Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdf

Overview

General Information

Sample name:Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdf
Analysis ID:1711283
Has dependencies:false
MD5:19948161a10913f4de48ceaeebb3155e
SHA1:17a5affb9a83eed4f119bee171db0d78976ae4a4
SHA256:0076be57d1efb411b083484b92bed90f05767cb3cf43c028019590699b8b8818
Infos:

Detection

Score:3
Range:0 - 100
Confidence:80%

Signatures

IP address seen in connection with other malware
PDF is encrypted
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6348 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6584 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 1028 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2120 --field-trial-handle=1552,i,5071983132029350567,6716144300352404056,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • rundll32.exe (PID: 8160 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

AI Reasoning

No reasoning have been found

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global trafficDNS query: name: x1.i.lencr.org
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.39.37.95:80
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.39.37.95:80
Source: global trafficTCP traffic: 23.39.37.95:80 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.39.37.95:80
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.39.37.95:80
Source: global trafficTCP traffic: 23.39.37.95:80 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 23.39.37.95:80 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 23.39.37.95:80 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.39.37.95:80
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.39.37.95:80
Source: global trafficTCP traffic: 23.39.37.95:80 -> 192.168.2.16:49712
Source: global trafficTCP traffic: 192.168.2.16:49712 -> 23.39.37.95:80
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: global trafficTCP traffic: 23.200.196.138:443 -> 192.168.2.16:49713
Source: global trafficTCP traffic: 192.168.2.16:49713 -> 23.200.196.138:443
Source: Joe Sandbox ViewIP Address: 23.39.37.95 23.39.37.95
Source: Joe Sandbox ViewIP Address: 23.200.196.138 23.200.196.138
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1host: armmf.adobe.comaccept-language: en-US,en;q=0.9user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyaccept-encoding: identity
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.196.138
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1host: armmf.adobe.comaccept-language: en-US,en;q=0.9user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36sec-fetch-site: same-originsec-fetch-mode: no-corssec-fetch-dest: emptyaccept-encoding: identity
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.drString found in binary or memory: http://x1.i.lencr.org/
Source: 132eb6fd-2510-4633-be5f-24a3fbfa0a02.tmp.6.drString found in binary or memory: https://chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: classification engineClassification label: clean3.winPDF@16/50@1/2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6200Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-06-10 12-58-40-789.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2120 --field-trial-handle=1552,i,5071983132029350567,6716144300352404056,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2120 --field-trial-handle=1552,i,5071983132029350567,6716144300352404056,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdfInitial sample: PDF keyword /JS count = 0
Source: Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdfInitial sample: PDF keyword /Encrypt count = 1
Source: Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdfInitial sample: PDF keyword /Encrypt
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Rundll32		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive13
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1711283 Sample: Paradigm-corp_Remittance_Ad... Startdate: 10/06/2025 Architecture: WINDOWS Score: 3 17 x1.i.lencr.org 2->17 19 e8652.dscx.akamaiedge.net 2->19 21 2 other IPs or domains 2->21 7 Acrobat.exe 65 2->7         started        9 rundll32.exe 2->9         started        process3 process4 11 AcroCEF.exe 108 7->11         started        dnsIp5 23 e8652.dscx.akamaiedge.net 23.39.37.95, 49712, 80 AKAMAI-ASUS United States 11->23 14 AcroCEF.exe 7 11->14         started        process6 dnsIp7 25 23.200.196.138, 443, 49713 NOS_COMUNICACOESPT United States 14->25

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    e8652.dscx.akamaiedge.net
    		23.39.37.95
    		truefalse
      		high
      x1.i.lencr.org
      		unknown
      		unknownfalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://x1.i.lencr.org/false
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://chrome.cloudflare-dns.com132eb6fd-2510-4633-be5f-24a3fbfa0a02.tmp.6.drfalse
            		high

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            23.39.37.95
            		e8652.dscx.akamaiedge.netUnited States16625AKAMAI-ASUSfalse
            23.200.196.138
            		unknownUnited States2860NOS_COMUNICACOESPTfalse

            General Information

            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1711283
            Start date and time:2025-06-10 18:57:53 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 4m 23s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:17
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdf
            Detection:CLEAN
            Classification:clean3.winPDF@16/50@1/2
            EGA Information:Failed
            HCA Information:
            • Successful, ratio: 100%
            • Number of executed functions: 0
            • Number of non-executed functions: 0
            Cookbook Comments:
            • Found application associated with file extension: .pdf

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 23.11.208.137, 23.22.254.206, 52.202.204.11, 52.5.13.197, 54.227.187.23, 172.64.41.3, 162.159.61.3, 199.232.214.172, 23.221.236.236, 23.221.236.226, 23.221.236.168, 23.221.236.175, 2.23.227.208, 23.204.23.20
            • Excluded domains from analysis (whitelisted): www.bing.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net
            • Not all processes where analyzed, report is missing behavior information

            Simulations

            Behavior and APIs

            TimeTypeDescription
            12:58:50API Interceptor2x Sleep call for process: AcroCEF.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            23.39.37.95dabrahams-2025-06-06-XATmka.pdfGet hashmaliciousHTMLPhisherBrowse
            • x1.i.lencr.org/
            Surat Pernyataan & Syarat Ketentuan.pdf.lnk.download.lnkGet hashmaliciousUnknownBrowse
            • x1.i.lencr.org/
            RE_0750948247341.pdf.wsfGet hashmaliciousKoadicBrowse
            • x1.i.lencr.org/
            new.batGet hashmaliciousKoadicBrowse
            • x1.i.lencr.org/
            Microsoft-Order.pdf.lnkGet hashmaliciousUnknownBrowse
            • x1.i.lencr.org/
            FA-43-04-2025.pdfGet hashmaliciousUnknownBrowse
            • x1.i.lencr.org/
            RE_00834473899387474.pdf.wsfGet hashmaliciousUnknownBrowse
            • x1.i.lencr.org/
            nborepadiktad.exeGet hashmaliciousWhiteSnake StealerBrowse
            • x1.i.lencr.org/
            gopawdkrjgh.exeGet hashmaliciousWhiteSnake StealerBrowse
            • x1.i.lencr.org/
            RE_00739403029489392_PDF.wsfGet hashmaliciousUnknownBrowse
            • x1.i.lencr.org/
            23.200.196.138Message.emlGet hashmaliciousTycoon2FABrowse
              dabrahams-2025-06-06-XATmka.pdfGet hashmaliciousHTMLPhisherBrowse
                LATUS-engineering_KI-gestuetzte-Qualitaetssicherung_Januar-2025.pdfGet hashmaliciousUnknownBrowse
                  https://u7990385.ct.sendgrid.net/ls/click?upn=u001.oZ6GXC16Ztdw1ob-2F3C5yow-2FsK2YC4S8s269h9OLgp-2FGcQesCtXDXKgCEAF90Sa3OCy4-2F8kjpNgZm-2BgZsMdS1bfz52FcnP1TWB9R0E7-2F8Qnsc-2FB1JorLOHf8hisusJ4QRFAdkzlPlCtQyWV7XFlsorDlGs-2FXFaZtfILNk2CGzhOAh-2FplOBpAwbo8FEcNO6XU5yHNlcED7s9R6vn8NXl8BHGMXjZTaDIh3ednS0qpEYQlkjgdh04lqNlwUYQgfcZcrKvrl_TS1MykV2MfY4erwoSL54Fxruz3oW8XjCJ-2BoN9Zik9lnfuVgJcpfWzpZ2kemqNfDwpv0iQt9S4uySN3znm-2BVhjBDFXpavPbhp3p63OqMKE14K-2B87bgvIyQeft2IA5x5DXtXyea4x7LL3ebnAt5F3iws4moF4GGYx8i-2BOXu7XZjWH0GMPc0EM6lkOWGk0vwG-2FjwXFvt1n9jGbqE-2FkvlQWBREfPj3XI47wSs0OcIXHID47RBGllKyjoFHcTRVuRkeBPBjN4gewg0w8p4bShL-2Fr1YdURDfyviYbMM74eBBFCl2-2Bkr7ZOyuk-2FIHWpgRPOs9m54a1Lfkrfus2zBhCAWlGWoQpBcv6cXnG2svD8IGNmOfy9bqAH2OADQRmihLcQD9oUk5O-2BoVDui4816AM-2FXopyV9cYB0wzX6vtrT4EnW7jL7NESjGPrz7mdcXhfoIZCp4eInnzYxTQ8j8yFsGJ9bUK-2B8vuDffEncAbiSfBMicEq9uiA4Wk3TCDg6UfJl1sr76JQ2RYA4z5fFVT25Euw-2FCbwhWuVAyKUdFPY93NzmJl7ZYlNDPVrAclSb75dsk0rqhTu3ZTtC2bZEtzEALRsZQY4b221BytJlaaeRyyvP75v6ZmCcG7-2Bcl4WZGtsiW4-2FkDth6QE24hsfcLoAtA7pxT9uq-2BmqXz2quvSyk9-2Bm90ngMUEFVmzqJ2woki8fUYvKvsXhpNbl4YAk-2FjCY1SojpHp0OB5Ag9NAjiZCUsHiuxPmqFxotpjfwqx9h-2FIdr9skeRgttV-2FHbMYXeQfXe3eEepIS3L8j4eq-2FvVf5UOGVfefW9MIJOvr9g-2F-2F-2F1x8AnFuX1sjI30oQ-2BqYxjqJrVL0mKpiwZdEJzkC9CnhOyGpYXHtCUMTxDReigPu4J7-2B1wU5hRs85XHg597OD3ghdHNIq2Gd-2BKTtGqA99VnR9kFt3j98yvakP93-2Fxhk-2FLX4oMZzWfEjWvyJEpL17yKlwhsowtC9wvtyctQ09OLV1taCdtJx4wgtsp9tsqzNnyHObFTFv3zLFGet hashmaliciousUnknownBrowse
                    forceGB.exeGet hashmaliciousUnknownBrowse
                      forceGB.exeGet hashmaliciousUnknownBrowse
                        Tax_Docu.docx pif.exeGet hashmaliciousUnknownBrowse
                          Legal_Notice _Letter.pdfGet hashmaliciousHTMLPhisherBrowse
                            Workspace Update.pdfGet hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                              #Ud83d#Udce0+1852 ___ ____ SecureTranscript #55647.pdfGet hashmaliciousUnknownBrowse

