Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
-Case-id-#w93g94yv.pdf

Overview

General Information

Sample name:-Case-id-#w93g94yv.pdf
Analysis ID:1428757
MD5:54fd20605867341c1a6183ce4faeb9ee
SHA1:10be5548a1cf5806813867f67154456db14c5d57
SHA256:3506380ccce8d18245c05fd5070db2c22a78aa98e709cebf3971ae9a3eb4ffcc

Detection

HtmlDropper, HTMLPhisher
Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Html Dropper
Yara detected HtmlPhish10
Phishing site detected (based on image similarity)
Phishing site or detected (based on various text indicators)
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML title does not match URL
Invalid 'sign-in options' or 'sign-up' link found
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 5948 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\-Case-id-#w93g94yv.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 940 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6208 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1568,i,2654893312615149647,8349596810252708961,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 7496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://public-usa.mkt.dynamics.com/api/orgs/1444fd8c-9cfc-ee11-9f85-6045bd059025/r/Gs3gXYd-uUyabg0OyhCkmAEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fassets-usa.mkt.dynamics.com%252F1444fd8c-9cfc-ee11-9f85-6045bd059025%252Fdigitalassets%252Fstandaloneforms%252Fef5ac49e-32fe-ee11-a1ff-000d3a3b0220%22%2C%22RedirectOptions%22%3A%7B%221%22%3Anull%7D%7D&digest=va3vEN3NXj3%2FeeUNdPknSittVr6IDfyhcynJuwaETsc%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
      • chrome.exe (PID: 7684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1932,i,3505526822495834609,8996004710142263870,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
3.5.pages.csvJoeSecurity_HtmlDropper_3Yara detected Html DropperJoe Security
    3.5.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

      Sigma Signatures

      No Sigma rule has matched

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      Phishing

      barindex
      Yara detected HtmlPhish10
      Source: Yara matchFile source: 3.5.pages.csv, type: HTML
      Phishing site detected (based on image similarity)
      Source: https://standardplurnbing.com/d740c10c7b9cf800d441f265844201e166226eb755785LOGd740c10c7b9cf800d441f265844201e166226eb755787#8s6f8sfMatcher: Found strong image similarity, brand: MICROSOFT
      Phishing site or detected (based on various text indicators)
      Source: Chrome DOM: 1.1OCR Text: : Verifying... CLOUDFLARE Microsoft
      Source: Chrome DOM: 2.2OCR Text: Verifying... CLOUDFLARE Microsoft
      Source: https://standardplurnbing.com/d740c10c7b9cf800d441f265844201e166226eb755785LOGd740c10c7b9cf800d441f265844201e166226eb755787#8s6f8sfHTTP Parser: Number of links: 0
      Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fek5r/0x4AAAAAAAXcPJib_gpDOvgv/auto/normalHTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fek5r/0x4AAAAAAAXcPJib_gpDOvgv/auto/normal
      Source: https://standardplurnbing.com/d740c10c7b9cf800d441f265844201e166226eb755785LOGd740c10c7b9cf800d441f265844201e166226eb755787#8s6f8sfHTTP Parser: Title: 846b110ed4867d63f3a4037e8cc57da866226eb755747 does not match URL
      Source: https://standardplurnbing.com/d740c10c7b9cf800d441f265844201e166226eb755785LOGd740c10c7b9cf800d441f265844201e166226eb755787#8s6f8sfHTTP Parser: Invalid link: get a new Microsoft account
      Source: https://assets-usa.mkt.dynamics.com/1444fd8c-9cfc-ee11-9f85-6045bd059025/digitalassets/standaloneforms/ef5ac49e-32fe-ee11-a1ff-000d3a3b0220#msdynmkt_trackingcontext=5de0cd1a-7e87-4cb9-9a6e-0d0eca10a498HTTP Parser: No favicon
      Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fek5r/0x4AAAAAAAXcPJib_gpDOvgv/auto/normalHTTP Parser: No favicon
      Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fek5r/0x4AAAAAAAXcPJib_gpDOvgv/auto/normalHTTP Parser: No favicon
      Source: https://standardplurnbing.com/d740c10c7b9cf800d441f265844201e166226eb755785LOGd740c10c7b9cf800d441f265844201e166226eb755787#8s6f8sfHTTP Parser: No favicon
      Source: https://standardplurnbing.com/d740c10c7b9cf800d441f265844201e166226eb755785LOGd740c10c7b9cf800d441f265844201e166226eb755787#8s6f8sfHTTP Parser: No <meta name="author".. found
      Source: https://standardplurnbing.com/d740c10c7b9cf800d441f265844201e166226eb755785LOGd740c10c7b9cf800d441f265844201e166226eb755787#8s6f8sfHTTP Parser: No <meta name="copyright".. found
      Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.126.29.8:443 -> 192.168.2.17:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49778 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49781 version: TLS 1.2
      Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 184.25.164.138
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownTCP traffic detected without corresponding DNS query: 52.146.76.30
      Source: unknownDNS traffic detected: queries for: assets-usa.mkt.dynamics.com
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
      Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
      Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
      Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
      Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
      Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
      Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
      Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
      Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
      Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
      Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
      Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
      Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
      Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
      Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
      Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.17:49746 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 40.126.29.8:443 -> 192.168.2.17:49777 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49778 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49781 version: TLS 1.2
      Source: classification engineClassification label: mal64.phis.troj.winPDF@35/40@20/76
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-15-50-694.log
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
      Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\-Case-id-#w93g94yv.pdf"
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1568,i,2654893312615149647,8349596810252708961,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
      Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 19DFFDE2D559D5D70D4F43C34AF9EEB6
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2272 --field-trial-handle=1568,i,2654893312615149647,8349596810252708961,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://public-usa.mkt.dynamics.com/api/orgs/1444fd8c-9cfc-ee11-9f85-6045bd059025/r/Gs3gXYd-uUyabg0OyhCkmAEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fassets-usa.mkt.dynamics.com%252F1444fd8c-9cfc-ee11-9f85-6045bd059025%252Fdigitalassets%252Fstandaloneforms%252Fef5ac49e-32fe-ee11-a1ff-000d3a3b0220%22%2C%22RedirectOptions%22%3A%7B%221%22%3Anull%7D%7D&digest=va3vEN3NXj3%2FeeUNdPknSittVr6IDfyhcynJuwaETsc%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1932,i,3505526822495834609,8996004710142263870,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://public-usa.mkt.dynamics.com/api/orgs/1444fd8c-9cfc-ee11-9f85-6045bd059025/r/Gs3gXYd-uUyabg0OyhCkmAEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fassets-usa.mkt.dynamics.com%252F1444fd8c-9cfc-ee11-9f85-6045bd059025%252Fdigitalassets%252Fstandaloneforms%252Fef5ac49e-32fe-ee11-a1ff-000d3a3b0220%22%2C%22RedirectOptions%22%3A%7B%221%22%3Anull%7D%7D&digest=va3vEN3NXj3%2FeeUNdPknSittVr6IDfyhcynJuwaETsc%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1932,i,3505526822495834609,8996004710142263870,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown

