Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Liftone ..pdf

Overview

General Information

Sample name:	Liftone ..pdf
Analysis ID:	1428249
MD5:	6cadac337776aba6aa6946d42f92a840
SHA1:	b8751f2c08df20b3294752afa5d7cc00a7812e55
SHA256:	8e62130c954dedb2e0ce62e3a007384ffa8101bb2d9144d955dde46488743c89
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Misleading page title found

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Invalid T&C link found

Phishing site detected (based on OCR NLP Model)

Stores files to the Windows start menu directory

Classification

×

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6564 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Liftone ..pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6332 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6652 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1544,i,1241296826629441675,870163600650370802,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 8176 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://roads.dentistsinchattanoogatennessee.com/signedbox/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7360 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1912,i,329899899613058535,11907109387911769218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_189	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Misleading page title found

Source: https://roads.dentistsinchattanoogatennessee.com/signedbox/	Page Title: Microsoft \| Login
Source: https://roads.dentistsinchattanoogatennessee.com/signedbox/	Page Title: Microsoft \| Login

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_189, type: DROPPED

Source: https://roads.dentistsinchattanoogatennessee.com/signedbox/

HTTP Parser: Number of links: 0

Source: https://roads.dentistsinchattanoogatennessee.com/signedbox/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://roads.dentistsinchattanoogatennessee.com/signedbox/

HTTP Parser: Title: Microsoft | Login does not match URL

Source: https://roads.dentistsinchattanoogatennessee.com/signedbox/

HTTP Parser: Invalid link: Privacy statement

Source: Adobe Acrobat PDF

ML Model on OCR Text: Matched 99.5% probability on "Adobe PDF Document is enclosed with Adobe Pdf for Business MAT:2378 // INVOICE // YOUR REF:3210 // RAF Click Here For View Microsoft Adobe Pdf Microsoft respects your privacy. to learn more, please read our privacy statement Microsoft Corporation "

Source: https://roads.dentistsinchattanoogatennessee.com/signedbox/

HTTP Parser: <input type="password" .../> found

Source: https://roads.dentistsinchattanoogatennessee.com/signedbox/

HTTP Parser: No favicon

Source: https://roads.dentistsinchattanoogatennessee.com/signedbox/

HTTP Parser: No <meta name="author".. found

Source: https://roads.dentistsinchattanoogatennessee.com/signedbox/

HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49749 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 28MB

Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250
Source: unknown	TCP traffic detected without corresponding DNS query: 172.67.167.250

Source: unknown

DNS traffic detected: queries for: code.jquery.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown

HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49749 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.winPDF@31/58@16/188

Source: Liftone ..pdf

Initial sample: https://roads.dentistsinchattanoogatennessee.com/signedbox/

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\blob_storage\1d8ad159-a7f1-4439-9e42-2297e6a0448b

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File created: C:\Users\user\AppData\Local\Temp\acrocef_low\ef81e8be-a043-4932-9f59-3b5cd8e6d19a.tmp

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Liftone ..pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1544,i,1241296826629441675,870163600650370802,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1544,i,1241296826629441675,870163600650370802,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding C8984F0D7C7DD55BD636CEF6738EF8EB
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://roads.dentistsinchattanoogatennessee.com/signedbox/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1912,i,329899899613058535,11907109387911769218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://roads.dentistsinchattanoogatennessee.com/signedbox/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1912,i,329899899613058535,11907109387911769218,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Liftone ..pdf	Initial sample: PDF keyword /JS count = 0
Source: Liftone ..pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Liftone ..pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
part-0013.t-0009.t-msedge.net	13.107.213.41	true	false		unknown
a.nel.cloudflare.com	35.190.80.1	true	false		high
dashboard.spamfather.com	172.67.172.36	true	false		unknown
code.jquery.com	151.101.194.137	true	false		high
cdnjs.cloudflare.com	104.17.24.14	true	false		high
maxcdn.bootstrapcdn.com	104.18.11.207	true	false		high
www.google.com	172.253.124.99	true	false		high
part-0042.t-0009.t-msedge.net	13.107.246.70	true	false		unknown
use.fontawesome.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://roads.dentistsinchattanoogatennessee.com/signedbox/	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.47.193	unknown	United States		13335	CLOUDFLARENETUS	false
162.159.61.3	unknown	United States		13335	CLOUDFLARENETUS	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.9.95	unknown	United States		15169	GOOGLEUS	false
172.67.167.250	unknown	United States		13335	CLOUDFLARENETUS	false
64.233.185.84	unknown	United States		15169	GOOGLEUS	false
142.251.15.95	unknown	United States		15169	GOOGLEUS	false
142.250.9.94	unknown	United States		15169	GOOGLEUS	false
151.101.194.137	code.jquery.com	United States		54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States		15169	GOOGLEUS	false
23.36.68.10	unknown	United States		16625	AKAMAI-ASUS	false
107.22.247.231	unknown	United States		14618	AMAZON-AESUS	false
184.25.164.138	unknown	United States		9498	BBIL-APBHARTIAirtelLtdIN	false
104.17.24.14	cdnjs.cloudflare.com	United States		13335	CLOUDFLARENETUS	false
172.217.215.113	unknown	United States		15169	GOOGLEUS	false
172.253.124.99	www.google.com	United States		15169	GOOGLEUS	false
142.250.105.94	unknown	United States		15169	GOOGLEUS	false
142.250.105.95	unknown	United States		15169	GOOGLEUS	false
13.107.246.70	part-0042.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States		13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false
104.21.27.152	unknown	United States		13335	CLOUDFLARENETUS	false
172.67.172.36	dashboard.spamfather.com	United States		13335	CLOUDFLARENETUS	false
104.21.74.57	unknown	United States		13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428249
Start date and time:	2024-04-18 18:16:31 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Liftone ..pdf
Detection:	MAL
Classification:	mal56.phis.winPDF@31/58@16/188
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 23.36.68.10, 107.22.247.231, 18.207.85.246, 34.193.227.236, 54.144.73.197, 162.159.61.3, 172.64.41.3
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, p13n.adobe.io, geo2.adobe.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Liftone ..pdf