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                e8652.dscx.akamaiedge.netMessage.emlGet hashmaliciousTycoon2FABrowse
                                • 23.46.224.249
                                dabrahams-2025-06-06-XATmka.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 23.39.37.95
                                Firstontario_Secure_Distribution_Notice{{8176}}.pdfGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                • 96.6.169.42
                                Mailbox Update_bbellows@glm.ca.pdfGet hashmaliciousHTMLPhisher, PDFPhishBrowse
                                • 96.6.169.42
                                Network 360 Limited.pdfGet hashmaliciousUnknownBrowse
                                • 173.222.253.27
                                Mutual_Confidentiality_Agreement_Advertising.pdf.lnkGet hashmaliciousUnknownBrowse
                                • 173.222.253.27
                                po2230098.xlsx.lnkGet hashmaliciousFormBookBrowse
                                • 173.222.253.27
                                FW_ Project Document Posted_ Contract Adjustment Update for Review_K2M Design_Ref_LEON5.pdfGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                • 96.6.169.42
                                APT35.PS1.ps1Get hashmaliciousUnknownBrowse
                                • 96.6.169.42
                                awb_Dhl_Shipping_documents_delivery_09_06_2025_0000000000000_pdf.lnkGet hashmaliciousXWormBrowse
                                • 96.6.169.42
                                bg.microsoft.map.fastly.nethttps://manage.kmail-lists.com/subscriptions/unsubscribed?cy=YtL8SKGet hashmaliciousHTMLPhisherBrowse
                                • 199.232.214.172
                                SecuriteInfo.com.Win64.MalwareX-gen.17053.7046.exeGet hashmaliciousXmrigBrowse
                                • 199.232.210.172
                                z46yyyuuuuiiiiooooop.exeGet hashmaliciousSnake KeyloggerBrowse
                                • 199.232.214.172
                                DCRatBuild.exeGet hashmaliciousDCRat, Quasar, Salat StealerBrowse
                                • 199.232.214.172
                                2fJDLWGg6I.dllGet hashmaliciousUnknownBrowse
                                • 199.232.210.172
                                4X5d8eJ6bP.dllGet hashmaliciousUnknownBrowse
                                • 199.232.210.172
                                O9m8yWdG3T.exeGet hashmaliciousFormBookBrowse
                                • 199.232.210.172
                                mr3ju6NEJG.exeGet hashmaliciousDarkCloudBrowse
                                • 199.232.214.172
                                decyrpted.dllGet hashmaliciousUnknownBrowse
                                • 199.232.214.172
                                271JaJbQjMLGbcc.exeGet hashmaliciousFormBookBrowse
                                • 199.232.210.172

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                AKAMAI-ASUSMessage.emlGet hashmaliciousTycoon2FABrowse
                                • 23.46.224.249
                                neon.m68k.elfGet hashmaliciousGafgyt, MiraiBrowse
                                • 184.31.203.170
                                neon.mipsel.elfGet hashmaliciousGafgyt, MiraiBrowse
                                • 184.31.203.184
                                neon.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                • 184.50.112.89
                                dabrahams-2025-06-06-XATmka.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 23.39.37.95
                                neon.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                • 184.29.182.49
                                neon.armv7l.elfGet hashmaliciousMiraiBrowse
                                • 184.50.112.96
                                neon.armv5l.elfGet hashmaliciousGafgyt, MiraiBrowse
                                • 184.29.182.51
                                https://u.pcloud.link/publink/show?code=XZhqPj5Z4NBAVmqMhMRcGanFil8zQfJziotkGet hashmaliciousGabagoolBrowse
                                • 23.204.11.32
                                https://wetransfer.com/downloads/27182aa4120e958f797d17b4d68b129020250609161749/4c1cd9c93821b8288f2e463d21cc85c020250609161749/a4cc4a?t_exp=1752077869&t_lsid=85037c73-6c77-4327-b4b1-e30531295194&t_network=email&t_rid=ZW1haWx8YWRyb2l0fGYwNjI0NDM1LTliYTUtNDI2My05ZDMzLTMyZWI2NjU2ZjIyNQ%3D%3D&t_s=download_link&t_ts=1749485869&utm_campaign=TRN_TDL_01&utm_source=sendgrid&utm_medium=email&trk=TRN_TDL_01Get hashmaliciousPhisherBrowse
                                • 23.192.223.238
                                NOS_COMUNICACOESPTMessage.emlGet hashmaliciousTycoon2FABrowse
                                • 23.200.196.138
                                mipsel.elfGet hashmaliciousUnknownBrowse
                                • 89.181.158.190
                                dabrahams-2025-06-06-XATmka.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 23.200.196.138
                                amd64.elfGet hashmaliciousUnknownBrowse
                                • 85.138.26.17
                                aarch64.elfGet hashmaliciousUnknownBrowse
                                • 89.180.3.226
                                mips.elfGet hashmaliciousUnknownBrowse
                                • 89.181.136.77
                                i686.elfGet hashmaliciousUnknownBrowse
                                • 89.181.136.77
                                arm926t.elfGet hashmaliciousUnknownBrowse
                                • 89.181.173.6
                                ppc64le.elfGet hashmaliciousUnknownBrowse
                                • 89.180.3.226
                                s390x.elfGet hashmaliciousUnknownBrowse
                                • 89.181.136.77

