Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf

Overview

General Information

Sample URL:https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf
Analysis ID:1458696
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Drops files with a non-matching file extension (content does not match file extension)
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2084 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 1096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2212,i,7945811400495194843,7150962842891366104,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 1668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • Acrobat.exe (PID: 2056 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 3472 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 2828 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1684,i,6915552693595644880,6808186178863427705,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdfHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdfHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49736 version: TLS 1.0
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49736 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 40.113.103.199
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf HTTP/1.1Host: www.isda.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.isda.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=008ge1r4sq6gpkg4tp367iuk0u
Source: global trafficHTTP traffic detected: GET /favicon2.ico HTTP/1.1Host: cdn.aws.isda.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.isda.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf HTTP/1.1Host: www.isda.orgConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=008ge1r4sq6gpkg4tp367iuk0u
Source: global trafficHTTP traffic detected: GET /favicon2.ico HTTP/1.1Host: cdn.aws.isda.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5PCTUmYM1FDZCo3&MD=Gkwyk+ew HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=5PCTUmYM1FDZCo3&MD=Gkwyk+ew HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: www.isda.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: cdn.aws.isda.org
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.9.drString found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownHTTPS traffic detected: 40.113.103.199:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49751 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49754 version: TLS 1.2
Source: classification engineClassification label: clean1.win@38/54@9/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\d225b413-c099-4623-ae29-947629b01d61.tmpJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-18 02-38-44-172.logJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2212,i,7945811400495194843,7150962842891366104,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf"
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1684,i,6915552693595644880,6808186178863427705,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2212,i,7945811400495194843,7150962842891366104,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1684,i,6915552693595644880,6808186178863427705,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1684,i,6915552693595644880,6808186178863427705,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeFile opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfg
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 210
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: Chrome Cache Entry: 210Jump to dropped file
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		11
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1458696 URL: https://www.isda.org/a/r41g... Startdate: 18/06/2024 Architecture: WINDOWS Score: 1 22 chrome.cloudflare-dns.com 2->22 7 chrome.exe 14 2->7         started        10 Acrobat.exe 20 72 2->10         started        12 chrome.exe 2->12         started        process3 dnsIp4 26 192.168.2.6, 443, 49704, 49705 unknown unknown 7->26 28 239.255.255.250 unknown Reserved 7->28 14 chrome.exe 7->14         started        17 AcroCEF.exe 106 10->17         started        process5 dnsIp6 30 18.66.147.121, 443, 49728 MIT-GATEWAYSUS United States 14->30 32 cdn.aws.isda.org 18.66.147.7, 443, 49725 MIT-GATEWAYSUS United States 14->32 34 2 other IPs or domains 14->34 19 AcroCEF.exe 2 17->19         started        process7 dnsIp8 24 chrome.cloudflare-dns.com 172.64.41.3, 443, 49748, 49749 CLOUDFLARENETUS United States 19->24

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf0%Avira URL Cloudsafe
https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf0%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
www.isda.org0%VirustotalBrowse
chrome.cloudflare-dns.com0%VirustotalBrowse
cdn.aws.isda.org0%VirustotalBrowse
www.google.com0%VirustotalBrowse
bg.microsoft.map.fastly.net0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://ipinfo.io/0%URL Reputationsafe
https://cdn.aws.isda.org/favicon2.ico0%Avira URL Cloudsafe
https://chrome.cloudflare-dns.com/dns-query0%Avira URL Cloudsafe
file:///C:/Users/user/Downloads/downloaded.pdf0%Avira URL Cloudsafe
https://www.isda.org/favicon.ico0%Avira URL Cloudsafe
https://cdn.aws.isda.org/favicon2.ico0%VirustotalBrowse
https://chrome.cloudflare-dns.com/dns-query0%VirustotalBrowse
https://www.isda.org/favicon.ico0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalseunknown
chrome.cloudflare-dns.com
172.64.41.3
truefalseunknown
cdn.aws.isda.org
18.66.147.7
truefalseunknown
www.isda.org
52.201.165.217
truefalseunknown
www.google.com
216.58.206.36
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://cdn.aws.isda.org/favicon2.icofalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://chrome.cloudflare-dns.com/dns-queryfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://ipinfo.io/false
  • URL Reputation: safe
unknown
file:///C:/Users/user/Downloads/downloaded.pdffalse
  • Avira URL Cloud: safe
unknown
https://www.isda.org/favicon.icofalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdffalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    52.201.165.217
    		www.isda.orgUnited States
    		14618AMAZON-AESUSfalse
    18.66.147.7
    		cdn.aws.isda.orgUnited States
    		3MIT-GATEWAYSUSfalse
    216.58.206.36
    		www.google.comUnited States
    		15169GOOGLEUSfalse
    239.255.255.250
    		unknownReserved
    		unknownunknownfalse
    18.66.147.121
    		unknownUnited States
    		3MIT-GATEWAYSUSfalse
    172.64.41.3
    		chrome.cloudflare-dns.comUnited States
    		13335CLOUDFLARENETUSfalse

