622a62f736b90696","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1733992843000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"0ea1433497f6b84ee534f5080f04f4d8","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1733992843000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"70237aabd2ff8a24fae93f640cfcce67","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1733992843000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"a7f4e341e3b65bdfc74eb1d51d1ea34c","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
                                                        Category:dropped
                                                        Size (bytes):12288
                                                        Entropy (8bit):1.1895774647544968
                                                        Encrypted:false
                                                        SSDEEP:48:TGufl2GL7msEHUUUUUUUUFgSvR9H9vxFGiDIAEkGVvpR+:lNVmswUUUUUUUUi+FGSItE
                                                        MD5:925A187544D527E3FA864F42F5BC6721
                                                        SHA1:5C2EDD51CB5DD29CD1067AE66C241CAB184A1C7D
                                                        SHA-256:3EC357EBD50FAC78309149741B747B399BB42586CDF29E1558582446365254D9
                                                        SHA-512:304206612D20F1F034612C32A5E69622B342EB880AA508C6BD39694AEF44A8C98D61B45578C76B87478AC434BE17575507F09CDD570571B55972F6AE46025354
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:SQLite Rollback Journal
                                                        Category:dropped
                                                        Size (bytes):8720
                                                        Entropy (8bit):1.6074598331438357
                                                        Encrypted:false
                                                        SSDEEP:48:7MaKUUUUUUUUUUFSvR9H9vxFGiDIAEkGVv9qFl2GL7msi:7SUUUUUUUUUUIFGSItnKVmsi
                                                        MD5:BD98C8D5712888CF5254878225AFE0A9
                                                        SHA1:8C6A399DFA79F1B6622EE2DBA66451CB43954887
                                                        SHA-256:0E79678C891631693AD3F2C0AE0CE09311F7FFF1EE6507085521F4C1DFAEEFB9
                                                        SHA-512:C580FF17CDB3CBF9786AECA6D17384E32EE8B2B2C7A65BD35461AAF0EAFE61F7A940AE24BF463DE3D9ED96AD69540459E967508ECA59F2F7DDCC2226EFABFD00
                                                        Malicious:false
                                                        Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):66726
                                                        Entropy (8bit):5.392739213842091
                                                        Encrypted:false
                                                        SSDEEP:768:RNOpblrU6TBH44ADKZEgOqcosLOPX+CHYg9rdejiPK9pP4Yyu:6a6TZ44ADEOqcRLOPX+C4l9p4K
                                                        MD5:CEBEEB5584367DE7C7F7F6E2F48DC9A0
                                                        SHA1:F1D6E5385F8755E5CE39FB1D91ECE1499166F112
                                                        SHA-256:4AA34B9D66140E8AF70C4415A7FF9D9FBBBB400F44AE2790E77C0950FF5938CB
                                                        SHA-512:FE43E7992AEB7401A11F1176BA1AB6C1F5CAEFC50AD9E872CF46AF05A629D5C11C75C4B9C6095A7C4B98FF354CB8A31085A8D3D4457BF62C747A0530783D2B2C
                                                        Malicious:false
                                                        Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                                                        C:\Users\user\AppData\Local\Temp\MSI8f69b.LOG

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):246
                                                        Entropy (8bit):3.50000825118868
                                                        Encrypted:false
                                                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8qKDguYH:Qw946cPbiOxDlbYnuRKtKEuYH
                                                        MD5:3154D412BF78AEC2684717BDAD3E952A
                                                        SHA1:D392D1DD9C5D8F245E14F1460F57EB5A24744335
                                                        SHA-256:E318C1FA80316B8B3C686702791D852EC12A9A1496A5DEFB65C0D428EBD14F7D
                                                        SHA-512:22BB8F8549FB98A05FFA38847925EE701C4B8B1B18545757BC9EBB57037BE7E477DE43537B495FBD309E584C767192F6D94898CE1A396B1548CFDF717257D422
                                                        Malicious:false
                                                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.2./.1.2./.2.0.2.4. . .0.3.:.4.0.:.4.0. .=.=.=.....

