Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
New Vendor Setup Form (1).pdf

Overview

General Information

Sample name:New Vendor Setup Form (1).pdf
Analysis ID:1528507
MD5:a5e16d4ae1897b79c40b974a9a87cbb7
SHA1:459c04f1ef78bc954f79ae72005c6535367ce7a6
SHA256:bde712d7f3521fb86d53826f9de2b96d744cd6692f3334fb80861dd4cc299c7c
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Contains long sleeps (>= 3 min)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64
  • Acrobat.exe (PID: 6672 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\New Vendor Setup Form (1).pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AdobeCollabSync.exe (PID: 1472 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 6532 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1472 MD5: 8A41FC5F946230805512B943C45AC9D8)
        • FullTrustNotifier.exe (PID: 1868 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri MD5: 92366A2F482926C3D0DD02D6F952F742)
    • AdobeCollabSync.exe (PID: 6352 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 5428 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6352 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 1088 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 4592 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1088 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 5236 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7056 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5236 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 2680 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 7140 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2680 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AdobeCollabSync.exe (PID: 2992 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c MD5: 8A41FC5F946230805512B943C45AC9D8)
      • AdobeCollabSync.exe (PID: 3192 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2992 MD5: 8A41FC5F946230805512B943C45AC9D8)
    • AcroCEF.exe (PID: 6484 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 4508 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1524,i,8648760949684156529,1724978059203320753,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 23.217.172.185:443 -> 192.168.2.5:49780
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficTCP traffic: 192.168.2.5:49780 -> 23.217.172.185:443
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownTCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 2D85F72862B55C4EADD9E66E06947F3D0.15.drString found in binary or memory: http://x1.i.lencr.org/
Source: FullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: FullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: FullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSd
Source: FullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSk
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3069010031.000001084BA48000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.
Source: AdobeCollabSync.exe, 00000003.00000003.2687947932.0000010849C68000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3353627468.0000010849C68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/bulk_entity_v1.json
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entit0n3
Source: AdobeCollabSync.exe, 00000003.00000003.3069010031.000001084BA48000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entitc
Source: AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/schemas/entity_v1.json
Source: AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmp, EntitySync-2024-10-07.log.3.drString found in binary or memory: https://comments.adobe.io/sync/
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/-
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/0
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/697:
Source: AdobeCollabSync.exe, 00000003.00000003.2688127864.000001084BD1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/76v
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/A
Source: AdobeCollabSync.exe, 00000003.00000003.2688167400.000001084BD19000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354563857.000001084BD1A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3180799658.000001084BD1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/G3
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/H
Source: AdobeCollabSync.exe, 00000003.00000003.2688167400.000001084BD19000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354563857.000001084BD1A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3180799658.000001084BD1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/P
Source: AdobeCollabSync.exe, 00000003.00000003.2688167400.000001084BD19000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354563857.000001084BD1A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3180799658.000001084BD1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/c3u
Source: AdobeCollabSync.exe, 00000003.00000003.2688167400.000001084BD19000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3180799658.000001084BD1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.io/sync/~&
Source: AdobeCollabSync.exe, 00000003.00000003.2687947932.0000010849C68000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3353627468.0000010849C68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.ions
Source: AdobeCollabSync.exe, 00000003.00000003.2687947932.0000010849C68000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3353627468.0000010849C68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://comments.adobe.ios
Source: AdobeCollabSync.exe, 00000002.00000002.3352938603.00000282276CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comR
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reviews.adobe.io
Source: FullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/g
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: classification engineClassification label: clean2.winPDF@41/59@2/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journalJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A910kwo7h_17dcpi8_4wc.tmpJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084B9D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084B9D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS content_item_revisions( content_item_revision_id TEXT PRIMARY KEY NOT NULL, cloud_etag TEXT DEFAULT NULL, cloud_version_id TEXT DEFAULT NULL, updated TIMESTAMP DEFAULT NULL, acl TEXT DEFAULT NULL, local_etag TEXT DEFAULT NULL, local_version_id TEXT DEFAULT NULL, request_id TEXT DEFAULT NULL, content_name TEXT DEFAULT NULL);
Source: AdobeCollabSync.exe, 00000003.00000003.2688084293.000001084BA48000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3069010031.000001084BA48000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT pending_request_id, request_type, content_item_id, context, pending_request_created, request_status, message, status_code, device_mapping_id FROM pending_requests;
Source: AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084B9D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS resource_revisions ( revision_id TEXT PRIMARY KEY NOT NULL, rel_to_content_item TEXT NOT NULL, resource_type TEXT NOT NULL, media_type TEXT NOT NULL, locator TEXT NOT NULL, committed INTEGER NOT NULL, hashType TEXT DEFAULT NULL, hash TEXT DEFAULT NULL, storageSize INTEGER DEFAULT 0, width INTEGER DEFAULT 0, height INTEGER DEFAULT 0);O
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\New Vendor Setup Form (1).pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1472
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6352
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1088
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5236
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2680
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2992
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1524,i,8648760949684156529,1724978059203320753,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -cJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1472Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUriJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6352Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1088Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5236
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2680
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2992
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1524,i,8648760949684156529,1724978059203320753,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: apphelp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vccorlib140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: vcruntime140.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: appcontracts.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: wintypes.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cdprt.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cdp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: windows.storage.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: wldp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: umpdc.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: propsys.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: dsreg.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: cryptsp.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: New Vendor Setup Form (1).pdfInitial sample: PDF keyword /JS count = 0
Source: New Vendor Setup Form (1).pdfInitial sample: PDF keyword /JavaScript count = 0
Source: A910kwo7h_17dcpi8_4wc.tmp.0.drInitial sample: PDF keyword /JS count = 0
Source: A910kwo7h_17dcpi8_4wc.tmp.0.drInitial sample: PDF keyword /JavaScript count = 0
Source: New Vendor Setup Form (1).pdfInitial sample: PDF keyword /Page count = 34
Source: New Vendor Setup Form (1).pdfInitial sample: PDF keyword startxref count = 34
Source: New Vendor Setup Form (1).pdfInitial sample: PDF keyword stream count = 303
Source: New Vendor Setup Form (1).pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: New Vendor Setup Form (1).pdfInitial sample: PDF keyword /ObjStm count = 11
Source: New Vendor Setup Form (1).pdfInitial sample: PDF keyword endobj count = 651
Source: New Vendor Setup Form (1).pdfInitial sample: PDF keyword endstream count = 303
Source: New Vendor Setup Form (1).pdfInitial sample: PDF eof value = 34
Source: New Vendor Setup Form (1).pdfInitial sample: PDF keyword obj count = 651
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 86400000Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeThread delayed: delay time: 86400000Jump to behavior
Source: AdobeCollabSync.exe, 0000000B.00000002.2167990716.000002070ABD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllt8
Source: AdobeCollabSync.exe, 0000000B.00000002.2167990716.000002070ABD8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: AdobeCollabSync.exe, 00000006.00000002.2125381057.000001EC253D8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll>
Source: AdobeCollabSync.exe, 00000002.00000002.3352938603.00000282275EC000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3353454670.0000010849C29000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000004.00000002.2106924837.000001C83ACF8000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000005.00000002.2105607441.0000018041BC9000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000007.00000002.2124502572.000001B6EE46A000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000008.00000002.2148975790.00000197AC658000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000009.00000002.2147827502.00000212CC768000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000A.00000002.2169540270.000001FD8A708000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 0000000D.00000002.2190041452.000002971B7B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AdobeCollabSync.exe, 0000000C.00000002.2191404427.0000015CA6858000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]]
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Virtualization/Sandbox Evasion		LSASS Memory11
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager2
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528507 Sample: New Vendor Setup Form (1).pdf Startdate: 08/10/2024 Architecture: WINDOWS Score: 2 35 x1.i.lencr.org 2->35 8 Acrobat.exe 18 79 2->8         started        process3 process4 10 AdobeCollabSync.exe 1 13 8->10         started        12 AcroCEF.exe 8->12         started        14 AdobeCollabSync.exe 1 8->14         started        16 4 other processes 8->16 process5 18 AdobeCollabSync.exe 2 23 10->18         started        20 AcroCEF.exe 12->20         started        23 AdobeCollabSync.exe 14->23         started        25 AdobeCollabSync.exe 16->25         started        27 AdobeCollabSync.exe 16->27         started        29 AdobeCollabSync.exe 16->29         started        31 AdobeCollabSync.exe 16->31         started        dnsIp6 33 FullTrustNotifier.exe 18->33         started        37 23.217.172.185, 443, 49780 AKAMAI-ASUS United States 20->37 process7

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://x1.i.lencr.org/0%URL Reputationsafe
https://android.notify.windows.com/iOS0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
x1.i.lencr.org
unknown
unknownfalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://android.notify.windows.com/iOSkFullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
      		unknown
      http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D0.15.drfalse
      • URL Reputation: safe
      		unknown
      https://comments.adobe.AdobeCollabSync.exe, 00000003.00000002.3353954677.000001084BA29000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000003.3069010031.000001084BA48000.00000004.00000020.00020000.00000000.sdmp, AdobeCollabSync.exe, 00000003.00000002.3354358422.000001084BA49000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        https://android.notify.windows.com/iOSdFullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
          		unknown
          https://android.notify.windows.com/iOSFullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppFullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            https://wns.windows.com/gFullTrustNotifier.exe, 00000010.00000002.2230784101.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              23.217.172.185
              		unknownUnited States
              		16625AKAMAI-ASUSfalse