    Private

    IP
    192.168.2.6

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1458696
    Start date and time:2024-06-18 08:36:19 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 4m 8s
    Hypervisor based Inspection enabled:false
    Report type:light
    Cookbook file name:browseurl.jbs
    Sample URL:https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:13
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Detection:CLEAN
    Classification:clean1.win@38/54@9/7
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Found PDF document
    • Close Viewer

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
    • TCP Packets have been reduced to 100
    • Excluded IPs from analysis (whitelisted): 216.58.212.163, 142.250.185.110, 74.125.206.84, 34.104.35.123, 192.229.221.95, 20.3.187.198, 199.232.210.172, 52.165.164.15, 93.184.221.240, 142.250.185.67, 184.28.88.176, 52.6.155.20, 3.233.129.217, 3.219.243.226, 52.22.41.97, 2.19.126.143, 2.19.126.149, 95.101.54.195, 2.16.202.123, 95.101.148.135, 142.250.114.94, 142.251.116.94
    • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, clientservices.googleapis.com, wu.azureedge.net, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, www.gstatic.com, wu-b-net.trafficmanager.net, apps.identrust.com, client.wns.windows.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, armmf.adobe.com, clients.l.google.com, geo2.adobe.com
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtSetInformationFile calls found.
    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

    Simulations

    Behavior and APIs

    TimeTypeDescription
    02:38:55API Interceptor1x Sleep call for process: AcroCEF.exe modified