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.193906217137377
Encrypted:	false
SSDEEP:
MD5:	4783FFEB2A7AE4F552636D25CF47F394
SHA1:	EDCF2560C389C9BDC3AD26CCDD2879FC5D8090A5
SHA-256:	16E5C3337FFC70AEFBE04A7429B5B67F49F0F2B92ADD8EB23811E49AFB634B05
SHA-512:	4658440D6200BCD217CB2750AAD40B64258E0FD8F0CD32D678FF05D94D7FDB0BCE186E58A4FA4ADC8B35E2B8C5EC8EBB6D936DFE4F8AF007507E71A22A2DBD0C
Malicious:	false
Reputation:	unknown
Preview:	2024/04/18-18:17:04.989 18f8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/18-18:17:04.990 18f8 Recovering log #3.2024/04/18-18:17:04.990 18f8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.161684648259099
Encrypted:	false
SSDEEP:
MD5:	7D90EC8A88B860836F28845CA7EC13BA
SHA1:	76548DD0529502B8A3EABA725BE2249C3D98DE7A
SHA-256:	BD790418593513A5CA46651EC61C956B905B4F7C9368CB05151824888309C73E
SHA-512:	6C689601AAD82914433EAEEB905B9B7F65F6FE01813E1E2F23E54AF013B88D1171C9E88AA18EDD2E4CE1DAEE9E4D5A41909A5435096114AB7D0405FDFFBA14C2
Malicious:	false
Reputation:	unknown
Preview:	2024/04/18-18:17:04.879 1b2c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/18-18:17:04.883 1b2c Recovering log #3.2024/04/18-18:17:04.883 1b2c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3fcf2670-2d7a-48f8-b35e-7e53356ee444.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.983692302786362
Encrypted:	false
SSDEEP:
MD5:	99F60F872E7776ED390D9BF72A92917A
SHA1:	D25E06FB8CD7B6CB9F6643FAF6652AA62F10E182
SHA-256:	F2EB62F245701C0D5687B27D30A5ECB21762DC67A2DA2AECDE6509227BF2EF69
SHA-512:	CBA62BDCF561DE2EF0DCD860209C124869373A71ADE068D45B960284733263D4D9A9826AC0BAEF57849687A5E9E84E1427CC063C2C357D7061F35198064D0160
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358017036315693","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":105618},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\81981eb1-134a-47a6-b15d-e3656fd94179.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.953858338552356
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF47b721.TMP (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.224265483456842
Encrypted:	false
SSDEEP:
MD5:	8056F0411F9BC2D9EAA324BA4D2E7087
SHA1:	7F4765EFDC5A8D8117CB03A4E4A929FC9B858E5A
SHA-256:	0B79B7310C9AFAC6D88BA4F260565C5D08F881E96C69DF1BDA8FAC369E4544DB
SHA-512:	560B05EC711B4D1DBBBBEAA21FA8EB09A28F4985E418C8695E442F812000F8011FEF4DDA838CA37DC9A0035FDE045D1892B5D687F012124CDD07584D0818DA73
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.161794513344343
Encrypted:	false
SSDEEP:
MD5:	4357F2779AC08B3F9FA552144E8E69D4
SHA1:	A739A1928F4747A798512CA2189072963CA3FB3C
SHA-256:	7D3C3C07A96B0C24314295E560A734075B29D22C5DDC91E5300DDDF621CEBF4E
SHA-512:	1CB4A231AA319F421095C2F07B9D5914A0D003EE9D6A302497A7EBDAE1CC867BBF505C45DB8BE02A22F42C10E6D94F122639931DD5867E2E52A0FA2EC14CEFA1
Malicious:	false
Reputation:	unknown
Preview:	2024/04/18-18:17:05.020 1b2c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/18-18:17:05.022 1b2c Recovering log #3.2024/04/18-18:17:05.023 1b2c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240418161708Z-163.bmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.26907083035639
Encrypted:	false
SSDEEP:
MD5:	3B56FF93BBF148C3CA52F9B26F9B866F
SHA1:	23E85C5D21B3C28BF999359954E2D294C87EF981
SHA-256:	DE3A12FA87B4204A1725D81065804E1C425CF28A143FE3AC67432B53C9B172E0
SHA-512:	490629F8C50ED37B1F352AFAD95E5A4970A394D9602F84EA541B611AC3F1E251DAA033387910A49DA4CCC2D790A8E67580399B0356D457CCD63E27869E28D245
Malicious:	false
Reputation:	unknown
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.2152251553610804
Encrypted:	false
SSDEEP:
MD5:	E49864340E53046178278D607E80E7F6
SHA1:	3BAA19F1B0D2A3C88F223DD4B1E05CD60C03EBDD
SHA-256:	E7E41E59E2BE900445D884597B82915C41A8981AEAF6B91C65CBB0E799FAD699
SHA-512:	349D19B794419546C4970ED4AB660DF8311B0B718944D7759E5CF943DA342DE64A569077A81130478D978A73219E51C5D9DBBDBB674B50FD873010F2644FBEE5
Malicious:	false
Reputation:	unknown
Preview:	.... .c......3..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6732