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-12-12 03-40-36-017.log

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:ASCII text, with very long lines (393)
                                                        Category:dropped
                                                        Size (bytes):16525
                                                        Entropy (8bit):5.345946398610936
                                                        Encrypted:false
                                                        SSDEEP:384:zHIq8qrq0qoq/qUILImCIrImI9IWdFdDdoPtPTPtP7ygyAydy0yGV///X/J/VokV:nNW
                                                        MD5:8947C10F5AB6CFFFAE64BCA79B5A0BE3
                                                        SHA1:70F87EEB71BA1BE43D2ABAB7563F94C73AB5F778
                                                        SHA-256:4F3449101521DA7DF6B58A2C856592E1359BA8BD1ACD0688ECF4292BA5388485
                                                        SHA-512:B76DB9EF3AE758F00CAF0C1705105C875838C7801F7265B17396466EECDA4BCD915DA4611155C5F2AD1C82A800C1BEC855E52E2203421815F915B77AA7331CA0
                                                        Malicious:false
                                                        Preview:SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:088+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=f94b8f43-fcd8-49f4-8c6e-bbf5cd863db9.1696420882088 Timestamp=2023-10-04T13:01:22:089+0100 ThreadID=3400 Component=ngl-lib_NglAppLib Description="SetConfig:

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):15114
                                                        Entropy (8bit):5.368310651671421
                                                        Encrypted:false
                                                        SSDEEP:384:q0doLo8oDvdvOvhvvGvrv1v1vq4vjvWvgetikioi+i6NPNDNENRNdRT8TwT2wUKJ:8hQ
                                                        MD5:F995A1BAACD3A626066798F253FF0C8E
                                                        SHA1:859D279B65B479B0C3467AAA0BC6093EB7C8A209
                                                        SHA-256:F92D21B604584EF38854F69450CA0D152B808946FB3E55EDA30A355B3DEA25FB
                                                        SHA-512:7EDC8640FEE09C333E1C080F2EAEFCEF078F368F06E689B25CA4D1B7B2E8408273E5AFCDB83DC2299CD2D3D4BF9BD0307997ED444C07F6C8D957045BCEB76513
                                                        Malicious:false
                                                        Preview:SessionID=f7c55783-ab06-477c-a15a-7ef3dc89547a.1733992836027 Timestamp=2024-12-12T03:40:36:027-0500 ThreadID=7748 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=f7c55783-ab06-477c-a15a-7ef3dc89547a.1733992836027 Timestamp=2024-12-12T03:40:36:045-0500 ThreadID=7748 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=f7c55783-ab06-477c-a15a-7ef3dc89547a.1733992836027 Timestamp=2024-12-12T03:40:36:045-0500 ThreadID=7748 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=f7c55783-ab06-477c-a15a-7ef3dc89547a.1733992836027 Timestamp=2024-12-12T03:40:36:045-0500 ThreadID=7748 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=f7c55783-ab06-477c-a15a-7ef3dc89547a.1733992836027 Timestamp=2024-12-12T03:40:36:046-0500 ThreadID=7748 Component=ngl-lib_NglAppLib Description="SetConf

                                                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):29752
                                                        Entropy (8bit):5.389641431710622
                                                        Encrypted:false
                                                        SSDEEP:768:anddBuBYZwcfCnwZCnR8Bu5hx18HoCnLlAY+iCBuzhLCnx1CnPrRRFS10l8gT2rt:5
                                                        MD5:9D9250BFCA9FA1F5A2BAA5598EC02B54
                                                        SHA1:8D3B9EE06A6A3B202D4F18480DD6076B0A9373F9
                                                        SHA-256:755E7217C103B632670245278735F1C30244DC2F54AD6872BC2569C381531835
                                                        SHA-512:24B806613F169F39BEFDD98DECD39CEF5B6B39DD13ECCFBD2A5B58770F2B8288B345207D4679D4F36FBFB2C48A2ADE59244A33EA7F50FC02E2ED45CBE5A767DE
                                                        Malicious:false
                                                        Preview:03-10-2023 12:50:40:.---2---..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ***************************************..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Starting NGL..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..03-10-2023 12:50:40:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..03-10-2023 12:50:40:.Closing File..03-10-