      Data Obfuscation

      barindex
      Yara detected Html Dropper
      Source: Yara matchFile source: 3.5.pages.csv, type: HTML
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
      Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      System Information Discovery      		Remote ServicesData from Local System2
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      Registry Run Keys / Startup Folder      		1
      Process Injection      		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      part-0013.t-0009.t-msedge.net
      		13.107.213.41
      		truefalse
        		unknown
        a.nel.cloudflare.com
        		35.190.80.1
        		truefalse
          		high
          code.jquery.com
          		151.101.2.137
          		truefalse
            		high
            challenges.cloudflare.com
            		104.17.2.184
            		truefalse
              		high
              www.google.com
              		74.125.136.103
              		truefalse
                		high
                part-0012.t-0009.t-msedge.net
                		13.107.246.40
                		truefalse
                  		unknown
                  standardplurnbing.com
                  		104.21.61.250
                  		truefalse
                    		unknown
                    assets-usa.mkt.dynamics.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://assets-usa.mkt.dynamics.com/1444fd8c-9cfc-ee11-9f85-6045bd059025/digitalassets/standaloneforms/ef5ac49e-32fe-ee11-a1ff-000d3a3b0220#msdynmkt_trackingcontext=5de0cd1a-7e87-4cb9-9a6e-0d0eca10a498false
                        		high
                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/fek5r/0x4AAAAAAAXcPJib_gpDOvgv/auto/normalfalse
                          		high

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          184.25.164.138
                          		unknownUnited States
                          		9498BBIL-APBHARTIAirtelLtdINfalse
                          13.107.246.41
                          		unknownUnited States
                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          13.107.246.40
                          		part-0012.t-0009.t-msedge.netUnited States
                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          74.125.136.95
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          52.146.76.30
                          		unknownUnited States
                          		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          173.194.219.94
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          104.17.3.184
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          23.201.212.159
                          		unknownUnited States
                          		5432PROXIMUS-ISP-ASBEfalse
                          151.101.2.137
                          		code.jquery.comUnited States
                          		54113FASTLYUSfalse
                          239.255.255.250
                          		unknownReserved
                          		unknownunknownfalse
                          52.5.13.197
                          		unknownUnited States
                          		14618AMAZON-AESUSfalse
                          13.107.213.41
                          		part-0013.t-0009.t-msedge.netUnited States
                          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                          64.233.185.84
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          74.125.136.103
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          35.190.80.1
                          		a.nel.cloudflare.comUnited States
                          		15169GOOGLEUSfalse
                          104.17.2.184
                          		challenges.cloudflare.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          104.21.61.250
                          		standardplurnbing.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          172.64.41.3
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          142.251.15.138
                          		unknownUnited States
                          		15169GOOGLEUSfalse