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):298
    Entropy (8bit):5.129992419167028
    Encrypted:false
    SSDEEP:6:j+7q2PN72nKuAl9OmbnIFUt8S+UDZmw+S+UZkwON72nKuAl9OmbjLJ:q7vVaHAahFUt830/+305OaHAaSJ
    MD5:03C487A1C8B4D8D34009A63D522B4E4C
    SHA1:30F84D8519CEE387B5F660C06ACDB161B86F0FF5
    SHA-256:9D6EDB10FF16E652F44A2E747C19A51EF6D9CE2C1B01D634674BA4EFD41D20BB
    SHA-512:711AEADFB222C86A2D5012A6016010DC9A7036EC3B198C3051F081831399CD4B6E7B313CB8FD89BDCE6A0FB070D28BD59616BC902D30FEB0D6DA73C27E535D95
    Malicious:false
    Reputation:low
    Preview:2024/06/18-02:38:42.020 18d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/18-02:38:42.022 18d0 Recovering log #3.2024/06/18-02:38:42.022 18d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):298
    Entropy (8bit):5.129992419167028
    Encrypted:false
    SSDEEP:6:j+7q2PN72nKuAl9OmbnIFUt8S+UDZmw+S+UZkwON72nKuAl9OmbjLJ:q7vVaHAahFUt830/+305OaHAaSJ
    MD5:03C487A1C8B4D8D34009A63D522B4E4C
    SHA1:30F84D8519CEE387B5F660C06ACDB161B86F0FF5
    SHA-256:9D6EDB10FF16E652F44A2E747C19A51EF6D9CE2C1B01D634674BA4EFD41D20BB
    SHA-512:711AEADFB222C86A2D5012A6016010DC9A7036EC3B198C3051F081831399CD4B6E7B313CB8FD89BDCE6A0FB070D28BD59616BC902D30FEB0D6DA73C27E535D95
    Malicious:false
    Reputation:low
    Preview:2024/06/18-02:38:42.020 18d0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/06/18-02:38:42.022 18d0 Recovering log #3.2024/06/18-02:38:42.022 18d0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):339
    Entropy (8bit):5.1788457100066
    Encrypted:false
    SSDEEP:6:j+kQQ+q2PN72nKuAl9Ombzo2jMGIFUt8S+TgZmw+S+3wQVkwON72nKuAl9Ombzos:qkovVaHAa8uFUt83M/+3j5OaHAa8RJ
    MD5:38F501D44416EFE113CBFC2E5035E451
    SHA1:BA9E73AFFE6C7FC1D2A90A718FEFCBE66FA5349C
    SHA-256:2D71E115477D123F6097A7A9516BCAD9539AB8AECB1FC30A819CC570296A472D
    SHA-512:C9B0AD577A40BA4ECC67E6C71EC9772554B3B2BB475E786B627DF89A3DAE33F2E8872E673EB73E555E058ED1CF81032662E6CAC0E4A785FB189713342FF1DC59
    Malicious:false
    Reputation:low
    Preview:2024/06/18-02:38:42.144 fb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/18-02:38:42.148 fb8 Recovering log #3.2024/06/18-02:38:42.149 fb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):339
    Entropy (8bit):5.1788457100066
    Encrypted:false
    SSDEEP:6:j+kQQ+q2PN72nKuAl9Ombzo2jMGIFUt8S+TgZmw+S+3wQVkwON72nKuAl9Ombzos:qkovVaHAa8uFUt83M/+3j5OaHAa8RJ
    MD5:38F501D44416EFE113CBFC2E5035E451
    SHA1:BA9E73AFFE6C7FC1D2A90A718FEFCBE66FA5349C
    SHA-256:2D71E115477D123F6097A7A9516BCAD9539AB8AECB1FC30A819CC570296A472D
    SHA-512:C9B0AD577A40BA4ECC67E6C71EC9772554B3B2BB475E786B627DF89A3DAE33F2E8872E673EB73E555E058ED1CF81032662E6CAC0E4A785FB189713342FF1DC59
    Malicious:false
    Reputation:low
    Preview:2024/06/18-02:38:42.144 fb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/06/18-02:38:42.148 fb8 Recovering log #3.2024/06/18-02:38:42.149 fb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):475
    Entropy (8bit):4.964484232732606
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqJWsBdOg2HdeAcaq3QYiubcP7E4T3y:Y2sRdsgdMHder3QYhbA7nby
    MD5:530B8A1B691B4B9069D51CE311BCE957
    SHA1:317887B2B2E852D839F659C9AED31ACC686D7D24
    SHA-256:AB3BC038C45EBA426FAD00A5F58CEFE0AC0CDE7895EE061447AFB782DA9AC45B
    SHA-512:FE4AE397A7133DC11FA66EC63559AFF947128D3DC0CA1EE66CDDCB1C222BE04E301C9A17A3DE6DF7F54ECEFF770BCE34C0584A9D869A601EA4A9316B11B08E3C
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13363252728077121","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":241215},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b1bac4f3-d163-4063-a214-5945520ec20f.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:JSON data
    Category:modified
    Size (bytes):475
    Entropy (8bit):4.964484232732606
    Encrypted:false
    SSDEEP:12:YH/um3RA8sqJWsBdOg2HdeAcaq3QYiubcP7E4T3y:Y2sRdsgdMHder3QYhbA7nby
    MD5:530B8A1B691B4B9069D51CE311BCE957
    SHA1:317887B2B2E852D839F659C9AED31ACC686D7D24
    SHA-256:AB3BC038C45EBA426FAD00A5F58CEFE0AC0CDE7895EE061447AFB782DA9AC45B
    SHA-512:FE4AE397A7133DC11FA66EC63559AFF947128D3DC0CA1EE66CDDCB1C222BE04E301C9A17A3DE6DF7F54ECEFF770BCE34C0584A9D869A601EA4A9316B11B08E3C
    Malicious:false
    Reputation:low
    Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13363252728077121","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":241215},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.6","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):5859
    Entropy (8bit):5.25014064062795
    Encrypted:false
    SSDEEP:96:av+Nkkl+2GAouz3z3xfNLUS3vHp5OuDzUrMzh28qXAXFP74LRXOtW7ANwE7fsS5q:av+Nkkl+2G1uz3zhfZUyPp5OuDzUwzho
    MD5:E22675EDE04EA9EDCA8E306869580879
    SHA1:F8557B7054D1960FFEB3F8F24EC5DF31C1413520
    SHA-256:90D01C6D4BE2C7FA402A1ED759ACCFFE74F3541CD971CF66EFA2424B986919D4
    SHA-512:3D0187143BB3BA61B3043B15FD516A5CCCBB6B15E2FA6FEF76EBAEF02924A5B0830E3C0E14EFFF22D025AA1A029C93D597FEA3AB86447CC3FD7694ACC07FE96E
    Malicious:false
    Reputation:low
    Preview:*...#................version.1..namespace-.X.Bo................next-map-id.1.Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/.0.>j.r................next-map-id.2.Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/.1.J.4r................next-map-id.3.Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/.2..J.o................next-map-id.4.Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.3..M.^...............Pnamespace-c291b69d_46f8_4b09_b54e_d05df8a1271d-https://rna-resource.acrobat.com/..d.^...............Pnamespace-d7426d52_3038_4cd9_b9cc_897232425509-https://rna-resource.acrobat.com/.u..a...............Snamespace-63b958a8_6f71_4fde_913c_6518794b9fd1-https://rna-v2-resource.acrobat.com/..`aa...............Snamespace-37e4c694_2a8d_4b31_9eb8_e65c5f9e16d5-https://rna-v2-resource.acrobat.com/`v.Yo................next-map-id.5.Pnamespace-30587558_ed88_4bd8_adc0_