                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\1a9d4203-3a79-4501-890e-97103789929e.tmp

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                                                        Category:dropped
                                                        Size (bytes):1419751
                                                        Entropy (8bit):7.976496077007677
                                                        Encrypted:false
                                                        SSDEEP:24576:/nZwYIGNPzWL07oYGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:fZwZG5WLxYGZn3mlind9i4ufFXpAXkru
                                                        MD5:F43041C007C55C623135DD65EBCBE292
                                                        SHA1:0F5781369DB2C967A1795898030244B2E9D561F6
                                                        SHA-256:4F7827EA2E3ACAA6A1B5BC7969516DD8EF08AC789E9C5FBCE61A71D0553C2B8D
                                                        SHA-512:E5D1D615B902E4D66FD550BDF1418FE7D70BC08548EA006891F90CB183299D6700547205A3F2FEED6AE2C2F3A95B5F094356E4FB5451A36C4555CBFABE4D44F5
                                                        Malicious:false
                                                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\7ec3cb39-da11-483a-a4ba-65ad9c9e3239.tmp

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                                        Category:dropped
                                                        Size (bytes):386528
                                                        Entropy (8bit):7.9736851559892425
                                                        Encrypted:false
                                                        SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                                        MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                                        SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                                        SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                                        SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                                        Malicious:false
                                                        Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\94f51381-747c-4593-ab72-6166a56a1447.tmp

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                                        Category:dropped
                                                        Size (bytes):758601
                                                        Entropy (8bit):7.98639316555857
                                                        Encrypted:false
                                                        SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                                        MD5:3A49135134665364308390AC398006F1
                                                        SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                                        SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                                        SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                                        Malicious:false
                                                        Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                                        C:\Users\user\AppData\Local\Temp\acrocef_low\c66b4e56-ee68-48b4-a1d9-cffc38148f47.tmp

                                                        Download File
                                                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                                        Category:dropped
                                                        Size (bytes):1407294
                                                        Entropy (8bit):7.97605879016224
                                                        Encrypted:false
                                                        SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
                                                        MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
                                                        SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
                                                        SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
                                                        SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
                                                        Malicious:false
                                                        Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                                        Static File Info

                                                        General

                                                        File type:PDF document, version 2.0 (zip deflate encoded)
                                                        Entropy (8bit):7.990794691409106
                                                        TrID:
                                                        • Adobe Portable Document Format (5005/1) 100.00%
                                                        File name:Purchase_order-001.pdf
                                                        File size:40'883 bytes
                                                        MD5:b9ea0b9010bd7d0240958f962dd5117d
                                                        SHA1:eef8cc56809366554980f2c59ede43842fc20ec7
                                                        SHA256:92fd9207d8af4116e2fbbefd27d4f0be1063b2cb8249f998b751ddcf85e44348
                                                        SHA512:90a2226a6a7a101e680966e2e0c2ab2a137b5363835b07d3ab2a06ec5b63ab1cad6c718445bbdd022a0f0b488ffdafc0a462ee01a3515a744076403cedd7b9a6
                                                        SSDEEP:768:ZdCtfFVd+i26nDI0H0J7/2uSf+uIs4cZdI7BBMMSFSEghetuMS:oFV2ijH0Z2nf+ARZeBBCLtuj
                                                        TLSH:4503F12C9509133EEC2CA600E6CE127C9763E734868965D43D2F8598BA17D96CE79ECC
                                                        File Content Preview:%PDF-2.0.%.....1 0 obj<</Type/Catalog/Pages 3 0 R>>.endobj.2 0 obj<</Type/ObjStm/N 17/First 121/Filter/FlateDecode/Length 711>>stream.x...kO.0.....2....%F....M...M.VU(m.dtI..e...8ii.!X.h...u...\....H..x.A.C..4..3.L...E.8..q.%......]..b.q.1.......).q......