                          Private

                          IP
                          192.168.2.17

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1428757
                          Start date and time:2024-04-19 15:15:08 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:24
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Sample name:-Case-id-#w93g94yv.pdf
                          Detection:MAL
                          Classification:mal64.phis.troj.winPDF@35/40@20/76
                          Cookbook Comments:
                          • Found application associated with file extension: .pdf

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe
                          • Excluded IPs from analysis (whitelisted): 23.201.212.159, 52.5.13.197, 52.202.204.11, 23.22.254.206, 54.227.187.23, 172.64.41.3, 162.159.61.3, 184.31.62.93
                          • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, p13n.adobe.io, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, e16604.g.akamaiedge.net, geo2.adobe.com, prod.fs.microsoft.com.akadns.net
                          • Not all processes where analyzed, report is missing behavior information
                          • VT rate limit hit for: -Case-id-#w93g94yv.pdf

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.162064280518289
                          Encrypted:false
                          SSDEEP:
                          MD5:25C6704DA39C83B18CB095D30BBFDBA6
                          SHA1:BF9D7BDECA7D90AFBCC37C49AA2678693240AA4A
                          SHA-256:1102C0DB171E1CD8070452C82DDA410D564C0A078B41CAED41BE1AE4AA233A29
                          SHA-512:4C5A5EAC0F0D42491F95F1770F19F426D92EF7D6DED3107A6E0D91BEDACA3A5F7468320EE3AC56047DC9DF2842557BF6649921EC5CCDB6EB533D868E1A096620
                          Malicious:false
                          Reputation:unknown
                          Preview:2024/04/19-15:15:49.040 1820 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/19-15:15:49.080 1820 Recovering log #3.2024/04/19-15:15:49.080 1820 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):338
                          Entropy (8bit):5.218074421628524
                          Encrypted:false
                          SSDEEP:
                          MD5:B443034A0D8E36CCF8F5C394853E3629
                          SHA1:2709C46BA0610A61CC1CF61E5DD80C25786F99EF
                          SHA-256:A78FEC2D5615BD5082D7EC58FAA022ACEE77C915F73AC1506866DEA05E0DAFB8
                          SHA-512:21505AF16007955A46180D75A95FF68E0300C189794D397209A0F0566FDFA2B1E30063E709B8CBDD895AD615CEB9BA9DC8F5B29A4ECB27643BCC6DBD4CED4DCA
                          Malicious:false
                          Reputation:unknown
                          Preview:2024/04/19-15:15:48.934 1864 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/19-15:15:48.938 1864 Recovering log #3.2024/04/19-15:15:48.939 1864 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):6495
                          Entropy (8bit):5.2436030804128295
                          Encrypted:false
                          SSDEEP:
                          MD5:D23BB83D8F04EEC8BBB790C79DA5067C
                          SHA1:4EFE1478AB80DAC2D5EB3FC574E265266F4C47F0
                          SHA-256:2D99732643632481ABFFED1BA1A8867C8CB658DD843CEE8ABC5857518A46F2E1
                          SHA-512:B8AC2789AA6DE58B03ADAD432682A64A9D906532160F5068C2DC82C3CFF1443FBF555759E765EDC46CB5C7E194171C309FB68B49DA14AF2D87FB60970E1F716A
                          Malicious:false
                          Reputation:unknown
                          Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):326
                          Entropy (8bit):5.184089032869499
                          Encrypted:false
                          SSDEEP:
                          MD5:77EFFA560CF039C80033E7521279DFD1
                          SHA1:EDBF142622AB885BAC1CEFBCBB58A57F7ABF0C39
                          SHA-256:3B4DF452A25331ECE67EE8EB06D1D7D9E0D3E64C7082E705AC724676A98A7012
                          SHA-512:883D6AD590E333222B0172B203570888BA2FB3E28560D7298BCC9DDE404E6A8A827E0DBEC559F779BAF68EADFBD16FF1AAE4C1A42BA561D2465DA26E108E5695
                          Malicious:false
                          Reputation:unknown
                          Preview:2024/04/19-15:15:49.110 1864 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/19-15:15:49.112 1864 Recovering log #3.2024/04/19-15:15:49.115 1864 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419131553Z-184.bmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                          Category:dropped
                          Size (bytes):65110
                          Entropy (8bit):1.1894594740460325
                          Encrypted:false
                          SSDEEP:
                          MD5:713C303310EAC3DF728A26EDF3146627
                          SHA1:0EDCB682A6F9544C584210461E2D8F21060CAEFB
                          SHA-256:403533F5CBB3BD3CBE29995AF01D38CD4569A17E1E97D5FBA84C20E623DF60F7
                          SHA-512:07118CC929F01CE113B8575E6EC24C0FC0AA99B3B8D82428CE0AC8036005E7D5B2C0FD497F5375F2E65128E7B6AE7AF37126287635015D152B7D4A708F6D47CD
                          Malicious:false
                          Reputation:unknown
                          Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