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):327
    Entropy (8bit):5.17870245668716
    Encrypted:false
    SSDEEP:6:j+ksQ+q2PN72nKuAl9OmbzNMxIFUt8S+ksHwgZmw+S+5QVkwON72nKuAl9OmbzNq:qkUvVaHAa8jFUt83ksHZ/+3q5OaHAa8E
    MD5:04DBE74C5D3623DF152A0F02F11EC7D8
    SHA1:27FAB2249AD9F1ACE2D77E285EF7B40DDB7B4CFE
    SHA-256:F57360B8B57E144E9AC9C84425460CE8E5F7C55EA3D17E3D36705F84C9AA76F7
    SHA-512:3D542CAF906158408F3ABD45DECB2AE38DC9A7D791E01E6C61A6ED8B8C3AC5A848642B59C84EF94669CF96B1188977D474B11C67C847992FA99D10DE04D808B5
    Malicious:false
    Reputation:low
    Preview:2024/06/18-02:38:42.298 fb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/18-02:38:42.299 fb8 Recovering log #3.2024/06/18-02:38:42.300 fb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:ASCII text
    Category:dropped
    Size (bytes):327
    Entropy (8bit):5.17870245668716
    Encrypted:false
    SSDEEP:6:j+ksQ+q2PN72nKuAl9OmbzNMxIFUt8S+ksHwgZmw+S+5QVkwON72nKuAl9OmbzNq:qkUvVaHAa8jFUt83ksHZ/+3q5OaHAa8E
    MD5:04DBE74C5D3623DF152A0F02F11EC7D8
    SHA1:27FAB2249AD9F1ACE2D77E285EF7B40DDB7B4CFE
    SHA-256:F57360B8B57E144E9AC9C84425460CE8E5F7C55EA3D17E3D36705F84C9AA76F7
    SHA-512:3D542CAF906158408F3ABD45DECB2AE38DC9A7D791E01E6C61A6ED8B8C3AC5A848642B59C84EF94669CF96B1188977D474B11C67C847992FA99D10DE04D808B5
    Malicious:false
    Reputation:low
    Preview:2024/06/18-02:38:42.298 fb8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/06/18-02:38:42.299 fb8 Recovering log #3.2024/06/18-02:38:42.300 fb8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240618063846Z-166.bmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
    Category:dropped
    Size (bytes):71190
    Entropy (8bit):1.446454684938329
    Encrypted:false
    SSDEEP:192:cb9tVLSUX4Ds7J3kPV4hDz23gcajTJSr+rQl+tg3jm:4tVLSUXZJ3K0Lca8r36
    MD5:293F0F38B18DE4E28BE1F36BEA8B07D8
    SHA1:967C824CCEC6ED6BB70EC2CD7740D97E828CD6B8
    SHA-256:E8D6AE3E7EF1FC13AC45FCC7F6042E107D153E0FBAFB2D657C6C7E9D1FA58062
    SHA-512:908ADE31293DDB16C9C4A78B53D8B2405E9F7EEED7110C5AC6C3D6132561DAD45DE39A099D60C53099AC76E6BDBF09DF860180322C2F02597C0E7B00E8B9DFEC
    Malicious:false
    Reputation:low
    Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 11, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 11
    Category:dropped
    Size (bytes):86016
    Entropy (8bit):4.445170774537404
    Encrypted:false
    SSDEEP:384:ye6ci5t5iBA7aDQPsknQ0UNCFOa14ocOUw6zyFzqFkdZ+EUTTcdUZ5yDQhJL:mas3OazzU89UTTgUL
    MD5:9A92323910202DCC92B0891FABC00E20
    SHA1:E779FE96E2CFD0CE4B3135CADE823EFDFB295C4C
    SHA-256:0DDCDE4489DCE65DEA4738C93A67072D4D52A59F29A175CA78014A8D65E74D8E
    SHA-512:AE26001DFB1FCCF5561C105CDE01EB2A1CBC9D1160B43E776541A7FC3D7FD0E931EEAE31AC6798799ECAF00A0B043233C56F80AE158CFBD606D5BAC935338591
    Malicious:false
    Reputation:low
    Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):3.769735743330777
    Encrypted:false
    SSDEEP:48:7MpJioyVXsioyg5oy1C7oy16oy1qdKOioy1noy1AYoy1Wioy1oioykioyBoy1noL:7SJu8aFXjBi9b9IVXEBodRBkq
    MD5:9F560A3BF90A0DEEEDCD03BA17A43634
    SHA1:1E247D157D67AC235846768092F3252292E11DDD
    SHA-256:2DC008C28085BCB043B79B641C71EF106946A87E0366ABDAEC397BA320393DAD
    SHA-512:FDCEAC14DCE6BE81452DFC2A73263E7DF96B67213972E5C4D0EFDAF120D265FD14CFEF33D48E49B2A3606276659E5C452A65DCF8D6D71FB75EB5E267127B81EE
    Malicious:false
    Reputation:low
    Preview:.... .c.......0...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b.r.l...t...}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):893
    Entropy (8bit):7.366016576663508
    Encrypted:false
    SSDEEP:24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
    MD5:D4AE187B4574036C2D76B6DF8A8C1A30
    SHA1:B06F409FA14BAB33CBAF4A37811B8740B624D9E5
    SHA-256:A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
    SHA-512:1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
    Malicious:false
    Reputation:low
    Preview:0..y..*.H.........j0..f...1.0...*.H.........N0..J0..2.......D....'..09...@k0...*.H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0...*.H.............0..........P..W..be......,k0.[...}.@......3vI*.?!I..N..>H.e...!.e.*.2....w..{........s.z..2..~..0....*8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.*....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i....*.)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0...*.H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..|.Wv..(9..e...w.j..w.......)...55.1.