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.362519164069989
Encrypted:	false
SSDEEP:
MD5:	4FDD9B2CC6805110E51FABE4628133C0
SHA1:	C933C1672D532055649C22A321CEAF97EACB819E
SHA-256:	C4E817FC67C8862FB4712D4CBDE40D0CD72B6C87244C82CCAB78BE50526E195B
SHA-512:	C16E1048EE76790E8FC5C2BFB4CD6F26A5D0DC4E42FC3037928502F89825A585FFF8B4E9D94052675D6ABBF36891FBD8C4A58EC8239D520B5042530DFAACB43C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.309933313540795
Encrypted:	false
SSDEEP:
MD5:	083E2ADB9BE6623D8D165D02F2B9E924
SHA1:	C6D261D4F745883132D875BA76CFEB5E60DD1726
SHA-256:	400865BA260162495B7C87D5D8D0B31885D2B1E519FE0E855788D6DFAEBBD1F8
SHA-512:	807510DAC8DC14750A718901D5BDF46CEBDECBE128B3563104E4F0A0B8E61F64ED2500FDB39D331831A1FC61A9DA19216409E9E05D41051243878DE08F35097C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.289201107455465
Encrypted:	false
SSDEEP:
MD5:	F5D3A40B46BDB2ED44CF5F80C2DD8834
SHA1:	4AE2497249FAC265E313F25D0762515F4C206211
SHA-256:	062D2B97987ECC2763CFC4078875CB3E3A502E2EB0863C61FBF0A0935BBBB149
SHA-512:	AE62F78A2BD95CBA6164FB8B3F43658B866FC08325FB10CD432851D04C46485209C0F90BEAC04CF7A28CB1AAFCB0FAAF96B1FD9FE8E5370F02BBB7F2D2F1E561
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.350869730977749
Encrypted:	false
SSDEEP:
MD5:	54C0FCA89732624971E339D1B25B7370
SHA1:	C604ECB3635E18DDE897DA59E4B1968DD5255BE8
SHA-256:	32077FDD64400FADCD48A87A19127DED484A686C4EC77D8F8D174B2646791757
SHA-512:	10BB595874A174D48174C57C89392555609FF5590F2B5CDC7DECF5E8BFCAA092F1D01621F55CD740EA5798253F502FDFC88A1F8C561C234925194DAC6C56542D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.31041957509964
Encrypted:	false
SSDEEP:
MD5:	BA6A53D334D5873F6EC7EA1D0DFCD821
SHA1:	CD003D2842F050BE3D6092321F27F79919888B1A
SHA-256:	A5A7FDC01B8DDDD93B10033976AABC12194E3F83764AC9693501762FF05334F3
SHA-512:	641DA90159A41EA32220776BF41E29894C922C3ECB165136A5486F02E1D2CCE8033B73683E8EE6FDAE31D0360FD68968BF62399E001AD206F118FD39419EC2CB
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.298087870155144
Encrypted:	false
SSDEEP:
MD5:	25830B912E8CC9DEF8CD5F43119BC6FE
SHA1:	855B1C1179F159A8920B2FBD0B1B471400D79F0C
SHA-256:	1A9FDD3E617D0B1B3C9B229146D3644DC727C19085169941C7BA5B9B6F5B23D3
SHA-512:	777A8A0FAE1B48A8B9E7AFFE9338096DE456DF08BE795461CD6B895B8121476445FDA7BD02E229552DE6748D69A7E06EC535CF383C546DD3E72551D62CEA18AC
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.300775940134354
Encrypted:	false
SSDEEP:
MD5:	50C11E38F2597C92B9C9F50457C5A694
SHA1:	139B0A29E0B25864CF39E6D2A80F74C88C976014
SHA-256:	A3636A783F356E62354A37E5FBDC54C5AA8CC3AA6ACD6722908D81EF7597971F
SHA-512:	EAA5898EA599BA0694B551ED228EF6D08EB326A12C92387C64962DE366654CED7D3E6D02739389AD6F1CFE3707568EEA93D3D71CA9001741AB3772F592DD3490
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.307896086168297
Encrypted:	false
SSDEEP:
MD5:	ED0262883E52B01BFDB570369227F425
SHA1:	4C272D1C09757171D703823BC9C9D1BA3D0F146A
SHA-256:	150FE0B9A1F748A302EDB93BAF70460FAF214C08B7D69FD06F19D9F0F8EFAD50
SHA-512:	A6A9D86B635125556242B83AF45166FDEA83605228243DC96D2F8781B429FA196EAF4371C1AE2AE4E7E60130024EE01EEC13B93E63A07A6BA81B3FBCB44F9887
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.737697831008116
Encrypted:	false
SSDEEP:
MD5:	CE2C94A688C2BAB25B39905D0B259DAD
SHA1:	7F97DE18ACCB6091AFC6B0B0397F4C95C82088E7
SHA-256:	83C6A8308002FB77AA886270660F976D386BD582C33DDF6F609CBBA2257408CF
SHA-512:	C05B7570B2551E1B1ACE8FDC8E3EECC98F7A6FAA6D79B5E348AA6EE7A9EDF13668528FB41D6CF04EE2C64BFCFF69F79C7EA534A74A3CE86E9DC5AB4D06CA05D3
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.303601035717579
Encrypted:	false
SSDEEP:
MD5:	4053F03E968E801E365014682D1D77A8
SHA1:	01AEBE22D9C1D30983F21665BC18DA0BC623AA8D
SHA-256:	D153CC0F39B3AF32E2936F8E9EEAD62C0C92B3E2B96EEF18152EACC4142E9E2F
SHA-512:	474500571D5B09FEF5910759D2A42034A90F30BA268A1D07BC23BF0658B202063DAF1577A3194AE69AF8D3975311A656D43BF639C66AFF51BBB0E57C751B578A
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.77117215212348
Encrypted:	false
SSDEEP:
MD5:	683887C9B0987E8F78EE87D497A35DC1
SHA1:	17DF5867F59D581CE909D0BDE0CF9D8503A40CA0
SHA-256:	C210B194B1CE6BB8DCB48B810D8D6351E62772D05FDC1A299D2FFE02FB594CE6
SHA-512:	C7C9FF306494471F64D3D922EB2D34E1172BBB452873BFD44FE08BED9060BD575DAFA70CA0304BBB6D192377695B4AAB602EB105E80678500ED1055CD7F150A3
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.287123384005067