                          Category:dropped
                          Size (bytes):86016
                          Entropy (8bit):4.4450697961212695
                          Encrypted:false
                          SSDEEP:
                          MD5:A01FBBCF1621EBB359AC0B190A8EEE9D
                          SHA1:1D6A75A38C6FBFCAA2CA4CA22DB29CF3065D87A8
                          SHA-256:E36CDEC0D81120CA595ABAC2C4F25CA8F2763F8CF723406E41E3DA48329399BC
                          SHA-512:8482008FE5900714624E1454CF0263154C20C1AD71B421B0BE47642C13824E6F08B52C56225C54027D00CFF6189E47E72F2C6531105D39A0F8502E8EBDFADF96
                          Malicious:false
                          Reputation:unknown
                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):3.769787075577972
                          Encrypted:false
                          SSDEEP:
                          MD5:F6DA2B3C546ACE1BD51545FC5E8C6471
                          SHA1:E03EE2521EE5F969EE5952566DB3E64F224D712C
                          SHA-256:A6E8AD96B8EB0E7632A36F3D8D937D785609538ABBC61C3A2500C8D7B2E725D8
                          SHA-512:FFB26D6A77EB98B34FAE343D9E0FD056EA3E2D6476D810A6DD54BC1E8FA029E21AD2BD93D1303AD309EFC0A4C246DB604C2A8CE24E14A99562C84091247B868E
                          Malicious:false
                          Reputation:unknown
                          Preview:.... .c.......n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.367768917156096
                          Encrypted:false
                          SSDEEP:
                          MD5:99DA32B56636D8843263A8EF36FEE401
                          SHA1:CFB680FD868DC6FAD0EC15982F9A1BC3CF32849C
                          SHA-256:241C22A3BF7691D283420B147988A009F99B0960073D9ECC580BE99FCC204039
                          SHA-512:07685DC3E87FC591385F22599C0D03BD8D008FF0F44077BDB39CF7D8C4BFAA0E7E258858CE77D760C0A6DEC0703A112EA5AD36E98D572895A9F451EAAF0E5E2B
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.316761003485291
                          Encrypted:false
                          SSDEEP:
                          MD5:A74B9CE5E19362F6ABBD406779973E8B
                          SHA1:6CCF377509C3FD186941BC3C366F7B18B30009CC
                          SHA-256:EA20C63FF920791F4F2A1CD28AA7FC8ADC975316539D517802B4CB830162E073
                          SHA-512:DBD2EF8ABD0CCCF1F286335DC1212ABF1A44F17F19F9DAF1BF609430DC96BF299F00E03F87373CDBA597923AF2A1EBCFDA5E54B5076F0A6F58EDAF5CD497C44E
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.2950204988430984
                          Encrypted:false
                          SSDEEP:
                          MD5:66A2FB638F70942A3D9E29E4CA1D832C
                          SHA1:A094F6E3B066FA6E3178A7F1896E9142A58EDD59
                          SHA-256:5D2293584DE5C58E30EC90036D003BD1A065A2556F6F8B6717830EFF463CD5E9
                          SHA-512:8B03A65AD9B35F584934CD007320D1956DEC2DC9EA1B08B816068C25136E79E55B68EED9AD4B44C3754608E32A9E98DAB01A85CFDB877B1C3AEAD5B9302BDBA2
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):285
                          Entropy (8bit):5.354019980949035
                          Encrypted:false
                          SSDEEP:
                          MD5:E4554BE77F45D127F027476714202839
                          SHA1:4569B872987003452573BAF5E8DFC9A2D0C4A96E
                          SHA-256:9BD8E1E4217B5DA7C7F180C50C4D50612C3F111109CE4219919756015B6A04B8
                          SHA-512:5444B802301D465CFE8AC18D80E24B23C2E98A64937FBEB7481C8D33A191BBE7A6064FDA3D174A8FE7044E41D9EF337A6789B2304B56ABC485132475977A9238
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.318819196475776
                          Encrypted:false
                          SSDEEP:
                          MD5:970E93D676C18885A13A17DCF5999757
                          SHA1:DF25D7EFDE807543617170E28500968423D180BA
                          SHA-256:ACA3567CCA7B4FC31015B5220FE2482818F43786749FF125041930EA8E748A04
                          SHA-512:08AD01B62A696E587D7790FD264CDDFEA68CBB7A776B9FAD212E63A2D3F8A8149AB1A79E85E39BD2A35F8B001CF261FF9BC457334A182E91FC681D60EA542D0B
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.30487771315166
                          Encrypted:false
                          SSDEEP:
                          MD5:FD106EFEE1B28A0E04740559DF90FC83
                          SHA1:29F06E3D39D5112123BEA01067772C27A990B6F5
                          SHA-256:0EF28E279B7292CBF647025DDA5295584199F5497133999FA975727496DAA5FB
                          SHA-512:F60F92AE5086FDA018C41111CF022F8DBC4E1918429FE0F609EF6ED3EC4533BA4DE9BABEEB182C32CFF7730728E38FC339C9A3EF01C4BE4CCA390E60BA3697C6
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.3057828010922226
                          Encrypted:false
                          SSDEEP:
                          MD5:463BC673F297A08274030E35F2B3454B
                          SHA1:6F24A18E7966547AF78D4AAFEC004D38A365A53E
                          SHA-256:0135991F6DC2853451D0C8C29B4694E698CF887598FA1D32247E14531F33AA48
                          SHA-512:627F1588E1911309C1931D004D833359EA93D5DCB50D188024E7DA272191067A88FC3864365A26491DF6B97EEFFF03DC504D0EE2E4EB0A6F17A4F336EFF80171
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.314806435504517
                          Encrypted:false