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1528507
              Start date and time:2024-10-08 00:20:41 +02:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 5m 13s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:defaultwindowspdfcookbook.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:22
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:New Vendor Setup Form (1).pdf
              Detection:CLEAN
              Classification:clean2.winPDF@41/59@2/1
              Cookbook Comments:
              • Found application associated with file extension: .pdf
              • Found PDF document
              • Close Viewer

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 95.101.148.135, 184.28.88.176, 54.144.73.197, 34.193.227.236, 107.22.247.231, 18.207.85.246, 162.159.61.3, 172.64.41.3, 2.23.197.184, 2.19.126.143, 2.19.126.149, 23.44.133.36
              • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, otelrules.azureedge.net, e4578.dscb.akamaiedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, d.4.1.9.1.6.7.1.0.0.0.0.0.0.0.0.1.0.0.9.0.0.1.f.1.1.1.0.1.0.a.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, ocsp.digicert.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, crl.root-x1.letsencrypt.org.edgekey.net
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size getting too big, too many NtCreateFile calls found.
              • Report size getting too big, too many NtCreateKey calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • VT rate limit hit for: New Vendor Setup Form (1).pdf

              Simulations

              Behavior and APIs

              TimeTypeDescription
              18:21:36API Interceptor339255x Sleep call for process: AdobeCollabSync.exe modified
              18:22:01API Interceptor1x Sleep call for process: AcroCEF.exe modified

              LLM Input / Output

              InputOutput
              URL: PDF document Model: jbxai
              {
"brand":["Atrium Hospitality"],
"contains_trigger_text":true,
"trigger_text":"Vendor SET-UP REQUEST CHECKLIST",
"prominent_button_name":"unknown",
"text_input_field_labels":["Embassy Suites by Hilton Huntsville Hotel and",
"Vendor W-9 form (Current year)",
"Electronic Funds Transfer (EFT) Vendor banking information",
"Form Property Name:"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"text":"The following forms must be completed and submitted to Atrium Hospitality Accounts Payable Vendor Department in order for a vendor to be added to the master vendor file. Vendor Maintenance Form Vendor W-9 form (Current year) Electronic Funds Transfer (EFT) Vendor banking information Form Property Name: Embassy Suites by Hilton Huntsville Hotel and Please send the signed and dated completed forms to apvendors@atriumhospitality.com The following documents must accompany a request for new vendor or a request to update Vendor Records. Failure to provide this support will result in a delay in the vendor receiving payment or Vendor Maintenance. 1) W-9 Form (2) ACH Form (3) Bank Letter or voided check",
"has_visible_qrcode":false}

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              23.217.172.185COVID-19.pdfGet hashmaliciousPDFPhishBrowse
                Globalfoundries.com_Report_46279.pdfGet hashmaliciousHTMLPhisherBrowse

                  Domains

                  No context

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  AKAMAI-ASUS9Y6R8fs0wd.exeGet hashmaliciousLummaCBrowse
                  • 104.102.49.254
                  file.exeGet hashmaliciousLummaCBrowse
                  • 104.102.49.254
                  PFW1cgN8EK.exeGet hashmaliciousLummaCBrowse
                  • 104.102.49.254
                  file.exeGet hashmaliciousLummaCBrowse
                  • 104.102.49.254
                  SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exeGet hashmaliciousLummaCBrowse
                  • 104.102.49.254
                  utmggBCMML.exeGet hashmaliciousLummaCBrowse
                  • 104.102.49.254
                  lihZ6gUU7V.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                  • 104.102.49.254
                  Bn7LPdQA1s.exeGet hashmaliciousLummaC, VidarBrowse
                  • 104.102.49.254
                  https://www.dropbox.com/scl/fi/qo6796ed7hlrt0v8k9nr6/Patagonia-Health-Barcode-Scanner-Setup-2024.exe?rlkey=5bmndvx8124ztopqewiogbnlt&st=yvxpokhf&dl=0Get hashmaliciousUnknownBrowse
                  • 184.28.90.27
                  file.exeGet hashmaliciousLummaCBrowse
                  • 104.102.49.254