Encrypted:	false
SSDEEP:
MD5:	1A61EE420518C37D45B56348795EA4F0
SHA1:	0BD536B19B9897AEA0F7E8CAB57A84E89B5C615F
SHA-256:	614C09CB1587A26C9F9306C5CDFFCEA27299B91610E5D09E4A85681FBFAF29F2
SHA-512:	89AC2869DD7D75D04B813C2A0B4A0C56E71FF8F01F9E1E29D7F5F29E7DE3CA3129EE4F5DE9F5D2ACA2DE7A219A189480F640C10A004B0B1E13E5A5EFB5005A89
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.29085041361751
Encrypted:	false
SSDEEP:
MD5:	00A401F9A3169071D7CA6A730C6F93A6
SHA1:	DB49B4547006C79EBC477853B47B5F7AC088FFDE
SHA-256:	866E19D759ADB0977FBBE1CCE99D4F43D69260DEA233FFDEAF33A779C029E429
SHA-512:	98FE1EBE386571560B33B0EECB5C9BF1C4FC9C6320BBF232650D37541BD5355E0BA4C1B43A6EE2580E9C357AB290F0AD42CCFD23E11767CBAA59C56D06A22D0D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.3107136420008505
Encrypted:	false
SSDEEP:
MD5:	4335BCD2A955713517377A4CEBEB79C7
SHA1:	C332C6C7977B01056C201DA827022E4B68338CD6
SHA-256:	28783425E759DA825D067294BF3689D167E4714C84132ACE1D152C6A932528CB
SHA-512:	5DEE256885324CBA29EAA8EBAC0485D843329FB4C99C76E7694993D2D04CE3EFCA1747B2A52F2D8FD5ECB44BD1C0BA55A5410A8AFE190BD7152EFCA3549E33A8
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.267500233374508
Encrypted:	false
SSDEEP:
MD5:	770239EC1B1BF88F0341DFD4D1719109
SHA1:	C6350F49646682A3261B520834D66298D970ADDF
SHA-256:	D4A78C0367873E2156CB0A460DBC9335E02571FA0BE9F478671EEDB920D92B52
SHA-512:	54EFCA0E6D2C10F547B07AF3D2F635A5090A824023E1B13B1759EDA616463B3EFC5E944C2412AD86FEE62CB186498B5807024A3B2DFBDF09D298F46B10177358
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.361774325872741
Encrypted:	false
SSDEEP:
MD5:	29F8DC1A80EA906F2126337B5388C0C4
SHA1:	BFD4F71B5FF2BCF64D9EC76161561D0B257D494C
SHA-256:	4C5A30FC68F249C3DBDFBA7961DE7F3BA96D253CCE085D12BE448BD1B41A16CE
SHA-512:	688EF2DDB7BC9FE21726CF03402E91B7BCF1DF786CEA294F922B8528DA1C766DBF8984CB1245CD8DCAB909C81DB0655EF5828302BF4D37B9CC1EF7EFD8385FCC
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"5a933d02-79a2-40ec-aef8-94410081580e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713635798982,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713457029023}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.1406405984230705
Encrypted:	false
SSDEEP:
MD5:	3F804B89896876FA17D4E77D4C55B312
SHA1:	0A6F9B2074184B594F12C3C98654D7E3A58C6845
SHA-256:	D5E139508D620B22128C41B8953AAAC9038C884F94DDFD92119BD41EA78E387C
SHA-512:	8FD9679966D64582A562CE366206495D8D581329A08167C05C81E556509D3008621F0065AACD653966D3C7447F52821A569288452E01D7D0D66E208001B23D03
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"c8ff39eb66015425b1b04661dde3f601","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713457028000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a79824f20e8ea2aae18686d55b6d2ac8","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713457028000},{"id":"Edit_InApp_Aug2020","info":{"dg":"88d33d5e8e3f8ac37a74c6f6de28e213","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713457028000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"363c0e178e04ad84cfae583f17894f96","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713457028000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"78ae7b103f9ec58fa11a29c712be0c84","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713457028000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"8b2950b0386c2fa0350566ff9ab10595","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713457028000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9874856172652001
Encrypted:	false
SSDEEP:
MD5:	98506EF0AAA61A5BD2E4361AA4C1D638
SHA1:	59AC132E021E3D312DF5B1570A712AE7746FE95B
SHA-256:	C2B27DAC1B481FD5A023E00B02F5287D5A1966B1140FE7C7642E94D50E6DE241
SHA-512:	3333B138B9F2C2F6B77B802146ECB75C213038335864A174FFB3ECEE1E184B32CB05C9073DC2525AB1DCAA38349ED15B27893D6901C650A00F2162DFE01FABD1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3423142784559587
Encrypted:	false
SSDEEP:
MD5:	D1716501B88A868247D63EF41E4DFFC2
SHA1:	53EE98F9D6EF85BE8D1B65D9F89D03F3E6D0427E
SHA-256:	F3DCFF755A02CEABD7CBE3FA13EEFE6B58EDCF2D0F937995F02192127651D22C
SHA-512:	EC0175CECAD11542DF682BE883A097DF250612C5256D71BC291D621CBECDD50948B4C9E71EF8D6E78B6307F44FF00D6FA6F95EED91CFB7D74FFBB86F4CBAB8A5
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....D.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI6aaa3.LOG