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):287
                                Entropy (8bit):5.226148689601993
                                Encrypted:false
                                SSDEEP:6:iOTye4q2PRN2nKuAl9OmbnIFUtByYJZmw/y37kwORN2nKuAl9OmbjLJ:7m9vaHAahFUtcq/a375JHAaSJ
                                MD5:99C0E07A1B93693D03F7757F2A8C4C84
                                SHA1:535446BD49AD2DCABBF8587639C4C36F5699AFC1
                                SHA-256:0776EC42AD97183057B9EE489D3DAEE75E88E1DCF0FC8AE7B5A93DAC47CF64DB
                                SHA-512:BD7B4DFA0329A33B2696683CC1D417B2C60E85398D0205916EAFB5E826B9F3FAB31FADDDAD56C4FF1D595DF017A9D3B233EF567611C761D4C2EC34A9D5FD0381
                                Malicious:false
                                Reputation:low
                                Preview:2025/06/10-12:58:42.175 e90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/06/10-12:58:42.177 e90 Recovering log #3.2025/06/10-12:58:42.178 e90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):287
                                Entropy (8bit):5.226148689601993
                                Encrypted:false
                                SSDEEP:6:iOTye4q2PRN2nKuAl9OmbnIFUtByYJZmw/y37kwORN2nKuAl9OmbjLJ:7m9vaHAahFUtcq/a375JHAaSJ
                                MD5:99C0E07A1B93693D03F7757F2A8C4C84
                                SHA1:535446BD49AD2DCABBF8587639C4C36F5699AFC1
                                SHA-256:0776EC42AD97183057B9EE489D3DAEE75E88E1DCF0FC8AE7B5A93DAC47CF64DB
                                SHA-512:BD7B4DFA0329A33B2696683CC1D417B2C60E85398D0205916EAFB5E826B9F3FAB31FADDDAD56C4FF1D595DF017A9D3B233EF567611C761D4C2EC34A9D5FD0381
                                Malicious:false
                                Reputation:low
                                Preview:2025/06/10-12:58:42.175 e90 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/06/10-12:58:42.177 e90 Recovering log #3.2025/06/10-12:58:42.178 e90 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):334
                                Entropy (8bit):5.192779277379819
                                Encrypted:false
                                SSDEEP:6:iOTy20PTq2PRN2nKuAl9Ombzo2jMGIFUtByoNZZmw/yQFuFkwORN2nKuAl9Ombzz:7m20PTvaHAa8uFUtcof/aQy5JHAa8RJ
                                MD5:080D839E2CE601ADB058B577CD72D2C6
                                SHA1:E2FE5C61ECCB13F32CA40A1948DF09AEB021F9AA
                                SHA-256:58B84189B8539517D3C0E10359EF70EF20619C78423C331B2E407B7C5CBF458D
                                SHA-512:A2B739DA26C51298E473DAE35E627F2E32F489F470DB9225E955460DCE3A4328A883C03427AE16A927716FB4339668CC5E279200F5251598F31492852D2A4999
                                Malicious:false
                                Reputation:low
                                Preview:2025/06/10-12:58:42.039 1370 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/06/10-12:58:42.042 1370 Recovering log #3.2025/06/10-12:58:42.043 1370 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):334
                                Entropy (8bit):5.192779277379819
                                Encrypted:false
                                SSDEEP:6:iOTy20PTq2PRN2nKuAl9Ombzo2jMGIFUtByoNZZmw/yQFuFkwORN2nKuAl9Ombzz:7m20PTvaHAa8uFUtcof/aQy5JHAa8RJ
                                MD5:080D839E2CE601ADB058B577CD72D2C6
                                SHA1:E2FE5C61ECCB13F32CA40A1948DF09AEB021F9AA
                                SHA-256:58B84189B8539517D3C0E10359EF70EF20619C78423C331B2E407B7C5CBF458D
                                SHA-512:A2B739DA26C51298E473DAE35E627F2E32F489F470DB9225E955460DCE3A4328A883C03427AE16A927716FB4339668CC5E279200F5251598F31492852D2A4999
                                Malicious:false
                                Reputation:low
                                Preview:2025/06/10-12:58:42.039 1370 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/06/10-12:58:42.042 1370 Recovering log #3.2025/06/10-12:58:42.043 1370 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\132eb6fd-2510-4633-be5f-24a3fbfa0a02.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):403
                                Entropy (8bit):4.953858338552356
                                Encrypted:false
                                SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                Malicious:false
                                Reputation:high, very likely benign file
                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\86bb22d6-d358-4c24-b08f-33451a007e23.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):203
                                Entropy (8bit):5.34782975957925
                                Encrypted:false
                                SSDEEP:6:YAQN96WWBXuObqJx8wXwlmUUAnIMp5ZahSQ:YCR1uObO+UAnIQasQ
                                MD5:5AC48705E2952FCB6BC677E4D4A2388B
                                SHA1:91ADBD7FB36C6F1BFFE3DA0A36918EC5AA806F9D
                                SHA-256:F7003EBD57E57CD7AE811EA9A78407F81B5B2A344E55571839D9C5BBAC37BC19
                                SHA-512:B74475092641DB97A252CE90B86933771CB663DEE3FEAFC31D3D226F97CBEA2CD3C55AF1485907B0D261981A37D4CE75CCB4F4497F7ABBA9AD2BFE42DB208DE5
                                Malicious:false
                                Reputation:low
                                Preview:{"expect_ct":[],"sts":[{"expiry":1765126726.052067,"host":"fm9KDTkCEEOhjQ0Uz3wemEDKt2V49zM91BbUE6ob8vg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1749574726.052073}],"version":2}

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):403
                                Entropy (8bit):4.953858338552356
                                Encrypted:false
                                SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                Malicious:false
                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF41427b.TMP (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):403
                                Entropy (8bit):4.953858338552356
                                Encrypted:false
                                SSDEEP:12:YHO8sq/WLksBdOg2H9caq3QYiubrP7E4T3y:YXsRJdMHM3QYhbz7nby
                                MD5:4C313FE514B5F4E7E89329630909F8DC
                                SHA1:916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
                                SHA-256:1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
                                SHA-512:1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
                                Malicious:false
                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\TransportSecurity (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):203
                                Entropy (8bit):5.34782975957925
                                Encrypted:false
                                SSDEEP:6:YAQN96WWBXuObqJx8wXwlmUUAnIMp5ZahSQ:YCR1uObO+UAnIQasQ
                                MD5:5AC48705E2952FCB6BC677E4D4A2388B
                                SHA1:91ADBD7FB36C6F1BFFE3DA0A36918EC5AA806F9D
                                SHA-256:F7003EBD57E57CD7AE811EA9A78407F81B5B2A344E55571839D9C5BBAC37BC19
                                SHA-512:B74475092641DB97A252CE90B86933771CB663DEE3FEAFC31D3D226F97CBEA2CD3C55AF1485907B0D261981A37D4CE75CCB4F4497F7ABBA9AD2BFE42DB208DE5
                                Malicious:false
                                Preview:{"expect_ct":[],"sts":[{"expiry":1765126726.052067,"host":"fm9KDTkCEEOhjQ0Uz3wemEDKt2V49zM91BbUE6ob8vg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1749574726.052073}],"version":2}