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):294
                  Entropy (8bit):5.218957090966429
                  Encrypted:false
                  SSDEEP:6:e3L+q2P92nKuAl9OmbnIFUt8muoKWZmw+FI+LVkwO92nKuAl9OmbjLJ:WL+v4HAahFUt8m6W/+hLV5LHAaSJ
                  MD5:3B44C0E8DA76431C84988508AAC5578B
                  SHA1:2AA1B5B98C1ADA1D4A039804841B0BEBA8265FFE
                  SHA-256:9B5139C5E72CF82D75342F95B88EDE3FAA18B570A6DD9C30A8DF711D0CCD147A
                  SHA-512:511C8A37C40B576D0F5E4A534DDABE76C60953305515C2ED8350B061DEB0E2CF7231BB87A8D75AF753000BC60B1F5FF62704E0BB7C2977DFC4DF57B39F0C8FF9
                  Malicious:false
                  Preview:2024/10/07-18:21:49.995 15cc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-18:21:49.998 15cc Recovering log #3.2024/10/07-18:21:49.999 15cc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):294
                  Entropy (8bit):5.218957090966429
                  Encrypted:false
                  SSDEEP:6:e3L+q2P92nKuAl9OmbnIFUt8muoKWZmw+FI+LVkwO92nKuAl9OmbjLJ:WL+v4HAahFUt8m6W/+hLV5LHAaSJ
                  MD5:3B44C0E8DA76431C84988508AAC5578B
                  SHA1:2AA1B5B98C1ADA1D4A039804841B0BEBA8265FFE
                  SHA-256:9B5139C5E72CF82D75342F95B88EDE3FAA18B570A6DD9C30A8DF711D0CCD147A
                  SHA-512:511C8A37C40B576D0F5E4A534DDABE76C60953305515C2ED8350B061DEB0E2CF7231BB87A8D75AF753000BC60B1F5FF62704E0BB7C2977DFC4DF57B39F0C8FF9
                  Malicious:false
                  Preview:2024/10/07-18:21:49.995 15cc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-18:21:49.998 15cc Recovering log #3.2024/10/07-18:21:49.999 15cc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):338
                  Entropy (8bit):5.146078822038354
                  Encrypted:false
                  SSDEEP:6:nBO4q2P92nKuAl9Ombzo2jMGIFUt8YPuRJZmw+YPuRDkwO92nKuAl9Ombzo2jMmd:Btv4HAa8uFUt8P7/+PR5LHAa8RJ
                  MD5:4A2D88D6BF0FF7282BC72F983282B02C
                  SHA1:4D13E3D9C140F704E64639F7A0E8854FDB4E8872
                  SHA-256:D3579F82B538D48711CAE2614681A0B2CB39FB2CCEFE35E78EF18E374750A7C4
                  SHA-512:1EE3D9940FEA99577124C2C433BD6924163D176D4595615850AC8E686BB0F03E37A9CA0AF1F0E6F5812BF7327C8F024B1A89BF2C7C435D94F3DF346C09E620DE
                  Malicious:false
                  Preview:2024/10/07-18:21:50.046 1600 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-18:21:50.048 1600 Recovering log #3.2024/10/07-18:21:50.048 1600 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):338
                  Entropy (8bit):5.146078822038354
                  Encrypted:false
                  SSDEEP:6:nBO4q2P92nKuAl9Ombzo2jMGIFUt8YPuRJZmw+YPuRDkwO92nKuAl9Ombzo2jMmd:Btv4HAa8uFUt8P7/+PR5LHAa8RJ
                  MD5:4A2D88D6BF0FF7282BC72F983282B02C
                  SHA1:4D13E3D9C140F704E64639F7A0E8854FDB4E8872
                  SHA-256:D3579F82B538D48711CAE2614681A0B2CB39FB2CCEFE35E78EF18E374750A7C4
                  SHA-512:1EE3D9940FEA99577124C2C433BD6924163D176D4595615850AC8E686BB0F03E37A9CA0AF1F0E6F5812BF7327C8F024B1A89BF2C7C435D94F3DF346C09E620DE
                  Malicious:false
                  Preview:2024/10/07-18:21:50.046 1600 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-18:21:50.048 1600 Recovering log #3.2024/10/07-18:21:50.048 1600 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9bdd16a5-4475-4469-b51f-d73b141b3b18.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:JSON data
                  Category:modified
                  Size (bytes):508
                  Entropy (8bit):5.060555479443108
                  Encrypted:false
                  SSDEEP:12:YH/um3RA8sqCZhsBdOg2Hycaq3QYiubxnP7E4T3OF+:Y2sRds5gdMHd3QYhbxP7nbI+
                  MD5:F3C04766430A66A9C9D0BCF86530B908
                  SHA1:49642D4746CAE4628931932AA4DE5C74BD5B3304
                  SHA-256:25D2EC21FCDEA0D34BD3B15D4D89CA17732320575E45FE2AC411E52C65DAA54F
                  SHA-512:76D5FDC91786704EB8AB35573977D1F5E485D1EEC7877BF4C8F07A3637B63557BFDA9F475B64E5D6D8E361C2E18AD10AB256CB035690B7612F5D75A8309A66FE
                  Malicious:false
                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372899721006314","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":113360},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):508
                  Entropy (8bit):5.060555479443108
                  Encrypted:false
                  SSDEEP:12:YH/um3RA8sqCZhsBdOg2Hycaq3QYiubxnP7E4T3OF+:Y2sRds5gdMHd3QYhbxP7nbI+
                  MD5:F3C04766430A66A9C9D0BCF86530B908
                  SHA1:49642D4746CAE4628931932AA4DE5C74BD5B3304
                  SHA-256:25D2EC21FCDEA0D34BD3B15D4D89CA17732320575E45FE2AC411E52C65DAA54F
                  SHA-512:76D5FDC91786704EB8AB35573977D1F5E485D1EEC7877BF4C8F07A3637B63557BFDA9F475B64E5D6D8E361C2E18AD10AB256CB035690B7612F5D75A8309A66FE
                  Malicious:false
                  Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372899721006314","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":113360},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):4509
                  Entropy (8bit):5.236226886199951
                  Encrypted:false
                  SSDEEP:96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUNBBMjGMP0tjGMZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLg
                  MD5:2C9E11F033D9978F1EC645AA01A8EB38
                  SHA1:8C4E84791342754C564D56DBD7B59E61DD3D1C92
                  SHA-256:C28C54477FBEFA431D4868046008B51113CEBC18A5F7FEDE8F46F6571D3837A1
                  SHA-512:0B272D51BB3E651405A03FF53EC5F2C6F128C2842090C6EC60AF1A96D7DB63BD9EA739795529D59C23702C314A665B848E77158AD817874C5998C089EDA57DD3
                  Malicious:false
                  Preview:*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):326
                  Entropy (8bit):5.165162780566674
                  Encrypted:false
                  SSDEEP:6:nj44q2P92nKuAl9OmbzNMxIFUt8Y9RJZmw+YuDkwO92nKuAl9OmbzNMFLJ:jnv4HAa8jFUt8a/+R5LHAa84J
                  MD5:1B727FF71223591B7EB72BFC4DE299AE
                  SHA1:A178FADCBF2805736290697AE299C1B2A68EFEA1
                  SHA-256:2085C1FC423B789D00428E06B7C606EA6E058532E63CEBA4A4C4BB8FB48CE330
                  SHA-512:930DAA3E9149F4403532A516F0D656EE529E484A7D180787D127F72D9C268CB9F3ADABD83B4B062C38AF25234466C52C8C6670F80A1D7182BE64CE27DB910726
                  Malicious:false
                  Preview:2024/10/07-18:21:50.811 1600 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-18:21:50.843 1600 Recovering log #3.2024/10/07-18:21:50.848 1600 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                  C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):326
                  Entropy (8bit):5.165162780566674
                  Encrypted:false
                  SSDEEP:6:nj44q2P92nKuAl9OmbzNMxIFUt8Y9RJZmw+YuDkwO92nKuAl9OmbzNMFLJ:jnv4HAa8jFUt8a/+R5LHAa84J
                  MD5:1B727FF71223591B7EB72BFC4DE299AE
                  SHA1:A178FADCBF2805736290697AE299C1B2A68EFEA1
                  SHA-256:2085C1FC423B789D00428E06B7C606EA6E058532E63CEBA4A4C4BB8FB48CE330
                  SHA-512:930DAA3E9149F4403532A516F0D656EE529E484A7D180787D127F72D9C268CB9F3ADABD83B4B062C38AF25234466C52C8C6670F80A1D7182BE64CE27DB910726
                  Malicious:false
                  Preview:2024/10/07-18:21:50.811 1600 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-18:21:50.843 1600 Recovering log #3.2024/10/07-18:21:50.848 1600 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  File Type:SQLite 3.x database, last written using SQLite version 3040000, writer version 2, read version 2, file counter 1, database pages 1, cookie 0, schema 0, unknown 0 encoding, version-valid-for 1
                  Category:dropped
                  Size (bytes):4096
                  Entropy (8bit):0.08728080750134917
                  Encrypted:false
                  SSDEEP:3:lSWFN3sl+ltlFlo1Xll:l9Fys1fo
                  MD5:863BB379B267B2404CB64A3BC9B4A650
                  SHA1:139EDCE2C64569B81175543D1DE743EF474F4432
                  SHA-256:F7C1BC02F430EBD015E45159D9FD9E18643C4CDCCBB7E7733A248C8393CAA88C
                  SHA-512:6AFF907DDAFC78AF2186F58D7102A88527BCE5473D72C03607EFC49C56ABAA157191D391A1ED9350CC058E9BB37040C29DBA9E3A668F640DE0100A639F1D2F51
                  Malicious:false
                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-journal

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.28499812076190567
                  Encrypted:false
                  SSDEEP:3:7FEG2l/XnvlXFlFll:7+/l/X9X
                  MD5:B36E0C46C38A4DD96B44ABF78B223D45
                  SHA1:86A5613DA151A355AEC8A97692984D8798B25506
                  SHA-256:96C999B11F2DD96EDE35AE38F10DEF85CD49308FFAB52098BB7A11AE1E2C1236
                  SHA-512:C4A0E2537728E2981B9D7E4497C3A535898CA8933131CD6953692583CDBDCCEE85439883ED324987759A64F4DDCDA033B829CCECA75B6D667F342FD956CBEFB6
                  Malicious:false
                  Preview:.... .c.....2B%/................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-shm

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):0.06022429994991284
                  Encrypted:false
                  SSDEEP:6:Gz2PKh2PKbL9X8vl/UFl/Ojl/gZl/KgufS8f8/8il:7KcKVCcl/8cl/xufd8T
                  MD5:2B6ECB9BC4AB0C66FBB149FDB1C2E708
                  SHA1:EC2A5287AE0758EEA40B320533B6508101AC4E10
                  SHA-256:3412618991B4CDF7A42E8AAE1A9995D348771127FFD0EE10200A4F215482D9F9
                  SHA-512:CB73A58E3D6AD0947BF43AAD5D52A917FCAF4E917B3732EAAFB874D75DB04FD0023B957E7A1BC6915D9BFBDC7617E05E73C4A08446816B32A262CE58A03503C8
                  Malicious:false
                  Preview:..-........................Ldd.7.Y..(A.0....1.@...-........................Ldd.7.Y..(A.0....1.@.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\80307f885d209ff3421f3adf000d6b1e.db-wal

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  File Type:SQLite Write-Ahead Log, version 3007000
                  Category:dropped
                  Size (bytes):119512
                  Entropy (8bit):0.962315919686845
                  Encrypted:false
                  SSDEEP:192:vAY8S4TaQ3SiQmFevC9chlR38s4jd5D0LTwmcZG4N7aQ3SiB324mH4q4WiIaQ311:Yu4BAsAr4NZx5U4K
                  MD5:38A27A313C89DBC12250BB0C157FEB17
                  SHA1:C493795B6F09D1FC31EF65C2D9DBBBC6135CB76B
                  SHA-256:3E49E3E6194F4381748FA7ED309B889D5D19260143970189D253538968A6341A
                  SHA-512:EA1C75999AAAB74F58E6C0C06B603F63095BB6B7F19A138EF6FC758E02485A21F30F22E1B65316104113B536B58277B3CFE6E965BC56598BF9E81A6E41AFA71E
                  Malicious:false
                  Preview:7....-...........Y..(A.0..\.z.uj.........Y..(A.0.d.+ua.SQLite format 3......@ ..........................................................................c....................A...}...~...............D....................................................?...S-..indexsqlite_autoindex_pending_requests_1pending_requests..<...++../tabledevice_mappingsdevice_mappings.CREATE TABLE device_mappings ( .device_mapping_id TEXT PRIMARY KEY NOT NULL, .content_item_id TEXT NOT NULL, .content_item_type TEXT NOT NULL, .include_rel_types TEXT DEFAULT NULL, .include_depth INTEGER DEFAULT 0 NOT NULL, .branch TEXT DEFAULT NULL, .device_mapping_created TIMESTAMP DEFAULT (strftime('%s', 'now')) NOT NULL, .collection_id TEXT DEFAULT NULL, .TTL INTEGER DEFAULT 0 NOT NULL, .Priority INTEGER DEFAULT 0 NOT NULL, .app_info TEXT NOT NULL, .unPinned INTEGER DEFAULT 0 NOT NULL, .UNIQUE (content_item_id, branch))=...Q+..indexsqlite_autoindex_device_mappings_2device_mappings.=...Q+..indexsqlite_autoindex_device_mappings