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.499838153709142
Encrypted:	false
SSDEEP:
MD5:	05240A60EF483E381FBEB9B20B0B3C77
SHA1:	CF7B417ED93320E4F1C620CF72640A3B7687BE07
SHA-256:	78CC8541FEA2E18A0A4611BF0EE3DB28A7DD95D6898E446FF5A078DD5D0A59AA
SHA-512:	B9615F64E4FCAFC3BE7746348A007CFEF28D41B99248EB9310BC5EF8D63C9009B43DCCEF2D7A1E0A7979620C70AA587CFF2DD2896202197B5EE94B200B2583DE
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.8./.0.4./.2.0.2.4. . .1.8.:.1.7.:.1.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-18 18-17-06-581.log

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.421239123137467
Encrypted:	false
SSDEEP:
MD5:	E28E9031ED06B9B669D0247143BA8477
SHA1:	75823ED7E01EA583E44AD1EE0064FAD97F5A126E
SHA-256:	7CA3A539D4E5AC25A76373794AD02D7B4393314A2AE222CE5C2F14AEBFF04425
SHA-512:	DBE13CBA393C8AB5C9E5176DBA0D5F2BA3819E74F14A7C37D43C488CE5F79A52B724CAD41BC8DBA5CDD214200AF7FD914BB6B64E6EE0431A6188007000409B13
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\72924dba-dc29-4722-b4a6-355abeaea7ea.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\782fb5c9-ad23-4488-8dd4-0dc9d49c7e3e.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\7e7aab82-895f-4863-8137-87e76f94ef80.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	22B260CB8C51C0D68C6550E4B061E25A
SHA1:	DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E
SHA-256:	DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0
SHA-512:	503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\ef81e8be-a043-4932-9f59-3b5cd8e6d19a.tmp

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	F4058A9619A8A6E9B90852CDC593A3A5
SHA1:	97C7CD56D5DA56FC9AB8AA04EB5704178B017310
SHA-256:	237014787D4547E2418AF2D490AD45AFBF7893AAE2F655AA6ABB91CA21EF11F6
SHA-512:	A05060A3184A9F2043AD043A24909361DF0A65F12767784EBF5E8B5A86FBB909CBCE0DAB5C2705DA59DA84748B604ADE7F00D11B97FD87DBB5383AC9096A1203
Malicious:	false
Reputation:	unknown
Preview:	...........]..8.}. .)."{g.-.}plw.A........,..Y.tI.g.....)Q.H..'p#p`.U.S.H.)....e....a.><..w.....Dw..9.0Y~.......1.._......j.....Oh.q.\,....tn.....w..i.f..?A../.h.D..........n^......M..w......C....!..4.........w4q..F.1I.!A....(.........TN..'8...Q.........^...za..0Hm/.....{.....\....' ..1..0.qzD........'Y...... .m..8Bh... ...4...z..}.9..Lqp..M \Xe......Q..0..+C.B.4Ijm...o..co..q.d.~.8...\/.4.]....8...1.].D....K.\|...hp\..... .ch.....\.g..Qpf.{N....n<......'.....KS(.k..$Q.R...6..'.....7.!....{.....b....C.v~...x...FO^..O.d.>'>...........&.. ..WR...6...^.D..A...d1\|..F.g..g;.\...m..V..0..le.......4J..p.(..l'.....n_........n.0..P...Y.KJ.S.B.><.\C.}..~....,..k..V....XI#w..B..Q.B...t..\.lB;&!.n.(._=..>...+..a.......N.X{.{..ly.$V......@..E.....R.j.x[..V.....Ij.....mQ....-D....U1..J...F+.%...6.g.T.....X....(...w...8a..\1..^z.6...@R....l.i.A..,.......o..~^bM.E..qW^?.......!..)u.(&*.v....."c.H..Pp..uy...DP8.m3.:T..U=............0-~.B..w...D..'

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 15:17:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.988519080732302
Encrypted:	false
SSDEEP:
MD5:	A380A51696500E65686DD91A7AF04C73
SHA1:	6BDD7366E21F95440A84D482123317610D1D1AC3
SHA-256:	C67CFC328391F6891650027AADE366ED9B04CE80F2809A96367AAA91EC60AC28
SHA-512:	E5812CC0164C3C33351943C87D6B21B2BEB3331A5C427267984FB13B11837F8E23FF3E16CF56A3DC38BBCC45D41FC19A11E0F464C60B1A8D49C72740E4A9FB00
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....]q....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X6............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Px......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 15:17:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.004234807683469
Encrypted:	false
SSDEEP:
MD5:	E9224C1C3BB0FE9D9212EA7DE68311BF
SHA1:	C069834A2CAB2AB31430FA88EEE16BB5C8934D51
SHA-256:	E91EF5055B3C811183024F3E678C2E5CF2B578BB531668A7914F3100E36EFE5E
SHA-512:	59B23E39B2BF5BC30B71AEB431AF8CBB332B540972C6441A694D4479DBC2E3DBE22445380016BE738E700F6E15D1D4BD3880FA64AE2B22AC111BFC7F03EADD75
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....?....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X6............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Px......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.009948878523068
Encrypted:	false
SSDEEP:
MD5:	C8F604F52B70F674154664BA099092AA
SHA1:	E457E3D213BA4E4DBB28F13B0ED7461D40F40D20
SHA-256:	1B5EBD02BFB5B5E029DEAFE56440EDA45D4B62B413104421725B1AF5AA37E5AC
SHA-512:	A091561977B4AAAB9BCA1275198C81F881674EAAAEA7D479871A31894AA712647B2D96DD61831B160D47C1F2BA83EF88DED4DB391FF9D28EE9120EB5AC09534B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Px......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 15:17:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.0040726157640565
Encrypted:	false
SSDEEP:
MD5:	7D958A884753B0E9C362625B2FB7A8D7
SHA1:	31C4C1CFA091018721CE5B5B305A8605BF445261
SHA-256:	CF0683E57E3E56421473715026C1DA073E8A2D5191D51D9F1D0347F65338DC9E
SHA-512:	1F0D669963E48E1ECF4433E4D964098DC243547F6737FCFD3060B92802684557F8B4AB74281567DB92DD71326491FE9C047BF58C5415597EBA3C9021A94DBF4F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X6............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Px......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 15:17:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.991698605929537
Encrypted:	false
SSDEEP:
MD5:	83DBEE9918E2B151CBBC9AB4B3A11F4C
SHA1:	8C57BCE7F51E91A0913286EF6542BFA55C4A0A96
SHA-256:	85253BFF29CA796DE0DBFC5BE151F93D1331DC5C49A023E29ED0DCD2E790D242
SHA-512:	7497774E3CE6B66554F9E30573A45B2182148C346E84899E9811E2793D90D1A9752030054214823B400D6E16A5A42343B606F386F98818B7227B319889A16F08
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X6............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Px......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 15:17:43 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.002022484352761
Encrypted:	false
SSDEEP:
MD5:	EF3E42496B774974D63995EBB5ED9BA1
SHA1:	171FC410157BF646CFED4A77F22E68C3D15585B1
SHA-256:	7377908BEF0A47DB3CB5CCE98539B3CA5981099894F4FA08E41B906568DDE804
SHA-512:	340E8B835BDFAD10FA87BB516EA4B784EA2779C8940BC0FA5DD9979C103FB4A996A76F498849C39960C7E29C15B98363243CB674B15EFCAD03A3C197F7BCF0BF
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......w...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X5.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X5.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X5............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X6............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............Px......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 177