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c1cb22c2-4b55-4daa-bf01-c2511625e039.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):475
                                Entropy (8bit):4.973413864143525
                                Encrypted:false
                                SSDEEP:12:YH/um3RA8sqVJH0WsBdOg2Hacaq3QYiubrP7E4T3y:Y2sRdsIREdMHV3QYhbz7nby
                                MD5:6A7A55E73CAB33F7DEEA012240C3DF66
                                SHA1:667A4CFCCEAF0DA4368E1D6EE11EE0F7F7E8EDA7
                                SHA-256:D655940E705B4FC7D9D1A6D8528CC12F9C5B7B49554FDD82C645337D61A483CB
                                SHA-512:3D3728692152D13D72FE977C7D63ADB5BE10FB30821BD038807ABD1609DBCE60ABB728520F93730BA29A5C0283A49AC97CE0217993836F019C6B10DFE29132BF
                                Malicious:false
                                Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13394134730645657","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":88190},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4509
                                Entropy (8bit):5.236251239898277
                                Encrypted:false
                                SSDEEP:96:OLSw0bSwIAnrRqLX2rSq1OUxu/0OZ0xRBTxekN8xe4Hcl1SHwZ:OLT0bTIeYa51Ogu/0OZARBT8kN88Qclh
                                MD5:63D4E612E54F3EDE1D824A191615015A
                                SHA1:53CD225CDA578F343555C676034F622C08F6578B
                                SHA-256:DEF429A629770979836EE676C9448840674F7788955E75FD8E23AE61B5C6774D
                                SHA-512:94795510A9FF9DB91FD39E6A8CCFD4426903BDB766CB89377CEBA2C21501BD1E0371BC5635E9C3857297A667D68E8F13E78DCBD0B6E0BE54DF8E391945F0BB06
                                Malicious:false
                                Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):322
                                Entropy (8bit):5.183895954042655
                                Encrypted:false
                                SSDEEP:6:iOTySIq2PRN2nKuAl9OmbzNMxIFUtByM+Zmw/yYNkwORN2nKuAl9OmbzNMFLJ:7mzvaHAa8jFUtcF/ae5JHAa84J
                                MD5:914C33F698C1B1235F0E5CBE4459BD4E
                                SHA1:01FC3A2D57724826098E487E45F8810FE9B90909
                                SHA-256:143F661AEC4FCDFD397ED3752FE99813A5949BDF5FF186539F66EDCE3847EDD8
                                SHA-512:19C950D7029A64DAD2E1A28992ED7C2A08DD24A9FD245B3A038D015781F526DA3CDA41B1A9903B3994A0B6DFFBBC71DBC4A2EF240432CD3BAD8533AF36CA19B8
                                Malicious:false
                                Preview:2025/06/10-12:58:42.222 1370 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/06/10-12:58:42.223 1370 Recovering log #3.2025/06/10-12:58:42.226 1370 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:ASCII text
                                Category:dropped
                                Size (bytes):322
                                Entropy (8bit):5.183895954042655
                                Encrypted:false
                                SSDEEP:6:iOTySIq2PRN2nKuAl9OmbzNMxIFUtByM+Zmw/yYNkwORN2nKuAl9OmbzNMFLJ:7mzvaHAa8jFUtcF/ae5JHAa84J
                                MD5:914C33F698C1B1235F0E5CBE4459BD4E
                                SHA1:01FC3A2D57724826098E487E45F8810FE9B90909
                                SHA-256:143F661AEC4FCDFD397ED3752FE99813A5949BDF5FF186539F66EDCE3847EDD8
                                SHA-512:19C950D7029A64DAD2E1A28992ED7C2A08DD24A9FD245B3A038D015781F526DA3CDA41B1A9903B3994A0B6DFFBBC71DBC4A2EF240432CD3BAD8533AF36CA19B8
                                Malicious:false
                                Preview:2025/06/10-12:58:42.222 1370 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/06/10-12:58:42.223 1370 Recovering log #3.2025/06/10-12:58:42.226 1370 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                                Category:dropped
                                Size (bytes):57344
                                Entropy (8bit):3.291927920232006
                                Encrypted:false
                                SSDEEP:192:vedRBvVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:veBci5H5FY+EUUUTTcHqFzqFP
                                MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                                SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                                SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                                SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite Rollback Journal
                                Category:dropped
                                Size (bytes):16928
                                Entropy (8bit):1.2159109800582941
                                Encrypted:false
                                SSDEEP:24:7+tmlqLi+zkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wmf9Mzm+Zk:7McqLmFTIF3XmHjBoGGR+jMz+LhF
                                MD5:79E160DD9A91AE7C7B0CF3B1E878498C
                                SHA1:BF71D1A6917F421C26BB4EE382C6EB06E0327033
                                SHA-256:A9D4E0A222F402FB0B33C8D95CF0A0972DD7517976F16D9C04FCE945AE9C5CB6
                                SHA-512:846016E4B7E146C055FF21023A632B28907C06485479F401499DFB8281F7548CFA50C45EFCE7529EC98108EB0FE717B805A4C4E6B88B12ECA7871544F6CBA364
                                Malicious:false
                                Preview:.... .c......X.*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:Certificate, Version=3
                                Category:dropped
                                Size (bytes):1391
                                Entropy (8bit):7.705940075877404
                                Encrypted:false
                                SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                Malicious:false
                                Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73758 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                Category:dropped
                                Size (bytes):73758
                                Entropy (8bit):7.996018702667359
                                Encrypted:true
                                SSDEEP:1536:e0zdYEyJXLYH09aMkg2FtLE7kaKxX6cf7OnEtGNN84Vr+Zwv/Ew1:e0z+EQYU9aM1GOkagX8nKGNJv/N1
                                MD5:396207FAA085427DC55FB0609B191624
                                SHA1:2D5484ED85456580780CEF77DFB576C2A9C36E5B
                                SHA-256:A2C770D32A0D972F7501A97CB4E5E5AD7904A5155DC28D3A78C2462D32E0CF71
                                SHA-512:FBF09A2B1366B283F26FA5E41BC152FEFB939F0BBCCC31655C747560C82049C3ACFF9A65855AFCC666FE9B2D7CD176E70A83FD4D34DF41FAB915CD0F25CFE799
                                Malicious:false
                                Preview:MSCF..... ......,...................I.......&..........ZuG .authroot.stl......6..CK..<Tk...c_.dK.-d.....+.d..KvZD....!....I{I.R$B.[.EETd...t...3.W.....c..9.s...=....[..uY.Q.('..!....|....!p#.L...F...f.0B..)..U...c...0..&_.M......6.....i....<6......T........V&F9.,.....?"..}.....yW.(.X.]._..mG.B..e...oe.&..,..j9..g...m.......'.D.....sQ..&...S./!..<C..CD.3..J.i...@$.....`.WQ.+.N:.Gj...6.t..|..z. .._..pi.f...Y`0.n.ta.[...g./.(.#..T..N0... .......Ppm.. <d.ZA...D.}a......@....@........h...Gy.'0zo....;.X.<Q(|mD..)....GH.6ko...H..(L..J..9.6&.p......h1.fW?....{.......e9......f...t....c.].*..wA..+Gil.{.x\...F..a......OCQ.V..p.l.....B...@ae....v0...z.Tu..Z...Uv/...<X.T{A.....D..7F...AK......:......ic...h,.N..k...].a~...h..4.O.L=.ggZ9J.............L.oy.l+.K.E.V..~`DB0n....2.6f.4..?A.sl.F..}.;.~k.e|]'cx.m.....?....;....u(..Y].@%z.....r.2W.>.J..Po<...PR!.....x...../..CJ....E....YY....8.3.x?".V...7...c...m[.,..-...r....V.?...+....s...$......

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):192
                                Entropy (8bit):2.7425532007658724
                                Encrypted:false
                                SSDEEP:3:kkFklMbVMEttfllXlE/mf8bNNX8RolJuRdxHlP5JDdt:kKVFtkNMa8Rdf
                                MD5:413AC998850163E7FD05D75DC9AE9642
                                SHA1:78FB0D75AB4B1C4D058D2DC3FA0B2B94FE37D129
                                SHA-256:E86C4AD62FB6D0CAF02553646F44BB6511653F5C6BDD4933B15DF97406D29A50
                                SHA-512:9A9F728198E99CE0F83841E9EF1B1ADB097324360657EB45559B8D1D77637186F2888EB371FDBB4A84ED7A82687AA2C5105DEE80F2C1DE45D64E10736BE39A16
                                Malicious:false
                                Preview:p...... .........)..(...(....................................................... .........I s...[...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.8.0.f.d.5.d.e.-.5.6.f."...

                                C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):330
                                Entropy (8bit):3.2071811653383198
                                Encrypted:false
                                SSDEEP:6:kKMsM1g63DAN+SkQlPlEGYRMY9z+4KlDA3RUewt01:WgSD/kPlE99SNxAhUeY6
                                MD5:2E5C3950723DDCB00E0E3A0FDDCBC5EA
                                SHA1:E6C6373B7B655DBEEA45D0388BE06BEEBC2FE8C4
                                SHA-256:BA91986B3B7E25A18FABBCF57EEB00A9DC57A923569FC5D2A8E4A33356538EA8
                                SHA-512:5D198095E645CDD072E302BBAA07BB208B1E0E2B88AB895E846FD31D9C62342205B479C1904F79888900EA540D05E9CD7F6F20E4ED6CD0BD577936281B95D57A
                                Malicious:false
                                Preview:p...... .........h..)...(....................................................... ..........(.......(......w..... ..h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".3.d.8.4.4.7.b.4.2.8.c.f.d.b.1.:.0."...