    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:data
    Category:dropped
    Size (bytes):252
    Entropy (8bit):3.0215269645321685
    Encrypted:false
    SSDEEP:3:kkFklKBvRllXfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7F:kKdBRxliBAIdQZV7I7kc3
    MD5:E3BB793F1DFDF9B49C702497E0399D5F
    SHA1:50CCF0083A264433C9501A01FBEC5CFFD67927BA
    SHA-256:15257F0CBA01653994662381A00B1D72227B9FF73EF302CA199AF4BB858E29BD
    SHA-512:CD589D62C86594006927542184E3572D64373CA1A7E8F04E77A94BB9B8EECE06AD798BF14E32ECD6AE8F608408309352A898E967739E9A0C6FB71A22E349C1EA
    Malicious:false
    Reputation:low
    Preview:p...... ....`......0J...(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2196

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Reputation:low
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PostScript document text
    Category:dropped
    Size (bytes):185099
    Entropy (8bit):5.182478651346149
    Encrypted:false
    SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
    MD5:94185C5850C26B3C6FC24ABC385CDA58
    SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
    SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
    SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
    Malicious:false
    Reputation:low
    Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):227002
    Entropy (8bit):3.392780893644728
    Encrypted:false
    SSDEEP:1536:qKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:XPCaJ/3AYvYwglFoL+sn
    MD5:265E3E1166312A864FB63291EA661C6A
    SHA1:80DFF3187FF929596EB22E1DB9021BAD6F97178C
    SHA-256:C13E08B1887A4E44DC39609D7234E8D732A6BC11313B55D6F4ECFB060CD87728
    SHA-512:48776A2BFE8F25E5601DCC0137F7AB103D5684517334B806E3ACF61683DD9B283828475FC85CE0CBE4E8AF88E6F8B25EED0A77640E2CFFF2CC73708726519AFA
    Malicious:false
    Reputation:low
    Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):295
    Entropy (8bit):5.345866250906453
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJM3g98kUwPeUkwRe9:YvXKXuqpmGcGWdQGMbLUkee9
    MD5:5E2F023F790F8D3C1697D682C3C5B053
    SHA1:166EBD5868F0E6D0C2E0E298B2F05EC29D040983
    SHA-256:1EF6AD369FCEE97CF05C26165D4528B31F11EDB7C05451F5F18EB3BECFCB95D9
    SHA-512:0D7A276E0EB38A4E2AC2425CCB011CE1C42FE107427ECF5C2F1E50F55CE393EC44AD26EA086736A67D99C01C7DA2409DC12351F66E8E0AB27772E3AFB83F5193
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.297441686877155
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJfBoTfXpnrPeUkwRe9:YvXKXuqpmGcGWdQGWTfXcUkee9
    MD5:B820ABB533263CD1022F17EB6C40EDD1
    SHA1:D4F6B07B0F30724CBCC589282EB356DC33275163
    SHA-256:BCA6CD9AA3803D5453E450142739298F8CB714A2F558D2A4DCA2C2093E7ADCC8
    SHA-512:00862DF71B06F49DC363FCF89AA827C3AAD85A5A750A6167099FBAE0CC95470282FEFF46E3437CDDD35F97047C53866C6DAB7773184883F6DE6214A5E59F95BE
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):294
    Entropy (8bit):5.276521151082117
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJfBD2G6UpnrPeUkwRe9:YvXKXuqpmGcGWdQGR22cUkee9
    MD5:893BD891E042CF73CF89B1B7F5797805
    SHA1:06B73DC55D8777E7380DFD7FB4BD19B506FAB53F
    SHA-256:41217DB3595F90AF2389B46E8D4676B8BA2AD3916C038E977C7074AE9EF43B47
    SHA-512:CABEC853C4BC39611CFF7AC328A50583B98ADB82D76574BDBA913B09A9C4547AA3D0B7808210B84F45996811DA588215FBDD93A3E3F049EC5C83F50F1FE6E44A
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):285