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
Reputation:	unknown
URL:	https://roads.dentistsinchattanoogatennessee.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 178

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	unknown
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 179

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1238)
Category:	downloaded
Size (bytes):	1239
Entropy (8bit):	5.068464054671174
Encrypted:	false
SSDEEP:
MD5:	9E8F56E8E1806253BA01A95CFC3D392C
SHA1:	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728
SHA-256:	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
SHA-512:	63F0F6F94FBABADC3F774CCAA6A401696E8A7651A074BC077D214F91DA080B36714FD799EB40FED64154972008E34FC733D6EE314AC675727B37B58FFBEBEBEE
Malicious:	false
Reputation:	unknown
URL:	https://roads.dentistsinchattanoogatennessee.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Preview:	!function(){"use strict";function e(e){try{if("undefined"==typeof console)return;"error"in console?console.error(e):console.log(e)}catch(e){}}function t(e){return d.innerHTML='<a href="'+e.replace(/"/g,""")+'"></a>',d.childNodes[0].getAttribute("href")\|\|""}function r(e,t){var r=e.substr(t,2);return parseInt(r,16)}function n(n,c){for(var o="",a=r(n,c),i=c+2;i<n.length;i+=2){var l=r(n,i)^a;o+=String.fromCharCode(l)}try{o=decodeURIComponent(escape(o))}catch(u){e(u)}return t(o)}function c(t){for(var r=t.querySelectorAll("a"),c=0;c<r.length;c++)try{var o=r[c],a=o.href.indexOf(l);a>-1&&(o.href="mailto:"+n(o.href,a+l.length))}catch(i){e(i)}}function o(t){for(var r=t.querySelectorAll(u),c=0;c<r.length;c++)try{var o=r[c],a=o.parentNode,i=o.getAttribute(f);if(i){var l=n(i,0),d=document.createTextNode(l);a.replaceChild(d,o)}}catch(h){e(h)}}function a(t){for(var r=t.querySelectorAll("template"),n=0;n<r.length;n++)try{i(r[n].content)}catch(c){e(c)}}function i(t){try{c(t),o(t),a(t)}catch(r){e(r

Chrome Cache Entry: 180

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19015)
Category:	downloaded
Size (bytes):	19188
Entropy (8bit):	5.212814407014048
Encrypted:	false
SSDEEP:
MD5:	70D3FDA195602FE8B75E0097EED74DDE
SHA1:	C3B977AA4B8DFB69D651E07015031D385DED964B
SHA-256:	A52F7AA54D7BCAAFA056EE0A050262DFC5694AE28DEE8B4CAC3429AF37FF0D66
SHA-512:	51AFFB5A8CFD2F93B473007F6987B19A0A1A0FB970DDD59EF45BD77A355D82ABBBD60468837A09823496411E797F05B1F962AE93C725ED4C00D514BA40269D14
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Preview:	/. Copyright (C) Federico Zivolo 2017. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=getComputedStyle(e,null);return t?o[t]:o}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll)/.test(r+s+p)?e:n(o(e))}function r(e){var o=e&&e.offsetParent,i=o&&o.nodeName;return i&&'BODY'!==i&&'HTML'!==i?-1!==['TD','TABLE'].indexOf(o.nodeName)&&'static'===t(o,'position')?r(o):o:e?e.ownerDocument.documentElement:document.documentElement}functio

Chrome Cache Entry: 181

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 1920x1080, components 3
Category:	downloaded
Size (bytes):	17453
Entropy (8bit):	3.890509953257612
Encrypted:	false
SSDEEP:
MD5:	7916A894EBDE7D29C2CC29B267F1299F
SHA1:	78345CA08F9E2C3C2CC9B318950791B349211296
SHA-256:	D8F5AB3E00202FD3B45BE1ACD95D677B137064001E171BC79B06826D98F1E1D3
SHA-512:	2180ABE47FBF76E2E0608AB3A4659C1B7AB027004298D81960DC575CC2E912ECCA8C131C6413EBBF46D2AAA90E392EB00E37AED7A79CDC0AC71BA78D828A84C7
Malicious:	false
Reputation:	unknown
URL:	https://roads.dentistsinchattanoogatennessee.com/signedbox/images/bg.jpg
Preview:	.....Phttp://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about=""/> </rdf:RDF> </x:xmpmeta>

Chrome Cache Entry: 182

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	32
Entropy (8bit):	4.390319531114783
Encrypted:	false
SSDEEP:
MD5:	EB3CE3190D8A58E048D35E620747D3A5
SHA1:	76B5B6461189F839B018EF5C785DB4836B818B7D
SHA-256:	2D670E2962D8D805B95912CACA0822CE7C6913636BA40373C6E6AEA73CAC8457
SHA-512:	08F9C680B09CC25919A91F8E080CFC517F7354F49759DDC8CF6FFEB5ADE2E46F80A866E7531B6EA97188A5E4647093350F91ED51254351C47BCE3488EF88A595
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkEG-dxYufS8BIFDa0JrrESEAm9nAbcJ9d1jRIFDUPzdjk=?alt=proto
Preview:	CgkKBw2tCa6xGgAKCQoHDUPzdjkaAA==