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6200

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):185099
                                Entropy (8bit):5.182478651346149
                                Encrypted:false
                                SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                MD5:94185C5850C26B3C6FC24ABC385CDA58
                                SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                Malicious:false
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:PostScript document text
                                Category:dropped
                                Size (bytes):185099
                                Entropy (8bit):5.182478651346149
                                Encrypted:false
                                SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                                MD5:94185C5850C26B3C6FC24ABC385CDA58
                                SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                                SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                                SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                                Malicious:false
                                Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):228351
                                Entropy (8bit):3.3995153109141802
                                Encrypted:false
                                SSDEEP:1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgW/rRoL+sn:XPCaJ/3AYvYwgGFoL+sn
                                MD5:78BF17C31F63191675C07FEE6B05DE87
                                SHA1:E45661E07D618F3F8D5564BE3DF5DC75221FBB88
                                SHA-256:90A96B7685522FFDA5BC2A157565E25E99B260F908E37D7B8242A4BFF7DEAAE4
                                SHA-512:18EED8DB4FF83ABCD61B12B3EE6A9289F5D7B00445D877D8E9FF05B4CE90B349151081241F9EBCED5E97FC8A886AA066F6FA28D42B12832932898ABFBBDDFA3C
                                Malicious:false
                                Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):295
                                Entropy (8bit):5.376725845536645
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJM3g98kUwPeUkwRe9:YvXKX38zIOQWRuUhUssGMbLUkee9
                                MD5:D842F08083D031CAD8479A2CDE2FACC6
                                SHA1:4FB13504623469FC081D5DE7194A7B70C1A95AC4
                                SHA-256:34B71BD958893203E1547B3569A952DAAA9FC9B1D059D5E6E55DF7E3EDB5E014
                                SHA-512:44CB7E7C05CD80EAC366FC3C8B8B830C6A11973C89DFD83F72C57F2204E303AFC18F985DE6246DCA048D19A8B9F82290A0E7ED70F144CDC926DD1F6BDEF3812D
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):294
                                Entropy (8bit):5.322492009142299
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfBoTfXpnrPeUkwRe9:YvXKX38zIOQWRuUhUssGWTfXcUkee9
                                MD5:50B37CA81352E0934270F94B2FB53B33
                                SHA1:322551A497844CCF5820A6620FB73EB4224C7E22
                                SHA-256:476C48C109D2AD7B198AC5E5C5B8E181BEE8BE8CCCF25EBF8ED768AE4B5F288E
                                SHA-512:741705F125E9D387124B82B559F3B885C79FC65A2CF9CBC927AB381493D8EE70920B08130834B8BF633EB5F58A478B9AD29008DB53052B7B98A89A3AED89E1D6
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):294
                                Entropy (8bit):5.300751504500106
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfBD2G6UpnrPeUkwRe9:YvXKX38zIOQWRuUhUssGR22cUkee9
                                MD5:6BFCC6AC6EC62F36CC4DF644F8B0D748
                                SHA1:6C0F24657B78DEBFEF80B160B96A7F456C1D4505
                                SHA-256:E2D1E791C292D5F601D6C3C62F734AD632F0D3B47D78CB16A2FC1BF096020D11
                                SHA-512:D8BDB259BE87ABC044B5117B3D3E76942CB024E726107B817630DE71F0E227F9CBEFA8223B552A3FBC8DC1DDF408F1EB7F3ED5E0C113564023635AB8950830DD
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):285
                                Entropy (8bit):5.365574892495866
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfPmwrPeUkwRe9:YvXKX38zIOQWRuUhUssGH56Ukee9
                                MD5:E29BD361395F0446E25784F045FB99B7
                                SHA1:16E1B1DAD8EC9E9EA2ACC625F8EFC9FCC3892F9D
                                SHA-256:348A187A5E746FEA3C94EBF8B312A49A204A5814640BE545BABD6705F683454C
                                SHA-512:44EC4D597740D6C6D852AD4C90A7B0E74F506FAB2DBD040690282F302663DC3AC550229124EDD056725FE19AE163103B94A1BDB611C962FA350355F60741C16C
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):292
                                Entropy (8bit):5.3272589000604
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfJWCtMdPeUkwRe9:YvXKX38zIOQWRuUhUssGBS8Ukee9
                                MD5:1C0A07C5133721BA6FA71ACDCDB3BF58
                                SHA1:155024DD2AC1A6BF14D33BD3D6808740FED90DD2
                                SHA-256:D4466575D03B7658DEA4B0AE55A7FF5C5D3907305045B3FFDC5716C7DB97CA80
                                SHA-512:6513E5FA16C674F9AB4F6CE58D0FF15A072FA3D25871613B7CC52DA76C8A50D3C1329CB82F102DC24D92385B88E746B49876C399DEBF7615C8B9A741D7B0F939
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):289
                                Entropy (8bit):5.314030664411502
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJf8dPeUkwRe9:YvXKX38zIOQWRuUhUssGU8Ukee9
                                MD5:D940CE77887FE1C9B6116FBB16DB59F8
                                SHA1:893368D2AC6C73BDB50F6C3C8E315EFCC617514F
                                SHA-256:723CA81FC9E86F0A717C18EDE3721F5BE5E02936A423FAE49E7F0289B6CC4EC5
                                SHA-512:6F6BE2EC31FD7AEF7233BC101096BD1063914AD43ECBDD245720BEF1757FD277FF07AE7A3767843025038498A97AE2E221E624286B37C8C49B9E230BC0323B38
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):292
                                Entropy (8bit):5.317120364683321
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfQ1rPeUkwRe9:YvXKX38zIOQWRuUhUssGY16Ukee9
                                MD5:51C0300621B954100EFE09CF822BB976
                                SHA1:294C48C38AA6F30571E17E2A4F0180976DA796A7
                                SHA-256:616E147E573373627EE42438404EC5024CFC208FC525721FC051FA0FB809ED94
                                SHA-512:91241F57EC76CC3B6FF14A15E24011AE5C2A833CF5715B3E79288CEBC36F919B05F9882D89BC69DC1CD51B91899362D3458F2C761E9211485B9A2D7C70D033A4
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):289
                                Entropy (8bit):5.324338918210965
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfFldPeUkwRe9:YvXKX38zIOQWRuUhUssGz8Ukee9
                                MD5:8CF1FF8E8E5020274D5BCB8D50A91507
                                SHA1:5011845E904C31C044028A8BA88672656F91BC8C
                                SHA-256:88AE7457278E9B3AFE5408E864D05842611140EFA46F5DE757B3ED229D0B17D2
                                SHA-512:DD5CBA07EF5E3E3A8D97D813976AAC54E6004A35991265B5943408E71592A97A66BEA377258ED0ABEF7AAC230052D97844097BC69D88CA12D1C74325B1C24ACB
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):295
                                Entropy (8bit):5.339280444983314
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfzdPeUkwRe9:YvXKX38zIOQWRuUhUssGb8Ukee9
                                MD5:8ABB41D3636B9F69B0179E746185251A
                                SHA1:C9653ACC1D407E573162A949FC13B4FB187E5BE9
                                SHA-256:29C26CEB54AF0976FD66EB9F1AB9C72481898CDDFDC19541539D2E222B6B62EB
                                SHA-512:D607566E0C86BB74722BF974939E3C6A95CFC5A5938E1098EBFF6F53AC603B37069DBC166C18D7EC4927D0797445BD3A8AFBC21821564D34AC00BE4F242EF742
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):289
                                Entropy (8bit):5.3206151633595935
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfYdPeUkwRe9:YvXKX38zIOQWRuUhUssGg8Ukee9
                                MD5:860176A7318995A065F31FF583CA3EEB
                                SHA1:BCC83E20305FFCA4584AA54509FFAD73D5D251EE
                                SHA-256:AEA9774421C257AE92D388C373E55A93B109E93840BF576DF506BC26357CBFBF
                                SHA-512:6D2C542DCC0C90A5CDAF11EBEA79AD92E10FF70B996A768429611166C1B472671EC026705094AAC8EFCCC48DBE821365E8C70BA30F70EBD57344E8B35681CC1F
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):284
                                Entropy (8bit):5.30702847919936
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJf+dPeUkwRe9:YvXKX38zIOQWRuUhUssG28Ukee9
                                MD5:BD2EF184C2C75303B63093204FC181A0
                                SHA1:861F816290F9AC3B7D9ED0A03C405945F9369287
                                SHA-256:1A2F9C32CD4A247A980BF90E4DEA4902754B577418E79193853FB54DBBC94E7F
                                SHA-512:F5A7F09CD7AE90A21B35F589EE1714C8D4AB8BBF4CDBBF1FBD84B220672C8C0F65F6ABC8279ABE53334AF3E7A89334D0F95AC24E5AA3660187651AF7843B2ABD
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):291
                                Entropy (8bit):5.304020576061913
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfbPtdPeUkwRe9:YvXKX38zIOQWRuUhUssGDV8Ukee9
                                MD5:0D9350155E102B150DF98E914BF9C7EE
                                SHA1:CB0DE3AED3A12C0E1AC118C8DBB25C2F26C49C99
                                SHA-256:3B62EEF885CCA98260FE490264E308FE6A51E7B9627E77D85B24825CFFCEAEAF
                                SHA-512:A674010FF52902AFC79A29EEDB648B079FAE9720B2218FB42C5968AE9D5363C52094ECD93C4C19378622D4634707E01B17BD549D13E6C589F33530A7DE33A6D0
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):287
                                Entropy (8bit):5.307983106608946
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJf21rPeUkwRe9:YvXKX38zIOQWRuUhUssG+16Ukee9
                                MD5:3CE15FB7199376842A9C96D5F9FDFDAC
                                SHA1:8B25489F43F31E1F065F63FCD4A992602DFC98DB
                                SHA-256:79B6FF3A8706DD28F2F0CC608A604238872D5E2CB5C50F9A90F50EBD5100E631
                                SHA-512:8AA32B15062C84DC8062B8FB86B6BF9FA466A2320A120CE7B38916AFC757975FDE56E208A4D5384390316E3E81F5EFDEAED979C94D0E394969FE6AFF32232C8E
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):289
                                Entropy (8bit):5.327156474043519
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfbpatdPeUkwRe9:YvXKX38zIOQWRuUhUssGVat8Ukee9
                                MD5:A9AF020591EA9F764AA58CCA92B6BFB6
                                SHA1:8908538FE1E9E3DBB49E59AC350D26F1D56ED736
                                SHA-256:1B0CBC758F05C38B5B655F261A7B5E5523385AB48D3271ED246369095A613EFA
                                SHA-512:B57AE27E6A9AD393D7B95277E1FF039C3D2D91745CD6A6A2266301B0AB812FC36C358000D58C84113666CB6738B2FBEDC585A9D0975B585F3D5248565B9DA09E
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):286
                                Entropy (8bit):5.284115542676367
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJfshHHrPeUkwRe9:YvXKX38zIOQWRuUhUssGUUUkee9
                                MD5:E49795379C6F87539283739C58EB6D34
                                SHA1:151D234EAE0B826829F3EE687A5CB95386379C00
                                SHA-256:8772C26A092876EEFD481867DBBF1ED8D8C4C11621B6D06DA66977EEF5D2CD12
                                SHA-512:407D9E95ED6F883761468D76DEA3E71289DBBA41E81303A47F45373CD600CF92F6178EA0C9ECF16EED2DB3B833337C4E885684EC1193902EC56833C793BBD458
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):282
                                Entropy (8bit):5.295891697266825
                                Encrypted:false
                                SSDEEP:6:YEQXJ2HX38zITcd1Q5IRR4UhUR0YdgXDoAvJTqgFCrPeUkwRe9:YvXKX38zIOQWRuUhUssGTq16Ukee9
                                MD5:63A441EFE60939335818951DE69A790A
                                SHA1:0DD101F882A4780BB65F7AB111C05FE63A8C7549
                                SHA-256:3A1438A44C6DB50A500A2A132F7E649D7442AB0C77F31234C7F21CDEDEFE7649
                                SHA-512:5C21471F163D4FDF1AFBA2898E59270C021359CD7C3E1599E29A564C87CB5E001BE4395D3EA48863E43E984ED908BC301267627ED7D8427A171F9DF0E73D8C61
                                Malicious:false
                                Preview:{"analyticsData":{"responseGUID":"33fffafa-ec1b-4a30-84bd-f2c961f88274","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1749751771945,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4
                                Entropy (8bit):0.8112781244591328
                                Encrypted:false
                                SSDEEP:3:e:e
                                MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                                SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                                SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                                SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                                Malicious:false
                                Preview:....