                          SSDEEP:
                          MD5:ED101167B54361F6DC8BC92174209251
                          SHA1:3FA810C4D6D6C09E0AFA2B688064758C9EEFE72C
                          SHA-256:C658866BDDB73B71D8CE47DE904942BAA0F470086D21F2D95D9E560FA536AA96
                          SHA-512:C2D6F0028B503CD9D2AFDA390819F73B8DB70A3BEDB8B2176981C86FFBCE8AAB68B74EC1F41BF6298EAB45F4119D724879B9B190FE9B36CED9506E92D6720B92
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1372
                          Entropy (8bit):5.741607183039335
                          Encrypted:false
                          SSDEEP:
                          MD5:71CBF751069E90E549A3545768C7C01B
                          SHA1:153186426451694D86156F529AA778D01F1BD216
                          SHA-256:0B1C46BC3132B84D59A8A94CE6CB7AD36ED5662ED3235085840CA73B0BFFE6B1
                          SHA-512:0243847C7853BEF106ED9727D02D1E091FB18BAA50AC6B3F596E21C932E9CFE608BC3C3BAC501CC3AB8DF25894278ADF76409282596BDA8230399668C8B3B7EB
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.312087850395198
                          Encrypted:false
                          SSDEEP:
                          MD5:D6A60E7AD5EF5E56BB68B37C83BEC8D1
                          SHA1:2BAA7B461C9A2259735CF9078405AB873E318153
                          SHA-256:AB0F658212962FA7D014F687D91AB95C06347FA2CEEA7055C71D86A7E1666871
                          SHA-512:F101AECF7FFF43B06B4AE643B195BF72FDE31538EE6C61DB0EEC73938902ED3F3D7351E781B0D88AD659F80B18D32845FD064B7EDF20422DB10B2DAD737083AB
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1395
                          Entropy (8bit):5.7762365202902295
                          Encrypted:false
                          SSDEEP:
                          MD5:413B743A1C6696708DAA7C73AD8680D7
                          SHA1:7BE7B5162C823A37C54FF980C2A6A3C6615E4706
                          SHA-256:FBE17E7D0B896D23720E56BD617C4DDC9520817371735F65CBD7BA18B22D1739
                          SHA-512:B0B1AC617406B8FFAAA70BBD0F818176AE3A35848BED58BFFAC743DCA3185908E180BB6660CE021E3977C9E23691493948207D85AA96A74A0125B03F0E6D898B
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):291
                          Entropy (8bit):5.295551870059472
                          Encrypted:false
                          SSDEEP:
                          MD5:B8424EE3A16E8A006F77001B5DBDD44A
                          SHA1:748B027D2981F2FBA455D5502072E26ADF1FE74C
                          SHA-256:420C457EDEE36630718C220EBBEDBEB435617522AB392B834BA36FCE7B9DCDE7
                          SHA-512:AA297073D24314CF4675F815BB8040A91E13BB621A0AE14C0929A0EE0B8F24DADC7A4F3B517488920DCC83A89B0F7BB068D6D5474E6CC1667A49ECC9D941E45D
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):287
                          Entropy (8bit):5.29707802263258
                          Encrypted:false
                          SSDEEP:
                          MD5:6AB808DDAFBB0FEE3279283BA892700C
                          SHA1:7C9C9BCCA9226249516E810E7DF160750EBD5288
                          SHA-256:B809EEF4342C6F685853339C154240DE5A9C5741B8B344999448A0BEDF826912
                          SHA-512:BDD0DEFE1E6E9E613B78BC0F9444B9B2CCC11BCAC4E30AA1B2C8F55DC8C698CE4BC0157C533B1C7FEA9DB06A212982076E971D7148DB50D9B9FE2926EA5FA27E
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.318629161079124
                          Encrypted:false
                          SSDEEP:
                          MD5:24BBB20C53CE073436B4DC1B1C63392E
                          SHA1:7A4B632F15FACF9A720AC1F20436E54A47296CDA
                          SHA-256:D32C9A72E87DC13D25914DE0E7062F218384522C6E64B97EE25ED77F42993584
                          SHA-512:7158F8C2113D7230E51DC88BB50B73950852228330694D90D991E88A7CD763E3CF6817CC3B9627BA04627B8DA6EECA2E6F3217A681E060A48DBEB6CD693661D3
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):286
                          Entropy (8bit):5.272768995481134
                          Encrypted:false
                          SSDEEP:
                          MD5:85F74ED30AE40877AD01220D5726376E
                          SHA1:A2FA799CBF78CE5D2D3EC07D2A2C4E4BA82C801C
                          SHA-256:6C6E5C407D31081C41F812BFEA54A6A111E0680FDE04F46545A0A45D50065321
                          SHA-512:C8F47864D29E1C9C7FC5C5E00CB14EE7C024195BB67C9A4F9F7B0717BC37B2C3C942D5C3A7C0B3D27FAD15C9F0A4ED82B65640B542EF798DC7D9800D8B666A5A
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):782
                          Entropy (8bit):5.370874067056647
                          Encrypted:false
                          SSDEEP:
                          MD5:ACB98BE5505EE6C2277DE29DFAC5485A
                          SHA1:34B01EB7F77DC2026FFBB99E8585E07F0DFEE542
                          SHA-256:63C5BD1068104C4B7154AB60EC49FCC83025EC4BA17476042CEBC8F852309898
                          SHA-512:6C0BF731ACE7CBD18964689DC7062A37B475921D9E365061AA3D774E8426C50554DE2F32B6AFF2E9FD1C9E8390C8024A566BFBD52C1BAC4753A2242245B1CFFE
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"cf29d641-1e39-4368-bb76-00d50ac40277","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1713709899164,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713532554216}}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Reputation:unknown
                          Preview:....