    Entropy (8bit):5.325274891994575
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJfPmwrPeUkwRe9:YvXKXuqpmGcGWdQGH56Ukee9
    MD5:407E9DE3541AAB0A8321DE0E4FAA2349
    SHA1:E1C561951409ADFEB0C4D2C97D0D04EC867CCD22
    SHA-256:640250A66A4B0AA2E414680036AC20BAC43CC19A3F9472BB87F340DE05E0F99A
    SHA-512:0C16112CAA723F55F273FAAF64BB79D5F26FB6B7CE46DA5CEB513EBBBBB361A0D1412320520B6C6215E4CAE2D52F7D6011C32F68250DE99AE031C92F01B5F423
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.2891935429161485
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJfJWCtMdPeUkwRe9:YvXKXuqpmGcGWdQGBS8Ukee9
    MD5:F8AD33801EC0030ABD6D4A862472FF2E
    SHA1:8D87EE1A76695F0178F0C15E2C2371056E3F77A4
    SHA-256:6055412DABAB1E7AE84EEA57251B1628A3094CD398B0FBD558F0D459B25603C1
    SHA-512:38C39D3D478FFCB3CC0E6A2F2151B4BBC74BB309FA8082A26BD2A4F0738B4951C4491727C59BBB8056FBA7D4D75E8FEFFA6FEF006B77451B63173B6660BA7E0B
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.273961523193665
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJf8dPeUkwRe9:YvXKXuqpmGcGWdQGU8Ukee9
    MD5:6BFA6803ECDD51D32AE421CD13DC1C44
    SHA1:749E32F1B3DAB83F9A2E514255A5FC2BD7B8E660
    SHA-256:CAD8E9967973FBCC9DEA3D7F29BD191A0EFA2CE2109FC0E01E9626B6B12D1CB1
    SHA-512:E02ABC84A39F60553C429250672543F5114A52432C422D684E9A7C73342A17EA1CDDD410ADFDF7C48CD09B74F4C9B9A38FD1D4803BD0BF34A27733C4E7746ACF
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):292
    Entropy (8bit):5.2763465082570615
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJfQ1rPeUkwRe9:YvXKXuqpmGcGWdQGY16Ukee9
    MD5:5F67DB2B2682720B7114EE216FACD7D5
    SHA1:471BD5CC2B1A02B3BEEDF8BA35B73AFC79E2A181
    SHA-256:BCF38CB6D52C743DE7FDFF1F686AF20A779A3E8DEEC1350EA472192325A174EA
    SHA-512:8659818FE9232A3E8F9570FEA447AB031139A8DF1D3003B8764A409B4AC73094D661F8C0EA4F5B001E139E7B978BCE7D1E8E5CF6859C35349ADA646FF9E10C57
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.285451231630831
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJfFldPeUkwRe9:YvXKXuqpmGcGWdQGz8Ukee9
    MD5:351CF57BFDE88B3A0BB206579CED9465
    SHA1:5C424E9D6FB3EA321627DBBF3C75B04C4410BD69
    SHA-256:BCCB90E7E98F3D4FF756A0A410E7EDEE87157B975C9EC65198A166ABAE53C479
    SHA-512:F86DD2DD4A0F491BEFCDF4F9AFE426F710272DDE4902C1FAC394F3FE6CEEED1CBF14D7908B0367C8FCE2A3A30E55C8F93026E9DA7F5F50900B42CC3B46049E95
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1372
    Entropy (8bit):5.740200930639981
    Encrypted:false
    SSDEEP:24:Yv6XuqmGaIKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJN1:YvgHaIEgigrNt0wSJn+ns8cvFJP
    MD5:6E55F5A865A7C22DBB22B4EB55024AA1
    SHA1:0FE0047905C5FE5D3EB4A92DDB8A6707DF36F058
    SHA-256:3D5E44E8C4CD6910CDE1C72C23F7FCB40275E281304B132F3DE7E40BEE004E06
    SHA-512:DC1D8E3C739A971A9E4785A7B0B925996A13EE156ABC6FECD291CA5AEB28E18A7164C1DA12EE52F87E8357F17002323F283CE3CC2DDCBE5E95D65B4708D361DB
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.28089332162007
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJfYdPeUkwRe9:YvXKXuqpmGcGWdQGg8Ukee9
    MD5:C1B98C3587BBF80F56653DB0055ABEB8
    SHA1:C8200A57E6DD812B619A04A2B809AFCB198C7EF0
    SHA-256:59FE096B26C20868182CFD552E65AD663F986BAB93CA3CD87B1997EFBA86E109
    SHA-512:379829A0D0A60CB21478FE72C601C74BE217FBA8F798DB2211F692F8B88D1CD0775C9C861CA73F934D3B951459860083D7D8177625C26872D27D05B32588AE7D