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:JSON data
                                Category:dropped
                                Size (bytes):2812
                                Entropy (8bit):5.14236512152633
                                Encrypted:false
                                SSDEEP:48:YDDYqfVLwf3xoO78zoCpvRL5oncPjXl4wvIal+uMT9diF3:2DrfFwf3xoIUoCpvRL5/brv3l+FdiF3
                                MD5:9697666D836D8803C9DE69E6A65B38B3
                                SHA1:5164ECBFCA5ACA2A02E094AF8AFC86443E397C35
                                SHA-256:7B4E0A0E989C6BB314E80BCBBAADE16A9DD2166805D9B078D54810759E2FD2DF
                                SHA-512:43399E8BB942E09E55EE75FA39892A4DBFCA1635E84F5D2E6958C0386803CA039C9121CBDF7AF076936280F19D393A2375A7C45F2ECFC7F814A12B3496B78D0E
                                Malicious:false
                                Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"c175d600ad01f7939146932b4d9d345c","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1749574726000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"f381be0591d07346a39ae5000acf0de6","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1749574726000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"28e44436c072b57f96eda4117c25798f","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1749574726000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"8013d961afc8d98075c1b9f78593e608","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":289,"ts":1749574726000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"09b3a0b983515fe3d430660e2cca26f7","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":292,"ts":1749574726000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"8f0067c60808e41094858d1f6a0498c4","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","si

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                                Category:dropped
                                Size (bytes):12288
                                Entropy (8bit):0.9879683791236168
                                Encrypted:false
                                SSDEEP:24:TLHRx/XYKQvGJF7urs67Y9QmQ6QeQ5IcLESiAieo5F:TVl2GL7ms67YXtrncI8o
                                MD5:FFC01702CE2C94403A1AC57000F77EEB
                                SHA1:4B3AA129B1D4F61B7379C1F8D40700B2B6139A46
                                SHA-256:2B5FA3AB18299C51DD3BC490192B515E9F328041ADC1473904B59F2B2D0DFEBA
                                SHA-512:D0C3DF00C300F5B9360ED479BF3BF2D3EF5C5C43FE8F80C4249BAB70432F88FD22B469ACEED7E40A5A7E62853AE6F843A3724190D5391B06502D6F2D78F99AF6
                                Malicious:false
                                Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:SQLite Rollback Journal
                                Category:dropped
                                Size (bytes):8720
                                Entropy (8bit):1.3452379318901813
                                Encrypted:false
                                SSDEEP:24:7+teASY9QmQ6QeQ57cLESiAi0mY9Q9cqLBx/XYKQvGJF7ursf:7MelYXtrkcI8KYMcqll2GL7msf
                                MD5:27B84FC49FED189BB5BFFD2B80A8F37E
                                SHA1:49337272205E55EF8D88A6734C9E6518594CD80E
                                SHA-256:C40F5917835583217DB3A0275057C686211029134FE9745E41ABE1ED9AABDDA4
                                SHA-512:214209A8F505DD0579215526A7A96B379E52A0AD13E44F06DE5172A8B8230C020DC174AAC81E53A092F62A129B6012153CD88CEED285353F90D85571B33917D8
                                Malicious:false
                                Preview:.... .c.....Z.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\MSI2b8d.LOG

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):246
                                Entropy (8bit):3.5309417490522437
                                Encrypted:false
                                SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8EeCylE3ClAe:Qw946cPbiOxDlbYnuRK+CT3ClV
                                MD5:9B341B5D12ABFE7B8B94F1476120CED3
                                SHA1:C43FFE34BEF0ECBC7C247917C5FD0F2C51664043
                                SHA-256:53F6E9CBF1385A3329E634F7F47B47792F54D0298A713EE1065197713937FF83
                                SHA-512:97A93518F71A4C44B3AA949A56619A3EFBDD068A6613E83F41B14297A0D80C0DEAA68DBEF0F106D06220BE5A4D34A3CB084F18C8F61D9A1B881D9F5DBE8DCE3F
                                Malicious:false
                                Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.0./.0.6./.2.0.2.5. . .1.2.:.5.8.:.4.6. .=.=.=.....