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-10-07.log

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):2020
                  Entropy (8bit):5.184405762303542
                  Encrypted:false
                  SSDEEP:48:Lu2q2flEiMeLiMeLHowRcwJw0njwfE+otu9zE+oGna0E0i:Lu2q2NEiXiXH7r+0E8+op+oGna09i
                  MD5:0DB6403524BBF70344169849C234CBD4
                  SHA1:7E99FEA8E22C5A8C1C2428221E45F7BBF3AE59E5
                  SHA-256:6160EB96B0E2DF26430CFCD15DA651B8CBF0D1F6B86DFBF655EFC44EF0D03071
                  SHA-512:913F48B88EF44841DA6E4702D85ABF072AA321D01A3C4B4087C5E491B5E402CF51580CC2FE2B3D3FFB326F8C6250E9A9CBF8C3FA0651088067C35B1E438A8D1E
                  Malicious:false
                  Preview:20241007-182136.697: t=1a00: Info: app: Begin Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20241007-182136.697: t=1a00: Info: app: End Starting up (AppController.cpp.musync::AppControllerImpl::startHandler.305)..20241007-182136.697: t=07c8: Info: AppShell: End start (AppShell.cpp.musync::AppShell::startup.173)..20241007-182136.697: t=07c8: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20241007-182136.697: t=07c8: Info: Cosylib: getContext. baseUrl: https://comments.adobe.io/sync/ (CosyLibImpl.h.cosylib::CosyLibImpl::getContext.181)..20241007-182136.713: t=07c8: Info: Cosylib: getEntityClient (CosyLibImpl.h.cosylib::CosyLibImpl::getEntityClient.166)..20241007-182218.676: t=07c8: Info: ES::cosylib: EntityClientImpl::getRegisteredLoginInfo : (EntityClientImpl.cpp.cosylib::EntityClientImpl::getRegisteredLoginInfo.944)..20241007-182218.676: t=07c8: Info: ES::cosylib: RequestHandle :

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2024-10-08.log

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):400
                  Entropy (8bit):4.9154996100328
                  Encrypted:false
                  SSDEEP:6:t+AecrA2Z1dLEnF0NOWTvjCivjYMnjUi+AecQNAEf7f1dLEnFTTvjCivjYMtR:BecL1dLEmkIC2YUBecy9z1dLEJC2YA
                  MD5:B51A9B6C5089D7A5926FA12CA732B6D2
                  SHA1:1C6CFF08481FEB0374839EC0321CB5A4A0F06493
                  SHA-256:1EC3378773616C980DA634050F49781078398BC0CC5C0FA42DBFBF0C66F684C4
                  SHA-512:7A5536F869FD9C549EAF183095E8DE30FF60C7D4890B0685F0B6A961EAF19E4BDDEBB99267DE9B66BE6E5E165ECAB6EAEFDBF3C146E89E161EDFDC4A51950F05
                  Malicious:false
                  Preview:20241008-182218.670: t=1960: Info: ES::cosylib: messageType :entitysync.out.response.register.login.info responseJSON : (EntityClientImpl.cpp.cosylib::EntityClientImpl::processEntitySyncResponse.1492)..20241008-182218.670: t=1960: Info: ES::cosylib: Dispatch callback for : entitysync.out.response.register.login.info (EntityClientImpl.cpp.cosylib::EntityClientImpl::processEntitySyncResponse.1580)..

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 8, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):0.36835287347338636
                  Encrypted:false
                  SSDEEP:24:TLi7egbVH5hCAZIlE/F7iMXBxIV24bMo1Jllew:To1ZhCW0QfxHQd1
                  MD5:F391306DD8BAA3198B26D3C80A906E19
                  SHA1:6CD1B24D186F1CC68BF9097177DA5676C4A56422
                  SHA-256:62604481C477AF3F8813122011B9CEC6DDEE9A3992F3FAFE236E3E92FC62E680
                  SHA-512:5AD524078462D761F0F01933EBFC3714B44C93296BD4EDAB34B59CB833D1D9334CE830E196D2BD2BDA82837914E91B2B53E848EDC9BD04B7EDCC31D7DFD9DD53
                  Malicious:false
                  Preview:SQLite format 3......@ ..........................................................................c.......2........h...2................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Acrobat\RFL\LocalMapping\RFLDB230-journal

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.28499812076190567
                  Encrypted:false
                  SSDEEP:3:7FEG2l/sfXHlFll:7+/l/mX
                  MD5:5699F78C9758177B4A398607E0E030D9
                  SHA1:BA1A4644452A8E3C3B1109782D36005223396153
                  SHA-256:A59B59958A9DE605D80F4720C40F32341EC2433CACEAF8E19051B66279FFF32E
                  SHA-512:1B53128723E415046416A9938F95E3A01E75FF17708B3EE2ACE7397F99F13321B0DCBB0DBA2CE81A1C234580D721B64E2E74FA89560686A19DC0D217EEFF0F6B
                  Malicious:false
                  Preview:.... .c.......'.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007222153Z-557.bmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                  Category:dropped
                  Size (bytes):71190
                  Entropy (8bit):1.2817531146957999
                  Encrypted:false
                  SSDEEP:192:7yZaKNBpzsGsh1pfAq9TnzBXRo87KP7MNhWJ:7ywkpCrzsDihw
                  MD5:7AF178E88EFD5D51B59535F51978CB48
                  SHA1:FC09E40B1D75AA9FBC75EC8C30C9F47FD9C46C7A
                  SHA-256:9EF52B7DCAC61AC3DC89D1B89348956D6F2C44234800CACE2323C0CC934A9BD5
                  SHA-512:EF81FC47C5B1E3E886D4806FE0ED8E61D080D799E31922079C68FC55DD7B1B8244649554BADAD1D587BE7D3849D6A63A35FE62E3BBFE778761B2DA09237343EC
                  Malicious:false
                  Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 3, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 3
                  Category:dropped
                  Size (bytes):57344
                  Entropy (8bit):3.293396857874779
                  Encrypted:false
                  SSDEEP:192:/edRBGVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:/eUci5H5FY+EUUUTTcHqFzqFP
                  MD5:91601BBC3677DB9834BECC24318AD3CC
                  SHA1:CE72912344427A173555C0ADD971A7623EACEC1A
                  SHA-256:20A12CEB4CDD754337B5C8D377C157BF3249F63B3B3F3DB2E9F7FFBA9C2897B6
                  SHA-512:35FE8C6B68BBA103B627F880B313AD143D9D824D90C4D5C54F755C29507112A1B905F50C62E7A696776AD3F5D58E3F3012793CB0B7C3E1A27604DDEEC3BE303A
                  Malicious:false
                  Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):8720
                  Entropy (8bit):2.200660004465043
                  Encrypted:false
                  SSDEEP:24:7+tjiMEWewKuqLazkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmfB:7MjrUuqemFTIF3XmHjBoGGR+jMz+LhJ
                  MD5:1DF733A238B1DF428EBEC2BF62C6B895
                  SHA1:2C34E50237A5504B1E3F07269CF722235E680D12
                  SHA-256:2419262B19EE6B3D84BC93885760F92AD0FCD83A532935362F0FF98010A51416
                  SHA-512:B51E164ADC4FCA0C47FAE7B41F1116A4CBF8ED2D02DBBE94A665976DA349F22FE8C0BB863BBA4A2FCFB372E5453CB9F18EBA004F8022092025F4EAE9E31A9A59
                  Malicious:false
                  Preview:.... .c...../P._........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 1, database pages 23, cookie 0x11, schema 4, UTF-8, version-valid-for 1
                  Category:dropped
                  Size (bytes):94208
                  Entropy (8bit):0.9951370817377893
                  Encrypted:false
                  SSDEEP:192:hxoGsTzoU2uCTaUxmaAxNoGsTzoU2uCTaUxoALZWLGjZ5Pj5vHAxNoGsT:hZgCeNgCaN
                  MD5:DCD066A1C8CA38D94ACA4E5DF6CA20BF
                  SHA1:0C670E7CB31FE1CFD952082C3629AD8861BFD799
                  SHA-256:E484D26709945669E18A3D0A7F95E3EA943D4170736EDD8FEDFE3F69A7B8D25E
                  SHA-512:C07D385DB9B836F106E1951FDCD911D7FFF44AAE6EE7406CA665B211236E8ABE3395789E10200644343779983E9AD7B5E484B3B1567CA6EAB890A88E4FF9500B
                  Malicious:false
                  Preview:SQLite format 3......@ ..........................................................................c......................7...4.....d...k.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z...-%.qindexdependencies_diddependencies.CREATE INDEX dependencies_did o