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):1395
    Entropy (8bit):5.778027152569
    Encrypted:false
    SSDEEP:24:Yv6XuqmGanrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNt:YvgHanHgDv3W2aYQfgB5OUupHrQ9FJr
    MD5:4638B2D3C165FF4830F6EBEC353A6EFD
    SHA1:AAF151FDD3260FC85523314470AC4F5B0E88933B
    SHA-256:CF18F7736F590DCB09C6B65724FF941DFC1A6354E5034EDDF933C90422D32283
    SHA-512:20C714D082C95B270AE077C3DF32C27304E1F4C68ACC5A25E9DACA826549D6BA8BDE7C260E958D81E9B8578D4D3AAF85B41FBB4FD9E18F40BD4B676F6DC31BA4
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):291
    Entropy (8bit):5.264571736671114
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJfbPtdPeUkwRe9:YvXKXuqpmGcGWdQGDV8Ukee9
    MD5:ADD16D6BC4C1B1286EBDF33972BA28A3
    SHA1:84A1A24B37734175C38E2DCAF0831F242B9BB420
    SHA-256:E32FF159D3B5F0CED47E85D82F848C5EBD42B753DF4808C63561F055DCF5AE2B
    SHA-512:A279D144A2ED33B2861892205A2D3F1FC2AF5ADEB576C856C915DF491E3BBFF89E417B7EC57C119F45A55A9D35340EE88F473C9899EA2E9C5C0EF1DC7F3F38A2
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):287
    Entropy (8bit):5.2676885920229815
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJf21rPeUkwRe9:YvXKXuqpmGcGWdQG+16Ukee9
    MD5:07DFEC4564D9C9FCBD618B8BF32849A1
    SHA1:7A600AC0D00DD1C4CA2C406AB1500D907FFF6F6A
    SHA-256:0807B0BE9887E81F901BA5C17AE43ADCE1A54466F4CC064E30DA8EF7580DD752
    SHA-512:421C5C5CBF050D710B7D4D4D6755A79167006F81FF038380F9FB1867BDAE0C9D7D37E8E5187C834B040B40EE23335A04502DC8ACB0225938A9939D3666C32D76
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):289
    Entropy (8bit):5.288268787463385
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJfbpatdPeUkwRe9:YvXKXuqpmGcGWdQGVat8Ukee9
    MD5:49F1EF19DE8D0BD23408332DC0C46DB7
    SHA1:DAC0C01C4553A81538DB4624C00422CEDFEA3FFA
    SHA-256:9AE17F031F661296EDFA5109F655E68587C540E08BE99DC3533CD501313CB544
    SHA-512:825D4480395AFC875DF685689F639046B3837C38D40238E55A06FDC9494AFB33EE33C14DCC9A8BC5C64EA9E7C12303C0698F1481FBBA800731E3BF00E2B6C4A3
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):286
    Entropy (8bit):5.2460945166446935
    Encrypted:false
    SSDEEP:6:YEQXJ2HXPWxMpUHGnZiQ0YRWdvoAvJfshHHrPeUkwRe9:YvXKXuqpmGcGWdQGUUUkee9
    MD5:4DC6DF7BC56FB5E95009AA7BE8810CED
    SHA1:4E078F2D3FD40B759D59DCFAB83E45685A586AA6
    SHA-256:F6F2D729F893B8F07417449BE48275776C801A4ABC045AA3618941600BA8557C
    SHA-512:712A95ADD107C8517AC199631EF3E71F77F8AA6A2D0C6968C746262149103A3982A0FF72D22FBA3AEF560B77D33F31F1A48108901ACF8F44262075B1C4C53E14
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):782
    Entropy (8bit):5.357139967217346
    Encrypted:false
    SSDEEP:12:YvXKXuqpmGcGWdQGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWR:Yv6XuqmGaG168CgEXX5kcIfANhM
    MD5:59404DAA59D3192BB725F35AD0497966
    SHA1:F3A8E04E06E44FFEBC3DC97FFEA74588C84E67C2
    SHA-256:CD2B29186212E8E3589C1F203CC712B874AEA1ADF903062B5653C364A116DF10
    SHA-512:28D1A5817D1A3650FD32BFC68FE9F5F9FAE819EF08221E36BDA46BA747FEBD2C46A21E8416C72272ABD47ABB3D34BC99975EDBDE2F51EC2D30628C6A03A914DE
    Malicious:false
    Reputation:low
    Preview:{"analyticsData":{"responseGUID":"8368e9e1-6074-4da2-bc6e-521e4c1a7085","sophiaUUID":"7B9B8415-3339-46DA-BE0A-54DDE09AC518"},"encodingScheme":true,"expirationDTS":1718868258504,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1718692728535}}}}