Chrome Cache Entry: 183

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1293
Entropy (8bit):	5.448893852817212
Encrypted:	false
SSDEEP:
MD5:	CBA4ED6C809962AC6C2A26842183B67A
SHA1:	3F8E077AFC8EF5BAB7FA626EA782DAE34D419BBE
SHA-256:	AAE65C231008861C6430EBE296C926E728C4D2CCB1492F86E42D760E9B67D9A5
SHA-512:	84894B90DDA3CA3487F3E4F87F8244C78BA726331AC3EA290F6BD64830B0A21856A42333CC4EDBBF23DC2F063C53AD71B3F41864275D874AEBD37C198AE1CBE0
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap
Preview:	/* vietnamese /.@font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rHmsJCQ.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./ latin-ext /.@font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com/s/archivonarrow/v30/tss5ApVBdCYD5Q7hcxTE1ArZ0Zz8oY2KRmwvKhhvLFG6rXmsJCQ.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin */.@font-face {. font-family: 'Archivo Narrow';. font-style: normal;. font-weight: 400;. font-display: swap;. src: url(https://fonts.gstatic.com

Chrome Cache Entry: 184

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (48664)
Category:	downloaded
Size (bytes):	48944
Entropy (8bit):	5.272507874206726
Encrypted:	false
SSDEEP:
MD5:	14D449EB8876FA55E1EF3C2CC52B0C17
SHA1:	A9545831803B1359CFEED47E3B4D6BAE68E40E99
SHA-256:	E7ED36CEEE5450B4243BBC35188AFABDFB4280C7C57597001DE0ED167299B01B
SHA-512:	00D9069B9BD29AD0DAA0503F341D67549CCE28E888E1AFFD1A2A45B64A4C1BC460D81CFC4751857F991F2F4FB3D2572FD97FCA651BA0C2B0255530209B182F22
Malicious:	false
Reputation:	unknown
URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?e(exports,require("jquery"),require("popper.js")):"function"==typeof define&&define.amd?define(["exports","jquery","popper.js"],e):e(t.bootstrap={},t.jQuery,t.Popper)}(this,function(t,e,n){"use strict";function i(t,e){for(var n=0;n<e.length;n++){var i=e[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(t,i.key,i)}}function s(t,e,n){return e&&i(t.prototype,e),n&&i(t,n),t}function r(){return(r=Object.assign\|\|function(t){for(var e=1;e<arguments.length;e++){var n=arguments[e];for(var i in n)Object.prototype.hasOwnProperty.call(n,i)&&(t[i]=n[i])}return t}).apply(this,arguments)}e=e&&e.hasOwnProperty("default")?e.default:e,n=n&&n.hasOwnProp

Chrome Cache Entry: 185

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	153
Entropy (8bit):	4.903392883614388
Encrypted:	false
SSDEEP:
MD5:	C73BFB3D2FEBE6A8B37A1B76D39B164D
SHA1:	71037FA792E298C52F77870A3214775DC8D67834
SHA-256:	FA6B47916793235789A40DF7E5ABB3F219BE7C3BE0C88B41E915A302E86B7BFE
SHA-512:	5F09134ED1E41852910E21A1FD9638A9C6378A99BB1A1ECB8CC27D21529C2FE7F13B9B4896D164C1BAFB95F3D5F45F9BE7F1B6C1E5F4D3A300127B39E3C49F63
Malicious:	false
Reputation:	unknown
URL:	https://dashboard.spamfather.com/web/site/go-back?token=9704A-4FC48-AE885-98DCB-DCDF5-7F3FD-EF-16-81851-875&usr=
Preview:	{"error":{"code":6002,"correlationId":"8988024a-bd01-4af0-8a95-768469f00312","timestamp":"2024-04-18 16:17:45Z","isFatal":true,"message":"AADSTS165900"}}

Chrome Cache Entry: 186

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (54456)
Category:	downloaded
Size (bytes):	54641
Entropy (8bit):	4.712564291864468
Encrypted:	false
SSDEEP:
MD5:	251D28BD755F5269A4531DF8A81D5664
SHA1:	C0F035B41B23C6E8FAB735F618AA3CFF0897B4F9
SHA-256:	AFDC6BF2DE981FFD7D370B76F44E7580572F197EFBE214B9CFA4005D189D8EAE
SHA-512:	8111F411C21C6011644139DBA4EF24D1696C0F6D31E55CE384E0353A0F3E65402170C502BDDF803C3DF9149C371B31C03F77BE98FDBC61C0C9C55AFBE399681F
Malicious:	false
Reputation:	unknown
URL:	https://use.fontawesome.com/releases/v5.7.0/css/all.css
Preview:	/!. Font Awesome Free 5.7.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */..fa,.fab,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-lef

Chrome Cache Entry: 188

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	271751
Entropy (8bit):	5.0685414131801165
Encrypted:	false
SSDEEP:
MD5:	6A07DA9FAE934BAF3F749E876BBFDD96
SHA1:	46A436EBA01C79ACDB225757ED80BF54BAD6416B
SHA-256:	D8AA24ECC6CECB1A60515BC093F1C9DA38A0392612D9AB8AE0F7F36E6EEE1FAD
SHA-512:	E525248B09A6FB4022244682892E67BBF64A3E875EB889DB43B0A24AB4A75077B5D5D26943CA382750D4FEBC3883193F3BE581A4660065B6FC7B5EC20C4A044B
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.3.1.js
Preview:	/!. jQuery JavaScript Library v3.3.1. * https://jquery.com/. . Includes Sizzle.js. * https://sizzlejs.com/. . Copyright JS Foundation and other contributors. * Released under the MIT license. * https://jquery.org/license. . Date: 2018-01-20T17:24Z. */.( function( global, factory ) {..."use strict";...if ( typeof module === "object" && typeof module.exports === "object" ) {....// For CommonJS and CommonJS-like environments where a proper `window`...// is present, execute the factory and get jQuery....// For environments that do not have a `window` with a `document`...// (such as Node.js), expose a factory as module.exports....// This accentuates the need for the creation of a real `window`....// e.g. var jQuery = require("jquery")(window);...// See ticket #14549 for more info....module.exports = global.document ?....factory( global, true ) :....function( w ) {.....if ( !w.document ) {......throw new Error( "jQuery requires a window with a document" );.....}.....return factor