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2814
                          Entropy (8bit):5.1266408953862825
                          Encrypted:false
                          SSDEEP:
                          MD5:E924496D0B0AEA58862B3D389410484D
                          SHA1:FE3B3711804B8927CCF925F1ACC86DE94B655F18
                          SHA-256:D8696492DF2A5941562350D99C50E28F454142BCD37352609BC47B9D9FBD1748
                          SHA-512:5778935EE99E1624A41BAC76B71AAB4204217D30543EB193BB7D5D182B7AD32C076EB8F4563147B3C3AD7976F0BD8D539FC212534953F864E216A708610A0996
                          Malicious:false
                          Reputation:unknown
                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"6924a6947418ae79dae71f6f0f2f4968","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713532553000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"ad1810c5253a02e15ec99f494e3ce1b5","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713532553000},{"id":"Edit_InApp_Aug2020","info":{"dg":"091782951ad17549784040497f29575a","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713532553000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"50742283b3ccd5025cd722b8e65322d8","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713532553000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"63771a6a26f6e2a2274fcead06d3ee99","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713532553000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"782bc36381e0097dc246d71af12390bf","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713532552000},

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):1.3565795359417205
                          Encrypted:false
                          SSDEEP:
                          MD5:DE505FD8F705833EB7FC04932F12506A
                          SHA1:2D6B201E1EC9813CE94C80CFA686BDB67F8DFE9A
                          SHA-256:A4CF5AC20F9B7148C25251FBDD47A735D936082034D004B73DBDC2C18ACAB2EE
                          SHA-512:04B4ABCB3D3D6F71BE7D91D8AF633A6DF154028095F2279DF3222B3684E20307B9F7A715274A2FFA13A04CE1F8762AC601DA67A7A92E083EC61FA27113EF5C1A
                          Malicious:false
                          Reputation:unknown
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.8302221285142015
                          Encrypted:false
                          SSDEEP:
                          MD5:7067F1BB3CE4C49AF1B2C6909D99449E
                          SHA1:37FE6986833774E4A2C05351BDD607AF6329F6BA
                          SHA-256:FB45239FD967ABBC71DCD1D2D76661E9D8133DD425F2A96F3E9CB5A476B0512B
                          SHA-512:C05F621166B5187C333124BA970FA5F4314C591A2A2D23E0848ADDA12512C853EA8EED28AD9A8291FC99521913EE70110713ABFC74E684872B11C0E8FD490CC2
                          Malicious:false
                          Reputation:unknown
                          Preview:.... .c.....8..h......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Temp\MSI8bf69.LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.5162684137903053
                          Encrypted:false
                          SSDEEP:
                          MD5:41540EE16EC8BFADB60BC84DE3910DA7
                          SHA1:1D84C8FE43C3C337D1D031650B0D4A7A7467DD6A
                          SHA-256:53F061B55BF1F9F2B960D9936359200359647D3AD504C4D318DF08962084EE52
                          SHA-512:6840ECDE7234F05CCA576D4E8634972A70B0B53528F2889E654196A7DAF7720641F09C2B5466438C7B898CE15EA7EB61E6370941D558F367347DC85F17BB17E6
                          Malicious:false
                          Reputation:unknown
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.0.4./.2.0.2.4. . .1.5.:.1.5.:.5.5. .=.=.=.....