                  C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer-journal

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.28109187076190567
                  Encrypted:false
                  SSDEEP:3:7FEG2l/NAv/lFll:7+/l/N
                  MD5:B69EF77B9B9372FB97BC938CE229E088
                  SHA1:39BA998FCE5A6F655D4FD8281F492BB7ED998E28
                  SHA-256:901F96CC32581921A11C774C3CC8487088565BAACE4D35AF32BE9EC2FFECCF17
                  SHA-512:B29C5DA9A994CDBBE8EA2EF7A2D57448F648CF9A45C7D209A634773E7F902F8BCA3D69851F7F5E94BCD96D9885E5A97E5F5F0D9EC9F44061B89B538EA4908D96
                  Malicious:false
                  Preview:.... .c........A................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:Certificate, Version=3
                  Category:dropped
                  Size (bytes):1391
                  Entropy (8bit):7.705940075877404
                  Encrypted:false
                  SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                  MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                  SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                  SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                  SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                  Malicious:false
                  Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):192
                  Entropy (8bit):2.7673182398396405
                  Encrypted:false
                  SSDEEP:3:kkFklZkN/XfllXlE/HT8kjXh/XNNX8RolJuRdxLlGB9lQRYwpDdt:kK4T8qxVNMa8RdWBwRd
                  MD5:D36FB66E41309508B1CD1AF698971B6F
                  SHA1:583283F69D553F64112FC9F850D2A36832ED504F
                  SHA-256:08D09C0FBB41E942A5D212B458E4404D93DBAACCAD4359F4B980EC4DBE397CB7
                  SHA-512:6C385457EAB876635526CEF65B3287A3FE2D048CAE04AC79F25686DA0E51A55771FC21093660EB98EB12F8578756378605570C28EF713A9E0094B57E60524CE2
                  Malicious:false
                  Preview:p...... .........B.T....(....................................................... ..........W.....H..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):227002
                  Entropy (8bit):3.392780893644728
                  Encrypted:false
                  SSDEEP:1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
                  MD5:87EDBEE38F56C20298F25D5D3D4D1B5C
                  SHA1:7F904E9615AC3186A87472EF366DD8202855B0B7
                  SHA-256:A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
                  SHA-512:BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
                  Malicious:false
                  Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):295
                  Entropy (8bit):5.321942690018879
                  Encrypted:false
                  SSDEEP:6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJM3g98kUwPeUkwRe9:YvXKXaUYpW7qUBGMbLUkee9
                  MD5:0E6CE6336DEE5F9965C94200566FBBD5
                  SHA1:DEC02951A747FEEC343DD0FCCB7DADEE5AE21395
                  SHA-256:2E14C580445A10F202A843D79FD8ED3B97BA6967B4C5C7C64119218DABF5FF4C
                  SHA-512:0BBC4EDA7B90CC2B1D830871F742181FDB17951F4204DDA3F95DABD4FB0F7B9BF8CDA8FD7AA5A62EC1D00D58C0B043AE794A5FE4BE74C85B25AE617F8634F647
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):294
                  Entropy (8bit):5.258506168785907
                  Encrypted:false
                  SSDEEP:6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfBoTfXpnrPeUkwRe9:YvXKXaUYpW7qUBGWTfXcUkee9
                  MD5:2053A0EB88B01E564E096F5962644CC3
                  SHA1:D99C5F95E0B4BFA5E5E81BED037AFF3416735DC6
                  SHA-256:7EEA2CA91533C580B6AD50F050308755CCA3384A9C2B07689BBBEEE1863CEE25
                  SHA-512:0E364A42B6377071335F2A9424E4A12F8DE2680136CBABAC84A9A4B0C0D0F04EAE698AFD107E3FC8C9508B5F36A3FE1509BAB37EED28AA69346FB0D1375A5904
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):294
                  Entropy (8bit):5.237773962700577
                  Encrypted:false
                  SSDEEP:6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfBD2G6UpnrPeUkwRe9:YvXKXaUYpW7qUBGR22cUkee9
                  MD5:E5753CF97849019E6D22C2A67373E15C
                  SHA1:92700E2794763FE05C84518E22E180C8C949ECBE
                  SHA-256:17920BD587AE3F63A349EF445FA7AA7714DA6E1699205412918723D69A256F8D
                  SHA-512:188D8A2420C7723613637D3B7FAA7C8D4A1EAC6061843C0894AA53719400CEF866699DD2B93DD711EC0E1C29F0D7F8149CBDCA953552B7A108B1093B1453F935
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):285
                  Entropy (8bit):5.299382209907963
                  Encrypted:false
                  SSDEEP:6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfPmwrPeUkwRe9:YvXKXaUYpW7qUBGH56Ukee9
                  MD5:C760954E7184A66C456BB8F49CAD4B53
                  SHA1:5D7B328DE2B9E2A12AE90C8058F5896578F8EA57
                  SHA-256:E035AADFD71B940B3F22B701DD2719DD13FBAC2120CD2C3E408D1DBFA71C8343
                  SHA-512:FA4F26512819BCB33DA388FE37ED1A7AC8D5E3FC6CD4AAD045231528ABCE551D98E876C7E87CAB0973C31A4A4C40341D91043944856187F955F5E0D5AD3E9384
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):1083
                  Entropy (8bit):5.675058082374647
                  Encrypted:false
                  SSDEEP:24:Yv6XuiepLgE6c3UDx7nnl0RCmK8czOCY4wgSFJ:Yvmehg1JaAh8cvYvFFJ
                  MD5:747117D6F7F858133CA8BBA02EF8B2A8
                  SHA1:9A3658B1689DAA18CD7FBA63E6573D497328EA29
                  SHA-256:BF231659BF523676A0C54ED4B1EA9C7FFCA3A41CBCF88C34A8624DA84EE840F8
                  SHA-512:F6FEA161AAAF52BE57CEEEEAA1BF031817279E6605D168BC5B2D11A612D8F01131D5271314F73EEDF4E0B6B7E4D5241587619F052394B01488886788B4C27111
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"22b145c0-22bc-4bba-811f-7234f288595b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ29udHJvbCJ9","dataType":"applicatio

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):1050
                  Entropy (8bit):5.6462935150509335
                  Encrypted:false
                  SSDEEP:24:Yv6XuiIVLgEF0c7sbnl0RCmK8czOCYHflEpwiVoJ:YvmIFg6sGAh8cvYHWpwFJ
                  MD5:675F2EF667BEA1D9F9E09F2C7D6B58CA
                  SHA1:2A8FF36CFB2E2F8486019C404891D33666F65CF7
                  SHA-256:49C001C1929102616474A26D48A8B594F0D1D79D353B023A772E55BDDDCD5B55
                  SHA-512:F6B8D617513C004EA903CDAE26E2BBD452177B7EA37D03F4A04DBE5913DE45B720FCA1F97026BC88BB568962D3AA7C64437AFC117D382F9B0EA8DE63B42CC5BB
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):292
                  Entropy (8bit):5.243498723191749
                  Encrypted:false
                  SSDEEP:6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfQ1rPeUkwRe9:YvXKXaUYpW7qUBGY16Ukee9
                  MD5:327B3EF1E1C00B1972E991C3AA047FF5
                  SHA1:45632B5A1127775934BB0C10AC00D954DDDBA853
                  SHA-256:23DB8B2EEE321C7E4BCF0E56447801275ED4A1F24A4E71A5D821216E03085637
                  SHA-512:840EA7019A314E15127ED869D495A8D97E55A038B4D923752EC15970CC85FB58BB79F8518CC0C06CFEDD7EE6F46BE46B92C56D84C2B628FEA734B271FDA14662
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):1062
                  Entropy (8bit):5.683663704727535
                  Encrypted:false
                  SSDEEP:24:Yv6XuiN2LgE4cq/S70nl0RCmK8czOCAPtciGSFJ:YvmNog9ohAh8cvA3FJ
                  MD5:F2CF077C37FFAD6BB5FDA67B7615EF4F
                  SHA1:EBC6F630AA93953921B4E0922D04C6189A777782
                  SHA-256:4C28CE7ADE74BF58025A5248C40B72B2FFBA7C896EF61080769CE1160BB58C3F
                  SHA-512:AED4F05A90850F8B5986B9DBA4A222D59688E4C51078B430BF756117BFB9E297B02F8EAD6B9EAD0B6D1EBE989152C50615C5E6ED52C89A8263FEF50B72BF1955
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"58886bd3-acd7-4f84-ae2e-6684bc127c41","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application\/json","encodingSch