                                                        File Icon

                                                        Icon Hash:62cc8caeb29e8ae0

                                                        Static PDF Info

                                                        General

                                                        Header:%PDF-2.0
                                                        Total Entropy:7.990795
                                                        Total Bytes:40883
                                                        Stream Entropy:7.991918
                                                        Stream Bytes:40210
                                                        Entropy outside Streams:5.396997
                                                        Bytes outside Streams:673
                                                        Number of EOF found:1
                                                        Bytes after EOF:

                                                        Keywords Statistics

                                                        NameCount
                                                        obj5
                                                        endobj5
                                                        stream4
                                                        endstream4
                                                        xref0
                                                        trailer0
                                                        startxref1
                                                        /Page0
                                                        /Encrypt0
                                                        /ObjStm1
                                                        /URI0
                                                        /JS0
                                                        /JavaScript0
                                                        /AA0
                                                        /OpenAction0
                                                        /AcroForm0
                                                        /JBIG2Decode0
                                                        /RichMedia0
                                                        /Launch0
                                                        /EmbeddedFile0

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 12, 2024 09:40:35.791557074 CET49675443192.168.2.4173.222.162.32
                                                        Dec 12, 2024 09:41:00.259078979 CET49753443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:00.259176016 CET44349753149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:00.259254932 CET49753443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:00.260628939 CET49753443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:00.260668039 CET44349753149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:01.484564066 CET44349753149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:01.485090017 CET49753443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:01.485131979 CET44349753149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:01.486155987 CET44349753149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:01.486236095 CET49753443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:01.488821983 CET49753443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:01.488898993 CET44349753149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:01.489309072 CET49753443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:01.489326954 CET44349753149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:01.537863016 CET49753443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:01.920588970 CET44349753149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:01.920665979 CET44349753149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:01.920748949 CET49753443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:01.994931936 CET49753443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:01.994949102 CET44349753149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:02.054344893 CET49757443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:02.054379940 CET44349757149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:02.054438114 CET49757443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:02.054847002 CET49757443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:02.054860115 CET44349757149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:03.282655954 CET44349757149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:03.283077002 CET49757443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:03.283108950 CET44349757149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:03.283601046 CET44349757149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:03.283884048 CET49757443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:03.283951998 CET44349757149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:03.284039021 CET49757443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:03.331334114 CET44349757149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:03.720633030 CET44349757149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:03.720819950 CET44349757149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:03.721143007 CET49757443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:03.722337008 CET49757443192.168.2.4149.137.136.16
                                                        Dec 12, 2024 09:41:03.722357035 CET44349757149.137.136.16192.168.2.4
                                                        Dec 12, 2024 09:41:04.775183916 CET49758443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:41:04.775233030 CET44349758172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:41:04.775319099 CET49758443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:41:04.775542021 CET49758443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:41:04.775557041 CET44349758172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:41:06.471951008 CET44349758172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:41:06.472358942 CET49758443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:41:06.472395897 CET44349758172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:41:06.474050999 CET44349758172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:41:06.474128962 CET49758443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:41:06.475277901 CET49758443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:41:06.475380898 CET44349758172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:41:06.516527891 CET49758443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:41:06.516572952 CET44349758172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:41:06.563275099 CET49758443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:41:16.175103903 CET44349758172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:41:16.175199986 CET44349758172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:41:16.175417900 CET49758443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:41:16.408870935 CET49758443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:41:16.408943892 CET44349758172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:42:04.689659119 CET49838443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:42:04.689709902 CET44349838172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:42:04.689795017 CET49838443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:42:04.690098047 CET49838443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:42:04.690119982 CET44349838172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:42:06.380968094 CET44349838172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:42:06.381701946 CET49838443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:42:06.381732941 CET44349838172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:42:06.382200003 CET44349838172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:42:06.382505894 CET49838443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:42:06.382591963 CET44349838172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:42:06.422725916 CET49838443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:42:16.075547934 CET44349838172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:42:16.075695992 CET44349838172.217.19.228192.168.2.4
                                                        Dec 12, 2024 09:42:16.075752020 CET49838443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:42:16.428538084 CET49838443192.168.2.4172.217.19.228
                                                        Dec 12, 2024 09:42:16.428566933 CET44349838172.217.19.228192.168.2.4