Chrome Cache Entry: 189

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (44749), with CRLF line terminators
Category:	downloaded
Size (bytes):	259986
Entropy (8bit):	5.1376199523115975
Encrypted:	false
SSDEEP:
MD5:	E5B092EBE9C62DDA644B20CFADAAD465
SHA1:	6536141EC59052BABF125B92163F29D2A76A2DFD
SHA-256:	04FF1AA0D349B007653F0BF27D4E707000E6D6D8D17AF49FA062A5DB1663F71C
SHA-512:	45BB0FD16588C9F4708B0B0E7F7A6B7C808717C1C0178E4F5DC8FA46F347E6E7ADD91A5E647034B52A20D4AABD8B47D1879181A9BE5B8E3536517F8FF3E3EB56
Malicious:	false
Reputation:	unknown
URL:	https://roads.dentistsinchattanoogatennessee.com/signedbox/
Preview:	<!doctype html>..<html lang="en">....<head>.. <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>.. <script type="text/javascript" src="https://code.jquery.com/jquery-3.1.1.min.js"></script>.. <script type="text/javascript" src="https://code.jquery.com/jquery-3.3.1.js" integrity="sha256-2Kok7MbOyxpgUVvAk/HJ2jigOSYS2auK4Pfzbm7uH60=" crossorigin="anonymous"></script>.. Required meta tags -->.. <meta charset="utf-8">.. <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">.. Bootstrap CSS -->.. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css">.. <link href="https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap" rel="stylesheet">.. <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.0/css/all.css" integrity="sha384-lZN37f5QGtY3VHgisS14W3ExzMWZxybE1SJSEsQp9S+oqd12jhcu+A56Ebc1zFS

Chrome Cache Entry: 190

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32012)
Category:	downloaded
Size (bytes):	69597
Entropy (8bit):	5.369216080582935
Encrypted:	false
SSDEEP:
MD5:	5F48FC77CAC90C4778FA24EC9C57F37D
SHA1:	9E89D1515BC4C371B86F4CB1002FD8E377C1829F
SHA-256:	9365920887B11B33A3DC4BA28A0F93951F200341263E3B9CEFD384798E4BE398
SHA-512:	CAB8C4AFA1D8E3A8B7856EE29AE92566D44CEEAD70C8D533F2C98A976D77D0E1D314719B5C6A473789D8C6B21EBB4B89A6B0EC2E1C9C618FB1437EBC77D3A269
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.2.1.slim.min.js
Preview:	/! jQuery v3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_evalUrl,-event/ajax,-effects,-effects/Tween,-effects/animatedSelector \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1 -ajax,-ajax/jsonp,-ajax/load,-ajax/parseXML,-ajax/script,-ajax/var/location,-ajax/var/nonce,-ajax/var/rquery,-ajax/xhr,-manipulation/_e

Chrome Cache Entry: 191

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 192

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65325)
Category:	downloaded
Size (bytes):	144877
Entropy (8bit):	5.049937202697915
Encrypted:	false
SSDEEP:
MD5:	450FC463B8B1A349DF717056FBB3E078
SHA1:	895125A4522A3B10EE7ADA06EE6503587CBF95C5
SHA-256:	2C0F3DCFE93D7E380C290FE4AB838ED8CADFF1596D62697F5444BE460D1F876D
SHA-512:	93BF1ED5F6D8B34F53413A86EFD4A925D578C97ABC757EA871F3F46F340745E4126C48219D2E8040713605B64A9ECF7AD986AA8102F5EA5ECF9228801D962F5D
Malicious:	false
Reputation:	unknown
URL:	https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Preview:	/!. Bootstrap v4.0.0 (https://getbootstrap.com). * Copyright 2011-2018 The Bootstrap Authors. * Copyright 2011-2018 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},::after,::before{box-sizing:border-box}html{font-family:sans

Static File Info

General

File type:	PDF document, version 1.7, 1 pages
Entropy (8bit):	7.910035354793396
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Liftone ..pdf
File size:	108'188 bytes
MD5:	6cadac337776aba6aa6946d42f92a840
SHA1:	b8751f2c08df20b3294752afa5d7cc00a7812e55
SHA256:	8e62130c954dedb2e0ce62e3a007384ffa8101bb2d9144d955dde46488743c89
SHA512:	d45b1f6e874141f8d0e317909ea1cfc53c9b0eba5c8c60533271f2195af6919e808835c59d2aeab663756b9510f48b8c58f730cf35a92a3cacdb3e1a8920b2ac
SSDEEP:	1536:H9ocyr0ElFrurTS87ftAYH9Svfjpd2fCyesKJhXK6D80HDxUmvRDISK7LiVCjv:H2cyjdMTSeUp4ChswhX9D8i22kb
TLSH:	0AB3D085845C0D9AE063862A6B735FEB787DB3A7A2C490C43BCC565347C4F66F12261F
File Content Preview:	%PDF-1.7..%......1 0 obj..<</Type/Catalog/Pages 2 0 R/Lang(en) /StructTreeRoot 17 0 R/MarkInfo<</Marked true>>/Metadata 43 0 R/ViewerPreferences 44 0 R>>..endobj..2 0 obj..<</Type/Pages/Count 1/Kids[ 3 0 R] >>..endobj..3 0 obj..<</Type/Page/Parent 2 0 R/R

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.910035
Total Bytes:	108188
Stream Entropy:	7.926811
Stream Bytes:	103294
Entropy outside Streams:	5.272483
Bytes outside Streams:	4894
Number of EOF found:	2
Bytes after EOF:

Keywords Statistics

Name	Count
obj	22
endobj	22
stream	11
endstream	11
xref	2
trailer	2
startxref	2
/Page	1
/Encrypt	0
/ObjStm	1
/URI	2
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
5	a2a2a0a0a2a2a2a2	b7c17e385aef17ecff9e57dc6f63e41f
6	a280a2a2a2a280a2	01db9e9ad35d8459d68fdbab9d0eac3a
11	405a525a57ba9980	23a653b81f770be1d154c61a4d6971b4
12	515a525a57ba9980	532d7f9f447a46da5b8049ef0839fdb7
14	c2d8f2cdcdc0dad2	87f052cf8f7abbeec6cfb61d89e6e545