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):1164
                  Entropy (8bit):5.695383975912937
                  Encrypted:false
                  SSDEEP:24:Yv6XuilKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5oJ:YvmlEgqprtrS5OZjSlwTmAfSKWJ
                  MD5:F7D92C6ABF0DA807FA6205645125F5B2
                  SHA1:9C7EABA7D96AF87665B3FCD5171E279A7FEDE31F
                  SHA-256:CF2976C3EB524384FFF7BA5877343C9432A0991FFA308161554703B5ED533A37
                  SHA-512:663762D7B4310CE3B225D592E361D121DD039426B507E2298EFFFA874ECC7B5A03F57441BB24FC85F3417E76A73DC223E133FA1946E79DF18FAC2356BEA97B3F
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):289
                  Entropy (8bit):5.249107018274576
                  Encrypted:false
                  SSDEEP:6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfYdPeUkwRe9:YvXKXaUYpW7qUBGg8Ukee9
                  MD5:63CAE4D7C81C25D31038C930264DD6C6
                  SHA1:B7EB6087C32DAFDE547AE1BC36E510650C3FB023
                  SHA-256:5759D4B1AC91970018FDFF92682B7A4837D8842C008D53557BC3642590814AD3
                  SHA-512:25DDF5EFED76631285589A2B63C1B397E8A681E752CBF706A46ABFF3F2857EF403DCFFFAFA7F5D94D9E08661155FF525CD647A44534C2D5E59747348CB9FA85F
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):1395
                  Entropy (8bit):5.771004789011649
                  Encrypted:false
                  SSDEEP:24:Yv6XuiYrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNw2:YvmYHgDv3W2aYQfgB5OUupHrQ9FJW2
                  MD5:50BFDE366144BC85B7BE3D0B0A528719
                  SHA1:4A9C765ACB2C38DF37620607F6C08C7F8D12A5F3
                  SHA-256:76F52F8B24BA2BB7332103BCBC6D35118E838D8C7265D78E29D06095F21D6575
                  SHA-512:98115F41D034A88E6A1FB920462035E247DA81285149815D194426EF478D30FA0F3BD65D32ECA11BF2E6587799D8EC083E07D999DA37101ED8C9A40B4258F138
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):291
                  Entropy (8bit):5.233003895891569
                  Encrypted:false
                  SSDEEP:6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfbPtdPeUkwRe9:YvXKXaUYpW7qUBGDV8Ukee9
                  MD5:B2C8D531B1161F6744AFD5EF4F799BFB
                  SHA1:0C6D3A911F2E67593217270F2A1C659E70657B10
                  SHA-256:A90FC382AFC12647FE92DBAC8DA2DB4077D2074ECD36758FA9F32C7957F95236
                  SHA-512:A14212F51621A82EB0014DA14A565DC648920C42D64F4614CE2C137669C2E9F026FB75577B73894B8F3894BFC1369A78AA1931DFBDA8A919B72E4F4817E5D5E3
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):287
                  Entropy (8bit):5.234268545893814
                  Encrypted:false
                  SSDEEP:6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJf21rPeUkwRe9:YvXKXaUYpW7qUBG+16Ukee9
                  MD5:C6A7C904E6F37589E557FE4BC89D9EFB
                  SHA1:6050D7FBEF18D597C506E89F64DDDC90C1B431F5
                  SHA-256:F6F54AFE50A4356FBEF40A1018F8FE8A40697080706EBAE57F51408B04D620C9
                  SHA-512:4ADFF7A8D673BB1B8C84FF1FB87D5FA77BAF566A0E2B014033249C8A325CFBC2A90D979A7A2A60CD078550FBB14327DD6740C96554221521825AB86AF177A4BA
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):1082
                  Entropy (8bit):5.679138297370147
                  Encrypted:false
                  SSDEEP:24:Yv6XuiCamXayLgE7c9O47Naqnl0RCmK8czOC+w2E+tg8GSFJ:YvmcBgZNOAh8cv+NKMFJ
                  MD5:8F8D5C983F195C4FFEE6609E35F88832
                  SHA1:837613690D774FDE38C43074550EC153605773C4
                  SHA-256:BD36C88CF191474DB8F00C6F27B4ADADCC87E460594539DE9DFB9F0F512ADE7D
                  SHA-512:29E122638021EA4C59DED65FEF727F2792C0947C63ECEE72AD1AE35FF5C7BED1D8C096C4548533BD6B8379E9D549EF0650A09EF755BA400DA3B27F7F22F30E65
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"a8b11c37-7d39-4b12-9d33-a040ee4d296b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):286
                  Entropy (8bit):5.207844432438167
                  Encrypted:false
                  SSDEEP:6:YEQXJ2HXmMkx+FIbRI6XVW7+0YGBqUyoAvJfshHHrPeUkwRe9:YvXKXaUYpW7qUBGUUUkee9
                  MD5:A04E056F5483BD57A9A14AD269353FA6
                  SHA1:6100909D7D0647C01CF2358935CE2EC6AFF9B62A
                  SHA-256:F522493B6DA77EE6BF29E0B2F55A1E5F1844378FBBC1C5F8B3CC80B9AD503E2B
                  SHA-512:9FD204AE25C203D0CA2FD73A300A16AF10FEF0D5C6A9515F654C0F639473CE54DB674CB13719BDAACEECAF88F3279371717802599BE0D63A491633B7CA229A7C
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):782
                  Entropy (8bit):5.356265466240517
                  Encrypted:false
                  SSDEEP:12:YvXKXaUYpW7qUBGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWEJ:Yv6XuiV168CgEXX5kcIfANhFJ
                  MD5:ED4BA1E0531788796C6CA570FBB7756B
                  SHA1:5EC46100F9EAD168915B33FE5D74B8160DB636F2
                  SHA-256:573D4A429B8B4CBD86CCC60F77CCA817E72079E118F619CB988DE42DBFDD1FE8
                  SHA-512:C9FF25ACF62BE9600D2E2B3501DEB10E94AB076E972B5674A5E9CC0447D6A5F2F51DFEF0881BE7ABF5295DE58DBDE2D56973FC5F75A4238E45E7943248558EF8
                  Malicious:false
                  Preview:{"analyticsData":{"responseGUID":"dc0a2678-daea-44f0-9d09-f952e26610e4","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1728519582314,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728339717344}}}}

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):4
                  Entropy (8bit):0.8112781244591328
                  Encrypted:false
                  SSDEEP:3:e:e
                  MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                  SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                  SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                  SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                  Malicious:false
                  Preview:....

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:JSON data
                  Category:dropped
                  Size (bytes):2818
                  Entropy (8bit):5.132125859421983
                  Encrypted:false
                  SSDEEP:48:Y3hCLhjRcpjBjoY+UHOFyHZ3NG0rklVJ1+jqA6Lun9YLvfE:ACLZ2pjBr+UHOFyHZ3NG0rMIjqAcMYLk
                  MD5:D58D39118D386F1CC0CCEE75BC4C1095
                  SHA1:82B884DE9D5A7646CBCE4DC6A44DBC822DD6FD53
                  SHA-256:1CD1BF9ABD042B7A840975A4A2776D9BC824B23BC2DC901B9C98F90AC70160DA
                  SHA-512:778D695E98035127AF66C7ECE3971DF72F83F41763807E84DBA473FE523D180F94DA322784E0F83A01D17B7EDC96E4A96A2F92BC976937ABE26FE6345BEDF006
                  Malicious:false
                  Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"07fc9fea01f858d565bf2d14424acfdd","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728339716000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"e0e9a92dccbd2f7cf4478065752254ae","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728339716000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"d84c895f500ade32db3b9a9640c300fc","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1082,"ts":1728339716000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"b3906759e9c6c8e787023c28497afb92","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1083,"ts":1728339716000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"dc39e6eaaf959e911a9a1cf475520db4","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1062,"ts":1728339716000},{"id":"Edit_InApp_Aug2020","info":{"dg":"8aa55dcc6f4abef45042fddc9e7035a4","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 30, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 30
                  Category:dropped
                  Size (bytes):12288
                  Entropy (8bit):1.122587178519227
                  Encrypted:false
                  SSDEEP:48:Tll2GL7msCQAFAyTAOnZU3ZE1m3Adc3ul/3g:fVmsMCfrPwyeNw
                  MD5:F1CFD7B0D614D7D28947BF0D14CCDB32
                  SHA1:162736B8F739E414756BC08C99F611DDAB1BFC6A
                  SHA-256:5FEC2781961DA7CE6E5EBD5E70E88B3F225F9925FD495755A493C70815840C5E
                  SHA-512:8360A502736CD709EBEA945792F59CC2FC38FE64013A79D13B6C2079DBC90C9C59DD66575700B8090F0BCF51A03D22FC8AE37150D84C7521940E6FC4E606EF1F
                  Malicious:false
                  Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:SQLite Rollback Journal
                  Category:dropped
                  Size (bytes):8720
                  Entropy (8bit):1.4480436581441047
                  Encrypted:false
                  SSDEEP:48:7MiAyTAOnZU3ZE1m3Adc3ul/3Gq1l2GL7ms6:7IfrPwyeNW6Vms6
                  MD5:FC16D769099DA18E2591DB667E915F1D
                  SHA1:6D1D1A3DC199F414FEA1B2283B83B8E3237D16EE
                  SHA-256:851971C9AF3ED67E4FD148D8B27B103E657D3B8AE303F660D701CF60680C9218
                  SHA-512:A1B5A2E122C579FC7D491C9A5F414AC6C5190ACC3E8F9B6B70675564C6E8F5C72155F97E3FAAC351E45AA892F37A7E2DEBE5DCFD482503DE3F3150D8C82C8FEB
                  Malicious:false
                  Preview:.... .c......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................-.....8.....j.....t.0......................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\MSI96291.LOG

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):246
                  Entropy (8bit):3.4965336456103326
                  Encrypted:false
                  SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqFQlYH:Qw946cPbiOxDlbYnuRKTiYH
                  MD5:FB9C9E2D69173E6436159FF857280DCD
                  SHA1:18D3A96AFF484D1848D4DA07E9A195F1B423CA01
                  SHA-256:880EE49ED5DCAF948EB28AD9483E9C3CCD7D9DC10F79F6B18142E9E978FC4F94
                  SHA-512:E8233419B6EBF33BEB822C1553B1E2ED1A054183F150F46C938C13B163D4B8CE6BED19AA248A7DD491A76E046B4A88550A7D33D2777B526B8ED3F45BA4DE9DE2
                  Malicious:false
                  Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.8.:.2.2.:.0.0. .=.=.=.....