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 12, 2024 09:40:42.090373039 CET5204853192.168.2.41.1.1.1
                                                        Dec 12, 2024 09:40:54.329560041 CET138138192.168.2.4192.168.2.255
                                                        Dec 12, 2024 09:41:00.071975946 CET5745253192.168.2.41.1.1.1
                                                        Dec 12, 2024 09:41:00.072117090 CET4988653192.168.2.41.1.1.1
                                                        Dec 12, 2024 09:41:00.140472889 CET53523461.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:41:00.211747885 CET53574521.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:41:00.212717056 CET53498861.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:41:00.409296036 CET53502441.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:41:03.098778009 CET53538561.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:41:04.625581026 CET6259853192.168.2.41.1.1.1
                                                        Dec 12, 2024 09:41:04.625713110 CET5608953192.168.2.41.1.1.1
                                                        Dec 12, 2024 09:41:04.762671947 CET53625981.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:41:04.773999929 CET53560891.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:41:12.623847008 CET53654141.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:41:20.062722921 CET53650651.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:41:38.921566963 CET53542131.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:42:00.016129017 CET53525251.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:42:01.517024994 CET53521011.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:42:31.016479969 CET53639961.1.1.1192.168.2.4
                                                        Dec 12, 2024 09:43:17.936712980 CET53620001.1.1.1192.168.2.4

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Dec 12, 2024 09:40:42.090373039 CET192.168.2.41.1.1.10xac1cStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                                                        Dec 12, 2024 09:41:00.071975946 CET192.168.2.41.1.1.10x37ddStandard query (0)f005.backblazeb2.comA (IP address)IN (0x0001)false
                                                        Dec 12, 2024 09:41:00.072117090 CET192.168.2.41.1.1.10xefa2Standard query (0)f005.backblazeb2.com65IN (0x0001)false
                                                        Dec 12, 2024 09:41:04.625581026 CET192.168.2.41.1.1.10x76f5Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                        Dec 12, 2024 09:41:04.625713110 CET192.168.2.41.1.1.10x6f67Standard query (0)www.google.com65IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Dec 12, 2024 09:40:42.228367090 CET1.1.1.1192.168.2.40xac1cNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                        Dec 12, 2024 09:40:43.990566969 CET1.1.1.1192.168.2.40x8197No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                        Dec 12, 2024 09:40:43.990566969 CET1.1.1.1192.168.2.40x8197No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                        Dec 12, 2024 09:41:00.211747885 CET1.1.1.1192.168.2.40x37ddNo error (0)f005.backblazeb2.com149.137.136.16A (IP address)IN (0x0001)false
                                                        Dec 12, 2024 09:41:04.762671947 CET1.1.1.1192.168.2.40x76f5No error (0)www.google.com172.217.19.228A (IP address)IN (0x0001)false
                                                        Dec 12, 2024 09:41:04.773999929 CET1.1.1.1192.168.2.40x6f67No error (0)www.google.com65IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • f005.backblazeb2.com
                                                        • https:

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.449753149.137.136.164435936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-12 08:41:01 UTC729OUTGET /file/gavupdas-viauto-downloas-serve-updated/Purchase+Order_001.vbs HTTP/1.1
                                                        Host: f005.backblazeb2.com
                                                        Connection: keep-alive
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        sec-ch-ua-platform: "Windows"
                                                        Upgrade-Insecure-Requests: 1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                        Sec-Fetch-Site: none
                                                        Sec-Fetch-Mode: navigate
                                                        Sec-Fetch-User: ?1
                                                        Sec-Fetch-Dest: document
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-12-12 08:41:01 UTC246INHTTP/1.1 403
                                                        Server: nginx
                                                        Date: Thu, 12 Dec 2024 08:41:01 GMT
                                                        Content-Type: application/json;charset=utf-8
                                                        Content-Length: 199
                                                        Connection: close
                                                        Cache-Control: max-age=0, no-cache, no-store
                                                        Strict-Transport-Security: max-age=63072000
                                                        2024-12-12 08:41:01 UTC199INData Raw: 7b 0a 20 20 22 63 6f 64 65 22 3a 20 22 64 6f 77 6e 6c 6f 61 64 5f 63 61 70 5f 65 78 63 65 65 64 65 64 22 2c 0a 20 20 22 6d 65 73 73 61 67 65 22 3a 20 22 43 61 6e 6e 6f 74 20 64 6f 77 6e 6c 6f 61 64 20 66 69 6c 65 2c 20 64 6f 77 6e 6c 6f 61 64 20 62 61 6e 64 77 69 64 74 68 20 6f 72 20 74 72 61 6e 73 61 63 74 69 6f 6e 20 28 43 6c 61 73 73 20 42 29 20 63 61 70 20 65 78 63 65 65 64 65 64 2e 20 53 65 65 20 74 68 65 20 43 61 70 73 20 26 20 41 6c 65 72 74 73 20 70 61 67 65 20 74 6f 20 69 6e 63 72 65 61 73 65 20 79 6f 75 72 20 63 61 70 2e 22 2c 0a 20 20 22 73 74 61 74 75 73 22 3a 20 34 30 33 0a 7d
                                                        Data Ascii: { "code": "download_cap_exceeded", "message": "Cannot download file, download bandwidth or transaction (Class B) cap exceeded. See the Caps & Alerts page to increase your cap.", "status": 403}


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.449757149.137.136.164435936C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-12 08:41:03 UTC662OUTGET /favicon.ico HTTP/1.1
                                                        Host: f005.backblazeb2.com
                                                        Connection: keep-alive
                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                        sec-ch-ua-mobile: ?0
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                        sec-ch-ua-platform: "Windows"
                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                        Sec-Fetch-Site: same-origin
                                                        Sec-Fetch-Mode: no-cors
                                                        Sec-Fetch-Dest: image
                                                        Referer: https://f005.backblazeb2.com/file/gavupdas-viauto-downloas-serve-updated/Purchase+Order_001.vbs
                                                        Accept-Encoding: gzip, deflate, br
                                                        Accept-Language: en-US,en;q=0.9
                                                        2024-12-12 08:41:03 UTC245INHTTP/1.1 404
                                                        Server: nginx
                                                        Date: Thu, 12 Dec 2024 08:41:03 GMT
                                                        Content-Type: application/json;charset=UTF-8
                                                        Content-Length: 43
                                                        Connection: close
                                                        Cache-Control: max-age=0, no-cache, no-store
                                                        Strict-Transport-Security: max-age=63072000
                                                        2024-12-12 08:41:03 UTC43INData Raw: 7b 0a 20 20 22 63 6f 64 65 22 3a 20 22 6e 6f 74 5f 66 6f 75 6e 64 22 2c 0a 20 20 22 73 74 61 74 75 73 22 3a 20 34 30 34 0a 7d 0a
                                                        Data Ascii: { "code": "not_found", "status": 404}


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:03:40:32
                                                        Start date:12/12/2024
                                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Purchase_order-001.pdf"
                                                        Imagebase:0x7ff6bc1b0000
                                                        File size:5'641'176 bytes
                                                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:1
                                                        Start time:03:40:33
                                                        Start date:12/12/2024
                                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                                        Imagebase:0x7ff74bb60000
                                                        File size:3'581'912 bytes
                                                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:3
                                                        Start time:03:40:33
                                                        Start date:12/12/2024
                                                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1668,i,11315360981870695973,8460651063831671874,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                                        Imagebase:0x7ff74bb60000
                                                        File size:3'581'912 bytes
                                                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:9
                                                        Start time:03:40:58
                                                        Start date:12/12/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://f005.backblazeb2.com/file/gavupdas-viauto-downloas-serve-updated/Purchase+Order_001.vbs"
                                                        Imagebase:0x7ff76e190000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:10
                                                        Start time:03:40:59
                                                        Start date:12/12/2024
                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1956,i,10788683583747250684,14816824960367168231,262144 /prefetch:8
                                                        Imagebase:0x7ff76e190000
                                                        File size:3'242'272 bytes
                                                        MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        Disassembly

                                                        No disassembly