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-15-50-694.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.359827924713262
                          Encrypted:false
                          SSDEEP:
                          MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                          SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                          SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                          SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                          Malicious:false
                          Reputation:unknown
                          Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):35721
                          Entropy (8bit):5.423523062246717
                          Encrypted:false
                          SSDEEP:
                          MD5:459B8BBAF1289411D500FABA91D0BC79
                          SHA1:4E49C423253F6147D7F38B0E0BC0CC2CCA818775
                          SHA-256:73EC1202B0063C428DE004125D866A776E8D31C9AE65EBB06F7B910F488B3BDC
                          SHA-512:921197BDAD74F5F68D8A04D1BBDC8F79FDE141D410D94159187109FC4FC1CCF0B51CC9D1CF0445CB906D45885AEE6D027856BE13AB496D86F59848D45BFC0832
                          Malicious:false
                          Reputation:unknown
                          Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

                          C:\Users\user\AppData\Local\Temp\acrocef_low\1b86844e-916f-461f-92bc-24ddab582846.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:
                          MD5:3A49135134665364308390AC398006F1
                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                          Malicious:false
                          Reputation:unknown
                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                          C:\Users\user\AppData\Local\Temp\acrocef_low\1c778c8f-8500-4ebb-8a49-0206c19a22bd.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:
                          MD5:BF5BC7854487EA11816ACB9BB76380CF
                          SHA1:54798F83E92DC48B87852579EACF9309AA796D30
                          SHA-256:298BB38C6C44EFEBEAFC0CE9440FD675FDBF3A01451FA6907E29E0BB1F9D905B
                          SHA-512:7AD160FE0918F9606F975213421716CE7897805755F363184F73AED7F577D25AD0CCFF0BBDEC489B3E65608A840399E18A42BC67E81692B227AD5E2FF401E6DD
                          Malicious:false
                          Reputation:unknown
                          Preview:...........]..8.}. .)."{g.-.}plw.A........,..Y.tI.g.....)Q.H..'p#p`.U.S.H.)....e....a.><..w.....Dw..9.0Y~.......1.._......j.....Oh.q.\,....tn.....w..i.f..?A../.h.D..........n^......M..w......C....!..4.........w4q..F.1I.!A....(.........TN..'8...Q.........^...za..0Hm/.....{.....\....' ..1..0.qzD........'Y...... .m..8Bh... ...4...z..}.9..Lqp..M \Xe......Q..0..+C.B.4Ijm...o..co..q.d.~.8...\/.4.]....8...1.].D....K.|...hp\..... .ch.....\.g..Qpf.{N....n<......'.....KS(.k..$Q.R...6..'.....7.!....{.....b....C.v~...x...FO^..O.d.>'>...........&.. ..WR...6...^.D..A...d1|..F.g..g;.\...m..V..0..le.......4J..p.(..l'.....n_........n.0..P...Y.KJ.S.B.><.\C.}..~....,..k..V....XI#w..B..Q.B...t..\.lB;&!.n.(._=..>...+..a.......N.X{.{..ly.$V......@..E.....R.j.x[..V.....Ij.....mQ....-D....U1..J...F+.%...6.g.T.....X....(...w...8a..\1..^z.6...@R....l.i.A..,.......o..~^bM.E..qW^?.......!..)u.(&*.v....."c.H..Pp..uy...DP8.m3.:T..U=............0-~.B..w...D..'