                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\A910kwo7h_17dcpi8_4wc.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:PDF document, version 1.6, 0 pages
                  Category:dropped
                  Size (bytes):358
                  Entropy (8bit):5.0645273377563065
                  Encrypted:false
                  SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROO/CCSyAAO:IngVMre9T0HQIDmy9g06JXqlX
                  MD5:F58D5C277415F8A86E9D1D42A518B80A
                  SHA1:9F045FDB4B8F84352F7B1E416558E6CEB065F3CF
                  SHA-256:43B4603FCDA62203D88932A78D6C8C39327D1C6741EBC87374F93875D3016F72
                  SHA-512:1638506AAF09AF6C48B9501CACB14111353D82DBE5F398CBFF701AB404ACD623CA6744A82F13E03A9D9736C9FF464FA659931C0DAE2D1B1E0E59BC22930633B8
                  Malicious:false
                  Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<08BC933269F2CE479EEFDFAF21362CE2><08BC933269F2CE479EEFDFAF21362CE2>]>>..startxref..127..%%EOF..

                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\A91pmr227_17dcpig_4wc.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
                  Category:dropped
                  Size (bytes):144514
                  Entropy (8bit):7.992637131260696
                  Encrypted:true
                  SSDEEP:3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
                  MD5:BA1716D4FB435DA6C47CE77E3667E6A8
                  SHA1:AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
                  SHA-256:AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
                  SHA-512:65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
                  Malicious:false
                  Preview:PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..|....,.A.....Z..a<.C._..../G|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-21-51-088.log

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ASCII text, with very long lines (393)
                  Category:dropped
                  Size (bytes):16525
                  Entropy (8bit):5.376360055978702
                  Encrypted:false
                  SSDEEP:384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
                  MD5:1336667A75083BF81E2632FABAA88B67
                  SHA1:46E40800B27D95DAED0DBB830E0D0BA85C031D40
                  SHA-256:F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
                  SHA-512:D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
                  Malicious:false
                  Preview:SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ASCII text, with very long lines (393), with CRLF line terminators
                  Category:dropped
                  Size (bytes):15114
                  Entropy (8bit):5.318136156577099
                  Encrypted:false
                  SSDEEP:384:KLikOkxkmkqkNkilRpRURsRnRxR6v3oZoPoJVSVKW/WWWybW50WaWwQdXNXjXvKF:XPa
                  MD5:45BFEEA466147FF581ED2E3C381A8A40
                  SHA1:DE150B0D1EC6151680687C8BD9CC06BBA93173E0
                  SHA-256:52BE775B6B39BAE59F97A52B9D0142068BDEAAA1F7CAD42F61DE7A2C6B2A457D
                  SHA-512:3010CE14CB39F84DF7AB15EECE7E838A9D17D2D7C7EE73F4EA975D3F51E40E71A7A6EDC5AA6BD6893CFD08C7953F48006C061D4AF892F8B6DC0C5782E48B2635
                  Malicious:false
                  Preview:SessionID=931964a7-11b4-4e16-a35c-3a22f5d2e010.1728339711121 Timestamp=2024-10-07T18:21:51:121-0400 ThreadID=7112 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=931964a7-11b4-4e16-a35c-3a22f5d2e010.1728339711121 Timestamp=2024-10-07T18:21:51:122-0400 ThreadID=7112 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=931964a7-11b4-4e16-a35c-3a22f5d2e010.1728339711121 Timestamp=2024-10-07T18:21:51:122-0400 ThreadID=7112 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=931964a7-11b4-4e16-a35c-3a22f5d2e010.1728339711121 Timestamp=2024-10-07T18:21:51:122-0400 ThreadID=7112 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=931964a7-11b4-4e16-a35c-3a22f5d2e010.1728339711121 Timestamp=2024-10-07T18:21:51:122-0400 ThreadID=7112 Component=ngl-lib_NglAppLib Description="SetConf

                  C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):29752
                  Entropy (8bit):5.399101907464125
                  Encrypted:false
                  SSDEEP:768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb7:n
                  MD5:82CFAC9E0D65168688FE8ED777BFBD6A
                  SHA1:4DAA3FD6F0D9541BC28F2842F032F71EDD15C0F7
                  SHA-256:9CCB5F34B2E3135D85333B4DAF7D464B89D47F493E36FEB454EF50C60992D02D
                  SHA-512:836218BCD6742A5B56567731085A295DD5FC0838A309B75D94C5B7D59A70DC9B4E15458F8A7EB8A009CB1C29F9A8AA89930102504500BFDFE9A2836F41A8B9CA
                  Malicious:false
                  Preview:04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

                  C:\Users\user\AppData\Local\Temp\acrocef_low\1ece06d6-8e37-4386-92d8-5ac163533c6c.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                  Category:dropped
                  Size (bytes):1419751
                  Entropy (8bit):7.976496077007677
                  Encrypted:false
                  SSDEEP:24576:6D0WL07oXGZuwYIGNPJNdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:c0WLxXGZuwZGh3mlind9i4ufFXpAXkru
                  MD5:8BB0FA47E49F27DE069D5487A9A84EF3
                  SHA1:CE5CEA72D4D36F77C3057920EA61D280E66C6067
                  SHA-256:59D05E069918050C54C570005FAD7FB3918D9882759A54BDA30EA71A199893D1
                  SHA-512:6C015030D629B0E262B47194D38D48B327FE18F7836210CAE6A71800720D7563FEA529F71596A11CD3A833490F0097D69EB96C80E64AEAB410759B45C5EEF24E
                  Malicious:false
                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                  C:\Users\user\AppData\Local\Temp\acrocef_low\b1c8ff15-d39e-4ddc-ae96-1e7b0f8a80c5.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290
                  Category:dropped
                  Size (bytes):1407294
                  Entropy (8bit):7.97605879016224
                  Encrypted:false
                  SSDEEP:24576:/VRbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07WWL07oXGZnYIGNPJF:tRb3mlind9i4ufFXpAXkrfUs0qWLxXGY
                  MD5:9543A6C1DE815E938F6AA0F90F2EF0C6
                  SHA1:62B527E0463D71548862DE000950E638F3721582
                  SHA-256:8A4B4F588D79D2AF9E617936932D8264DF9017D80A68F8D39E5EA36B14D76F1D
                  SHA-512:50A26B895BA1F40B2ADE59996A1A89EBAFE67CB9F7B4F3A029382B6966E75F8BAD3551D25F29391C58A7EDC206F7DAF1D07F68F5E458E3A5D02556EACA377B0D
                  Malicious:false
                  Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                  C:\Users\user\AppData\Local\Temp\acrocef_low\b35ee3df-6683-4531-b949-634a6812bb1c.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                  Category:dropped
                  Size (bytes):758601
                  Entropy (8bit):7.98639316555857
                  Encrypted:false
                  SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                  MD5:3A49135134665364308390AC398006F1
                  SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                  SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                  SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                  Malicious:false
                  Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                  C:\Users\user\AppData\Local\Temp\acrocef_low\bcbe10cb-50b2-4424-a75a-d649e7ffb5cc.tmp

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                  Category:dropped
                  Size (bytes):386528
                  Entropy (8bit):7.9736851559892425
                  Encrypted:false
                  SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                  MD5:5C48B0AD2FEF800949466AE872E1F1E2
                  SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                  SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                  SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                  Malicious:false
                  Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                  C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):24
                  Entropy (8bit):3.66829583405449
                  Encrypted:false
                  SSDEEP:3:So6FwHn:So6FwHn
                  MD5:DD4A3BD8B9FF61628346391EA9987E1D
                  SHA1:474076C122CACAAF112469FC62976BB69187AA2B
                  SHA-256:7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
                  SHA-512:FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
                  Malicious:false
                  Preview:<</Settings [/c <<>>].>>

                  C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):98682
                  Entropy (8bit):6.445287254681573
                  Encrypted:false
                  SSDEEP:1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
                  MD5:7113425405A05E110DC458BBF93F608A
                  SHA1:88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
                  SHA-256:7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
                  SHA-512:6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
                  Malicious:false
                  Preview:0...u0...\...0...*.H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...*B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

                  C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):737
                  Entropy (8bit):7.501268097735403
                  Encrypted:false
                  SSDEEP:12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
                  MD5:5274D23C3AB7C3D5A4F3F86D4249A545
                  SHA1:8A3778F5083169B281B610F2036E79AEA3020192
                  SHA-256:8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
                  SHA-512:FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
                  Malicious:false
                  Preview:0...0.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0...*.H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R*.......~....)....i.*n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