                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-06-10 12-58-40-789.log

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with very long lines (393)
                                Category:dropped
                                Size (bytes):16525
                                Entropy (8bit):5.353642815103214
                                Encrypted:false
                                SSDEEP:384:tbxtsuP+XEWJJQbnR8L31M7HeltV+KYm3wsa2KjF4ODkr/O8r2IUHUHMWwEyZRN2:aPL
                                MD5:91F06491552FC977E9E8AF47786EE7C1
                                SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                                SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                                SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                                Malicious:false
                                Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with very long lines (393), with CRLF line terminators
                                Category:dropped
                                Size (bytes):16603
                                Entropy (8bit):5.357153556561637
                                Encrypted:false
                                SSDEEP:384:pRF0DP+ulFKaTNeTu5ZccIGTzo/Gl33+diUWYQTFgXTwYCAmAighH26P2Q2MdyK2:MOY3
                                MD5:3BFB614C18F1EA7840F0D00A26AB5DE6
                                SHA1:93C522C416AB2B7126809D3469135DB53954B7F9
                                SHA-256:E2F4B67912A96E103CFAEFBECAD86EAC9D3DDFD05DB9288BB519B68B74F1FA0D
                                SHA-512:D486F017A139D0BDED47C2FC9325382FFFD59FD9ABA30184C73ED89D0E27731E3188E2D87186D0A94EE337920C9EE3499CE125ED0A5610E8B4014594E387DEEA
                                Malicious:false
                                Preview:SessionID=47a51fc4-fcb5-4860-8d7f-545d31d2a768.1749574720856 Timestamp=2025-06-10T12:58:40:856-0400 ThreadID=6612 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=47a51fc4-fcb5-4860-8d7f-545d31d2a768.1749574720856 Timestamp=2025-06-10T12:58:40:863-0400 ThreadID=6612 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=47a51fc4-fcb5-4860-8d7f-545d31d2a768.1749574720856 Timestamp=2025-06-10T12:58:40:863-0400 ThreadID=6612 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=47a51fc4-fcb5-4860-8d7f-545d31d2a768.1749574720856 Timestamp=2025-06-10T12:58:40:863-0400 ThreadID=6612 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=47a51fc4-fcb5-4860-8d7f-545d31d2a768.1749574720856 Timestamp=2025-06-10T12:58:40:865-0400 ThreadID=6612 Component=ngl-lib_NglAppLib Description="SetConf

                                C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):29845
                                Entropy (8bit):5.419667277788444
                                Encrypted:false
                                SSDEEP:192:0cbgIhPcbocbAIlncb2cbwI/RcbNcbQIVvcbMocbII57cbW:fhWlA/TVbb5l
                                MD5:DB4DC2802005D212B2BF64F106841815
                                SHA1:91C7FA2C4F9E7CCF3F0D6009F1F62D1ED64059E8
                                SHA-256:1BE04F892A8F128ED2632FF802375A167664B7A1AAA8C216E1E60B5816A64E78
                                SHA-512:AE0C9EB80BA0EF479C8EC98B9B41E9B18640A77B690E4A45F554CF4DC8C24BB6232C5342C5E59E3E585EBFE4C8E46E5A84E3580CEE1A9D2D1D9816737C2651F3
                                Malicious:false
                                Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                                C:\Users\user\AppData\Local\Temp\acrocef_low\76463924-e2f8-4d2b-a3e0-ab6bea4001ea.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                                Category:dropped
                                Size (bytes):758601
                                Entropy (8bit):7.98639316555857
                                Encrypted:false
                                SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
                                MD5:3A49135134665364308390AC398006F1
                                SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                                SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                                SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                                Malicious:false
                                Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                                C:\Users\user\AppData\Local\Temp\acrocef_low\945a61c7-9b6c-41b4-8d71-83efe3a423ea.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                                Category:dropped
                                Size (bytes):1407294
                                Entropy (8bit):7.97605879016224
                                Encrypted:false
                                SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLcGZtwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLcGZa
                                MD5:22B260CB8C51C0D68C6550E4B061E25A
                                SHA1:DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E
                                SHA-256:DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0
                                SHA-512:503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9
                                Malicious:false
                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                C:\Users\user\AppData\Local\Temp\acrocef_low\a6cc42ff-7107-4584-8d00-0f94610a7d84.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57837
                                Category:dropped
                                Size (bytes):1419751
                                Entropy (8bit):7.976496077007677
                                Encrypted:false
                                SSDEEP:24576:/M7oMOWLaGZ4ZwYIGNPtdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07c:RVWLaGZ4ZwZGD3mlind9i4ufFXpAXkrj
                                MD5:ECFA20D7144E6C6EDB6129A2266A8080
                                SHA1:FF0C474BFF1FA6E59B8346345CBF60210C562E38
                                SHA-256:6E890EA390AE240E67BE50068F415F83B90730601D7B9A57D981236F5EE3E853
                                SHA-512:533194CC330DD691473A5DA431A6C52817EFE116E570D3A5CE91322534FDC23F3D87EC5B7AC582FC2DEC4746E70B2B85DAA20D7A15308870E267C80975683B7D
                                Malicious:false
                                Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                                C:\Users\user\AppData\Local\Temp\acrocef_low\d8b6b2e6-78bd-4ba9-9bb2-691a03162c5f.tmp

                                Download File
                                Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                                Category:dropped
                                Size (bytes):386528
                                Entropy (8bit):7.9736851559892425
                                Encrypted:false
                                SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
                                MD5:5C48B0AD2FEF800949466AE872E1F1E2
                                SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                                SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                                SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                                Malicious:false
                                Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                                Static File Info

                                General

                                File type:PDF document, version 1.4
                                Entropy (8bit):7.998742711938739
                                TrID:
                                • Adobe Portable Document Format (5005/1) 100.00%
                                File name:Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdf
                                File size:236'580 bytes
                                MD5:19948161a10913f4de48ceaeebb3155e
                                SHA1:17a5affb9a83eed4f119bee171db0d78976ae4a4
                                SHA256:0076be57d1efb411b083484b92bed90f05767cb3cf43c028019590699b8b8818
                                SHA512:4d6c81b7923fa9fa43b91577c5cef20e07374e630cd1626829e494bf639d03ff922cc166351f627b847b1e49c4651c13350616bdd78deb95eaabef6cf1efb6c0
                                SSDEEP:6144:X9Qy+4hQxZy+N10dZiyZ3hEdadXpJRGM9A9KzXSD:XJ+42xZy2SjBLE8dXMHQe
                                TLSH:EE3423BACAE7850FD7B630427C155B22ABC4C202276BF13DA50FD9FB9906934BE5119C
                                File Content Preview:%PDF-1.4.%......4 0 obj.<<./Type /XObject./Subtype /Image./Width 1258./Height 948./ColorSpace /DeviceRGB./SMask 5 0 R./BitsPerComponent 8./Filter /FlateDecode./Length 132830.>>.stream.f0....%$.G.V".".\..K.lr.....`.k@.......H;0g....o...B.&..{h ..*.u.$..Mr~

                                File Icon

                                Icon Hash:62cc8caeb29e8ae0

                                Static PDF Info

                                General

                                Header:%PDF-1.4
                                Total Entropy:7.998743
                                Total Bytes:236580
                                Stream Entropy:7.999149
                                Stream Bytes:234923
                                Entropy outside Streams:5.217564
                                Bytes outside Streams:1657
                                Number of EOF found:1
                                Bytes after EOF:

                                Keywords Statistics

                                NameCount
                                obj10
                                endobj10
                                stream9
                                endstream9
                                xref0
                                trailer0
                                startxref1
                                /Page0
                                /Encrypt1
                                /ObjStm1
                                /URI0
                                /JS0
                                /JavaScript0
                                /AA0
                                /OpenAction0
                                /AcroForm0
                                /JBIG2Decode0
                                /RichMedia0
                                /Launch0
                                /EmbeddedFile0