                          C:\Users\user\AppData\Local\Temp\acrocef_low\ba009d03-e732-43c0-894c-11b23933a24b.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Reputation:unknown
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                          C:\Users\user\AppData\Local\Temp\acrocef_low\d4a7bd57-1b05-43ed-a139-1d1822f8a099.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:
                          MD5:011E40C772A8CE55D3C4190BA8DB32BE
                          SHA1:0C6B2B5DD7593EC18D433272E864C2746B69C1AC
                          SHA-256:99EB0D330ECCE9CF2BE7E143322267A6C839CECA4A37184852F4C418FB4D9E7F
                          SHA-512:4F341C14A4480C22CC24DDF5C758C0D43308F2082C77E3812515C0CA98CA1560CE76D4032DDF3A1C6DE73AF31379DBF3B4537DB35FD6C363412FDB6213602170
                          Malicious:false
                          Reputation:unknown
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 12:16:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.9888112100673316
                          Encrypted:false
                          SSDEEP:
                          MD5:1997B22590C90F665E6DB20F4616B4FC
                          SHA1:D5B8B1DEFA544C63A7051799D9C9683E33BF676A
                          SHA-256:D5D66A95827F4781E61B605ED1AD1ED3EB6B1B57FAB67827BB625C3CBDE1750E
                          SHA-512:EA37F35843CB883BFF344088D760CF333FB34889A8C31E48C9D85655DDCAF014BA94D1961CE270EA68EC9527B806099F8C4C6AA09A79E29AC23C2E4B692FC3BD
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....m..[.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.j....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.j...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.j...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,..s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 12:16:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2679
                          Entropy (8bit):4.006102276989363
                          Encrypted:false
                          SSDEEP:
                          MD5:1A3855F8E7E66E41B8117D61B92758A1
                          SHA1:93BC46480017684815F47A775FFBC115D1C8C95B
                          SHA-256:7EBFBBC918A23329D155B9C0E410971F7E3DBF188B92FB8326270E491C73F134
                          SHA-512:D85B68DCFC6209AA0263A1DF27A3EFAD10F48061A341DD5A90E4C876D118FD473F2CBF0CE4910834120D554CE7C4B20F1A0506CFC3A5408D49D7D7EACD7CFC48
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....u..[.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.j....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.j...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.j...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,..s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2693
                          Entropy (8bit):4.012822151355413
                          Encrypted:false
                          SSDEEP:
                          MD5:ADFFF83266C2232405EA4DDB0B0A0488
                          SHA1:8DB6F682CE27651DCE080747C0D89095B87E1C81
                          SHA-256:0018C92E43AC7F98E2EAE04572A42E7EB8C282D13071BB787CEE865BBC9B5937
                          SHA-512:092CE06F331F62203F7F4AD31E36884C1C51D80E5071E8DA44A79E6D4EB57F574E918297BA18EA105FA36D25A3BEFB15D182C3083EA81A47CF9B8CB6A58E8CB4
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.j....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.j...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,..s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 12:16:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2681
                          Entropy (8bit):4.004561530446538
                          Encrypted:false
                          SSDEEP:
                          MD5:E947705F2526D40C5079A32D8586DED4
                          SHA1:4FC4934508A5238F798F2662DE80BA4C36E74A54
                          SHA-256:2825E9E22DC67BC269FB7A88A576BEB89A7E27AEF60A3127CCB37BE963AF67C7
                          SHA-512:0B9BB109165D1B38640B8CE70F191976BA3CCC83120A212ABDE0D874D4391900679F6668DA270380B1958277A74533FACBB29A973770CF33D343773912388103
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,........[.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.j....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.j...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.j...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,..s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 12:16:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2681
                          Entropy (8bit):3.994377814200087
                          Encrypted:false
                          SSDEEP:
                          MD5:6F84D781CFDCF6C674D5E6072BA1317B
                          SHA1:262978F4901209949F435A9A87542850A179738B
                          SHA-256:4C7753766EA5FE7C43FC0876A5B686B3F661A964B2A00D35CF86B88F4FD69FD5
                          SHA-512:D21FD054735B549EF7181EC6F39A1F17F2F1ECE878B0563453367BEC04F1FDCD6E13AFA2BF4A60C56F798D62BD9384BE77A4050D164EB31AED26D9507E544FB8
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....z..[.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.j....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.j...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.j...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,..s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 12:16:23 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2683
                          Entropy (8bit):4.005013499761266
                          Encrypted:false
                          SSDEEP:
                          MD5:3AC5E9D4FA74D5D82706D600DCC6AE00
                          SHA1:8892D237DABF551163AB19663ED1B7DB90F5DE78
                          SHA-256:0520D3C53B94C7250BF903533FBD56AD73F53654DB15CF67E69A62CB830961D2
                          SHA-512:9EE071A3E66390CDA35CEC864CDB542C2E15102659D6D2FE57574257A63AA80FE582BB69E4861CF766EB9229B6B34FDA57A8F8323DA565EFBA44CD6C9CF42E52
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....E..[.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.X.i....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.j....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.X.j....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.X.j...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.X.j...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,..s.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          Static File Info

                          General

                          File type:
                          Entropy (8bit):7.838394669364466
                          TrID:
                          • Adobe Portable Document Format (5005/1) 100.00%
                          File name:-Case-id-#w93g94yv.pdf
                          File size:33'391 bytes
                          MD5:54fd20605867341c1a6183ce4faeb9ee
                          SHA1:10be5548a1cf5806813867f67154456db14c5d57
                          SHA256:3506380ccce8d18245c05fd5070db2c22a78aa98e709cebf3971ae9a3eb4ffcc
                          SHA512:451f0fe407d46a0ee1c4fac053d61c7ae45883feda0423eacebff147754ab159d3fc7c518f037c3093f3f96d441b102e3c687c68526bde11498866c6252381c6
                          SSDEEP:768:cTuFGIPq93ysxsVNvz6WUgrArBiN6b4Gjatgc96WsoyOpFMbU:guFG/BKWWUgrA9iN6PaN96WsMpFsU
                          TLSH:16E2BEB6E6590C9DFDC387D54964F94D46BCF20707DB60C538388212B969EE8AF202F9
                          File Content Preview:%PDF-1.4.%.....1 0 obj.<<./Title ()./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .5...1.5...3)./CreationDate (D:20240419060110-07'00').>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA true.

                          File Icon

                          Icon Hash:62cc8caeb29e8ae0