                  C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

                  Download File
                  Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  File Type:ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
                  Category:dropped
                  Size (bytes):14456
                  Entropy (8bit):4.2098179599164975
                  Encrypted:false
                  SSDEEP:192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ
                  MD5:32FCA302C8B872738373D7CCB1E75FD4
                  SHA1:DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1
                  SHA-256:CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6
                  SHA-512:57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F
                  Malicious:false
                  Preview:%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R]/NextID 1006/Type/AddressBook>>/Type/PPK/User<</Type/User>>/V 65537>>/Type/Catalog>>.endobj.2 0 obj.<</ABEType 1/Cert<308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F74204341301E170D3033303130383233333732335A170D3233303130393030303732335A3069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CC4F5484F7A7A2E733537F3F9C12886B2C9947677E0F1EB9AD1488F9C310D81DF0F0D59F690A2F5935B0CC6CA94C9C15A09FCE20BFA0CF54E2E02066453F3986387E9CC48E0722C624F60112B035DF55EA6990B

                  Static File Info

                  General

                  File type:PDF document, version 1.6 (zip deflate encoded)
                  Entropy (8bit):7.751398901511949
                  TrID:
                  • Adobe Portable Document Format (5005/1) 100.00%
                  File name:New Vendor Setup Form (1).pdf
                  File size:1'174'035 bytes
                  MD5:a5e16d4ae1897b79c40b974a9a87cbb7
                  SHA1:459c04f1ef78bc954f79ae72005c6535367ce7a6
                  SHA256:bde712d7f3521fb86d53826f9de2b96d744cd6692f3334fb80861dd4cc299c7c
                  SHA512:d2cccdae23fbbb5e7404bb2a8038f08abc68b000297f0038b4fbec562e549963ee447825e45475b56dd06b4df621fc9fa248c8376ef5bee7a187c7934258dc30
                  SSDEEP:24576:6ikxQKzB2kq1/EBsWRY6RGOFNSbdRjBRz:6ikxQKVjq1/EBlY6XFMbd9BRz
                  TLSH:D545CF3CEAE9EA8DF4B2C374A6745AD057CDE33777246551386C0B460292D80F6CB39A
                  File Content Preview:%PDF-1.6.%......184 0 obj.<</Filter/FlateDecode/First 345/Length 6572/N 37/Type/ObjStm>>stream..h..[.o.I..W.1."..~...N.L|.y\.LfV...j;...W.g........VK..L.n...t....b.H...J..@*3..Ri.Vk*..ZI.....a.D.2.......9O..x.R.b.{j.#u..@Z.Ujz....@......%D.n.+%4..H.,!#.._

                  File Icon

                  Icon Hash:62cc8caeb29e8ae0

                  Static PDF Info

                  General

                  Header:%PDF-1.6
                  Total Entropy:7.751399
                  Total Bytes:1174035
                  Stream Entropy:7.853497
                  Stream Bytes:1012050
                  Entropy outside Streams:5.027659
                  Bytes outside Streams:161985
                  Number of EOF found:34
                  Bytes after EOF:

                  Keywords Statistics

                  NameCount
                  obj651
                  endobj651
                  stream303
                  endstream303
                  xref0
                  trailer0
                  startxref34
                  /Page34
                  /Encrypt0
                  /ObjStm11
                  /URI0
                  /JS0
                  /JavaScript0
                  /AA0
                  /OpenAction0
                  /AcroForm1
                  /JBIG2Decode0
                  /RichMedia0
                  /Launch0
                  /EmbeddedFile0

                  Image Streams

                  IDDHASHMD5Preview
                  500000000000000001f0a22aa294e2ed6c93668e7c43ab78a
                  600000000000000001f0a22aa294e2ed6c93668e7c43ab78a
                  23080c4d0c1d551f16822931cf5760766cfe6d997939e8d2e6
                  117080c4d0c1d551f163efa89bcf6eb73ab6e89ff77ee163500
                  1180000000000000000966d56fdf2e97fbe4244afca77c7842c

                  Network Behavior

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Oct 8, 2024 00:22:02.015521049 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.015553951 CEST4434978023.217.172.185192.168.2.5
                  Oct 8, 2024 00:22:02.015738964 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.015881062 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.015891075 CEST4434978023.217.172.185192.168.2.5
                  Oct 8, 2024 00:22:02.560108900 CEST4434978023.217.172.185192.168.2.5
                  Oct 8, 2024 00:22:02.560450077 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.560462952 CEST4434978023.217.172.185192.168.2.5
                  Oct 8, 2024 00:22:02.561661959 CEST4434978023.217.172.185192.168.2.5
                  Oct 8, 2024 00:22:02.561738014 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.568284035 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.568439007 CEST4434978023.217.172.185192.168.2.5
                  Oct 8, 2024 00:22:02.568536043 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.568547964 CEST4434978023.217.172.185192.168.2.5
                  Oct 8, 2024 00:22:02.612771988 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.674928904 CEST4434978023.217.172.185192.168.2.5
                  Oct 8, 2024 00:22:02.675750017 CEST4434978023.217.172.185192.168.2.5
                  Oct 8, 2024 00:22:02.675816059 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.676309109 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.676326036 CEST4434978023.217.172.185192.168.2.5
                  Oct 8, 2024 00:22:02.676336050 CEST49780443192.168.2.523.217.172.185
                  Oct 8, 2024 00:22:02.676374912 CEST49780443192.168.2.523.217.172.185

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Oct 8, 2024 00:22:01.575412035 CEST5475853192.168.2.51.1.1.1
                  Oct 8, 2024 00:22:15.207312107 CEST5507953192.168.2.51.1.1.1
                  Oct 8, 2024 00:22:16.591937065 CEST53551651.1.1.1192.168.2.5
                  Oct 8, 2024 00:22:20.653425932 CEST5349967162.159.36.2192.168.2.5
                  Oct 8, 2024 00:22:21.097131014 CEST53541491.1.1.1192.168.2.5

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Oct 8, 2024 00:22:01.575412035 CEST192.168.2.51.1.1.10x7c4cStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false
                  Oct 8, 2024 00:22:15.207312107 CEST192.168.2.51.1.1.10x9f2aStandard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Oct 8, 2024 00:22:01.584049940 CEST1.1.1.1192.168.2.50x7c4cNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                  Oct 8, 2024 00:22:15.215476990 CEST1.1.1.1192.168.2.50x9f2aNo error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false

                  HTTP Request Dependency Graph

                  • armmf.adobe.com

                  HTTPS Proxied Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.54978023.217.172.1854434508C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  TimestampBytes transferredDirectionData
                  2024-10-07 22:22:02 UTC475OUTGET /onboarding/smskillreader.txt HTTP/1.1
                  Host: armmf.adobe.com
                  Connection: keep-alive
                  Accept-Language: en-US,en;q=0.9
                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                  Sec-Fetch-Site: same-origin
                  Sec-Fetch-Mode: no-cors
                  Sec-Fetch-Dest: empty
                  Accept-Encoding: gzip, deflate, br
                  If-None-Match: "78-5faa31cce96da"
                  If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
                  2024-10-07 22:22:02 UTC198INHTTP/1.1 304 Not Modified
                  Content-Type: text/plain; charset=UTF-8
                  Last-Modified: Mon, 01 May 2023 15:02:33 GMT
                  ETag: "78-5faa31cce96da"
                  Date: Mon, 07 Oct 2024 22:22:02 GMT
                  Connection: close


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:18:21:35
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\New Vendor Setup Form (1).pdf"
                  Imagebase:0x7ff686a00000
                  File size:5'641'176 bytes
                  MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:2
                  Start time:18:21:35
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:false

                  General

                  Target ID:3
                  Start time:18:21:36
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1472
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:false

                  General

                  Target ID:4
                  Start time:18:21:37
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:5
                  Start time:18:21:38
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=6352
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:6
                  Start time:18:21:39
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:7
                  Start time:18:21:40
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1088
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:8
                  Start time:18:21:42
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:9
                  Start time:18:21:42
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5236
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:10
                  Start time:18:21:44
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:11
                  Start time:18:21:44
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2680
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:12
                  Start time:18:21:46
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:13
                  Start time:18:21:46
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2992
                  Imagebase:0x7ff6964a0000
                  File size:11'469'784 bytes
                  MD5 hash:8A41FC5F946230805512B943C45AC9D8
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:15
                  Start time:18:21:48
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                  Imagebase:0x7ff6413e0000
                  File size:3'581'912 bytes
                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:16
                  Start time:18:21:48
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe
                  Wow64 process (32bit):true
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\FullTrustNotifier.exe" GetChannelUri
                  Imagebase:0xf30000
                  File size:218'280 bytes
                  MD5 hash:92366A2F482926C3D0DD02D6F952F742
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:18
                  Start time:18:21:50
                  Start date:07/10/2024
                  Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2148 --field-trial-handle=1524,i,8648760949684156529,1724978059203320753,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                  Imagebase:0x7ff6413e0000
                  File size:3'581'912 bytes
                  MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  Disassembly

                  No disassembly