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jun 10, 2025 18:58:51.369498968 CEST4971280192.168.2.1623.39.37.95
                                Jun 10, 2025 18:58:51.455701113 CEST804971223.39.37.95192.168.2.16
                                Jun 10, 2025 18:58:51.455802917 CEST4971280192.168.2.1623.39.37.95
                                Jun 10, 2025 18:58:51.456001997 CEST4971280192.168.2.1623.39.37.95
                                Jun 10, 2025 18:58:51.542068005 CEST804971223.39.37.95192.168.2.16
                                Jun 10, 2025 18:58:51.542781115 CEST804971223.39.37.95192.168.2.16
                                Jun 10, 2025 18:58:51.542788029 CEST804971223.39.37.95192.168.2.16
                                Jun 10, 2025 18:58:51.543438911 CEST4971280192.168.2.1623.39.37.95
                                Jun 10, 2025 18:58:51.579720020 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.579778910 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.580101013 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.580276012 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.580286026 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.778934956 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.779010057 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.781024933 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.781038046 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.781250000 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.781255007 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.781480074 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.781486034 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.781754971 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.782531023 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.782666922 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.782818079 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.783713102 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.830598116 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.876903057 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.877161026 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.877310991 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:58:51.878278971 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:58:51.925585985 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:59:36.891784906 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 18:59:36.891841888 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 18:59:51.987937927 CEST4971280192.168.2.1623.39.37.95
                                Jun 10, 2025 18:59:52.074549913 CEST804971223.39.37.95192.168.2.16
                                Jun 10, 2025 18:59:52.074608088 CEST4971280192.168.2.1623.39.37.95
                                Jun 10, 2025 19:00:21.893838882 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 19:00:21.893867016 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 19:00:22.594886065 CEST49713443192.168.2.1623.200.196.138
                                Jun 10, 2025 19:00:22.595355034 CEST4434971323.200.196.138192.168.2.16
                                Jun 10, 2025 19:00:22.595417976 CEST49713443192.168.2.1623.200.196.138

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jun 10, 2025 18:58:51.277456999 CEST5156653192.168.2.161.1.1.1
                                Jun 10, 2025 18:58:51.364908934 CEST53515661.1.1.1192.168.2.16

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Jun 10, 2025 18:58:51.277456999 CEST192.168.2.161.1.1.10xe3b7Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Jun 10, 2025 18:58:51.364908934 CEST1.1.1.1192.168.2.160xe3b7No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                Jun 10, 2025 18:58:51.364908934 CEST1.1.1.1192.168.2.160xe3b7No error (0)crl.root-x1.letsencrypt.org.edgekey.nete8652.dscx.akamaiedge.netCNAME (Canonical name)IN (0x0001)false
                                Jun 10, 2025 18:58:51.364908934 CEST1.1.1.1192.168.2.160xe3b7No error (0)e8652.dscx.akamaiedge.net23.39.37.95A (IP address)IN (0x0001)false
                                Jun 10, 2025 18:58:51.669162035 CEST1.1.1.1192.168.2.160x201bNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                Jun 10, 2025 18:58:51.669162035 CEST1.1.1.1192.168.2.160x201bNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                Jun 10, 2025 18:59:05.701425076 CEST1.1.1.1192.168.2.160x36a7No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                Jun 10, 2025 18:59:05.701425076 CEST1.1.1.1192.168.2.160x36a7No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                Jun 10, 2025 18:59:18.082526922 CEST1.1.1.1192.168.2.160x66bNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                Jun 10, 2025 18:59:18.082526922 CEST1.1.1.1192.168.2.160x66bNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • armmf.adobe.com
                                • x1.i.lencr.org

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.164971223.39.37.95806584C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                TimestampBytes transferredDirectionData
                                Jun 10, 2025 18:58:51.456001997 CEST115OUTGET / HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Microsoft-CryptoAPI/10.0
                                Host: x1.i.lencr.org
                                Jun 10, 2025 18:58:51.542781115 CEST1358INHTTP/1.1 200 OK
                                Server: nginx
                                Content-Type: application/pkix-cert
                                Last-Modified: Mon, 28 Apr 2025 19:24:14 GMT
                                ETag: "680fd5de-56f"
                                Content-Disposition: attachment; filename="ISRG Root X1.der"
                                Cache-Control: max-age=45659
                                Expires: Wed, 11 Jun 2025 05:39:50 GMT
                                Date: Tue, 10 Jun 2025 16:58:51 GMT
                                Content-Length: 1391
                                Connection: keep-alive
                                Data Raw: 30 82 05 6b 30 82 03 53 a0 03 02 01 02 02 11 00 82 10 cf b0 d2 40 e3 59 44 63 e0 bb 63 82 8b 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 31 35 30 36 30 34 31 31 30 34 33 38 5a 17 0d 33 35 30 36 30 34 31 31 30 34 33 38 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 [TRUNCATED]
                                Data Ascii: 0k0S@YDcc0*H0O10UUS1)0'U Internet Security Research Group10UISRG Root X10150604110438Z350604110438Z0O10UUS1)0'U Internet Security Research Group10UISRG Root X10"0*H0$s7+W(8n<WxujnO(hlDck1!~3<Hy!KqiJffl~<p)"K~G|H#S8Oo.IWt/8{p!u0<cOK~w.{JL%p)S$J?aQcq.o[\4ylv;by/&676urI*Av5/(ldwnG7Y^hrA)>Y>&$ZL@F:Qn;}rxY>Qx/>{JKsP|Ctt0[q600\H;}`)A|;FH*vvj=8d+(B"']ypN:'Qnd3COB0@0U0U00UyY{sXn0*HUXPi ')au\ni/VKsY!~Lq`9!VPYYbEf|o;'}~"+"
                                Jun 10, 2025 18:58:51.542788029 CEST387INData Raw: 0e 8f f2 8a 34 5b 58 d8 fc 01 c9 54 b9 b8 26 cc 8a 88 33 89 4c 2d 84 3c 82 df ee 96 57 05 ba 2c bb f7 c4 b7 c7 4e 3b 82 be 31 c8 22 73 73 92 d1 c2 80 a4 39 39 10 33 23 82 4c 3c 9f 86 b2 55 98 1d be 29 86 8c 22 9b 9e e2 6b 3b 57 3a 82 70 4d dc 09
                                Data Ascii: 4[XT&3L-<W,N;1"ss993#L<U)"k;W:pMMl]+NEJ&rj,_(.{q{^FS|7B*HL9GR+3S}MmBo@'5\(3#PylFn~:R-?[$


                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.164971323.200.196.1384431028C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                TimestampBytes transferredDirectionData
                                2025-06-10 16:58:51 UTC357OUTGET /onboarding/smskillreader.txt HTTP/1.1
                                host: armmf.adobe.com
                                accept-language: en-US,en;q=0.9
                                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36
                                sec-fetch-site: same-origin
                                sec-fetch-mode: no-cors
                                sec-fetch-dest: empty
                                accept-encoding: identity
                                2025-06-10 16:58:51 UTC271INHTTP/1.1 200 OK
                                server: Apache
                                last-modified: Mon, 01 May 2023 15:02:33 GMT
                                etag: "78-5faa31cce96da"
                                accept-ranges: bytes
                                content-length: 120
                                content-type: text/plain; charset=UTF-8
                                date: Tue, 10 Jun 2025 16:58:51 GMT
                                akamai-grn: 0.191bd017.1749574731.1a3dbac
                                2025-06-10 16:58:51 UTC120INData Raw: 46 69 6c 65 20 74 68 61 74 20 61 63 74 73 20 6c 69 6b 65 20 61 20 4b 69 6c 6c 20 73 77 69 74 63 68 20 66 6f 72 20 53 4d 53 20 66 75 6e 63 74 69 6f 6e 61 6c 69 74 79 20 69 6e 20 52 65 61 64 65 72 2e 20 44 65 6c 65 74 65 20 74 68 69 73 20 66 69 6c 65 20 74 6f 20 65 6e 61 62 6c 65 20 74 68 65 20 6b 69 6c 6c 20 73 77 69 74 63 68 20 69 6e 20 52 65 61 64 65 72 2e
                                Data Ascii: File that acts like a Kill switch for SMS functionality in Reader. Delete this file to enable the kill switch in Reader.


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:2
                                Start time:12:58:36
                                Start date:10/06/2025
                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Paradigm-corp_Remittance_Advice_Monday, June 9, 2025 at 07_36_45 PM.pdf"
                                Imagebase:0x7ff786bd0000
                                File size:5'641'176 bytes
                                MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:3
                                Start time:12:58:40
                                Start date:10/06/2025
                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                                Imagebase:0x7ff724bc0000
                                File size:3'581'912 bytes
                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:6
                                Start time:12:58:41
                                Start date:10/06/2025
                                Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2120 --field-trial-handle=1552,i,5071983132029350567,6716144300352404056,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                                Imagebase:0x7ff724bc0000
                                File size:3'581'912 bytes
                                MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                General

                                Target ID:15
                                Start time:13:00:25
                                Start date:10/06/2025
                                Path:C:\Windows\System32\rundll32.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                Imagebase:0x7ff690670000
                                File size:71'680 bytes
                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:high
                                Has exited:true

                                Disassembly

                                No disassembly