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:data
    Category:dropped
    Size (bytes):4
    Entropy (8bit):0.8112781244591328
    Encrypted:false
    SSDEEP:3:e:e
    MD5:DC84B0D741E5BEAE8070013ADDCC8C28
    SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
    SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
    SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
    Malicious:false
    Reputation:low
    Preview:....

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:JSON data
    Category:dropped
    Size (bytes):2814
    Entropy (8bit):5.140314054850346
    Encrypted:false
    SSDEEP:24:YeHTAW4nflCbmsiMGOt57TeajX3ayIRdwST2jI58j0SGldG2r2LSwRRF1Ml5RV9L:YeH3OE7uAF5X6dmwOqgGiPF1MlPV9eA
    MD5:375DCF65C805442B34B03763416E068A
    SHA1:0EB2D1C11A3CEC6C57CEF55BAEA0131548C17C33
    SHA-256:2B234D7995FF57F64C1F307B4A70C3055216D7EF026998ADEC3D081A1B1D285A
    SHA-512:E276EC4EBEBB981AB78C951EAF443154840303226F9CD270BECFE8FD183A6FB7E8AAB306C466D642669B0A6B4DEBCBA082F880AC83D5B30BD27AAA25F9460B5D
    Malicious:false
    Reputation:low
    Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ef095fbefa90b6675b41f7b77c044650","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1718692728000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"0a7ba1344efe6aacff330d8cb53a0d09","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1718692728000},{"id":"Edit_InApp_Aug2020","info":{"dg":"cceb9eabc5aa4678a99ae74dc01f7e69","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1718692728000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"e5c39950492b60789a659713942b6400","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1718692728000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"63b96281b89acf5eb7c775db35002f21","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1718692728000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"70a69eb39fead70439941ef690b722c6","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1718692728000},

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 24, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 24
    Category:dropped
    Size (bytes):12288
    Entropy (8bit):1.1450097125382765
    Encrypted:false
    SSDEEP:24:TLhx/XYKQvGJF7urstRZXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcH0:TFl2GL7msxXc+XcGNFlRYIX2v3k0
    MD5:D0642CDB75AFF18D29E45E3F88C89C72
    SHA1:90B40F90E48C817CF5263BB9E67592277E98C4ED
    SHA-256:BDBE240D66A6FC3A031BB3B7D7D1C020281E40CF8E49167EE312B5BE5F3C7927
    SHA-512:518B0E154490526AD7C20ED9408C1BAB5455833F716BEBEE66DADA42F2131F86C938B6CD55759F5CD7000FB454C5DC8107B57DFBCDD8D71AB7A3323A3209FE59
    Malicious:false
    Reputation:low
    Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:SQLite Rollback Journal
    Category:dropped
    Size (bytes):8720
    Entropy (8bit):1.5502763245432876
    Encrypted:false
    SSDEEP:24:7+tFUXcMRZXcMZgux3Fmu3n9u1oGuDyIX4uDyvuOudIUudcHRuLux8nqLxx/XYKF:7M2Xc+XcGNFlRYIX2vdnqVl2GL7msN
    MD5:678AC07C024E421A5AD149EB3BF66CC1
    SHA1:F4698021FC3E5C9CD01259DF131B4A460A18276F
    SHA-256:7E51DD403ED56671C7CC0FF22FC6B5A9278ABA1A81567956D668B05B5B0A121F
    SHA-512:7C950CA749629F81123978286ADE2E9837B6EC71BA602AAED4B465548EF9462168B907B4AE28C8D5C1AA477CE153E9CB50D387E886230A3FF1DE14DD2F99ADAE
    Malicious:false
    Reputation:low
    Preview:.... .c......N............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................b..b.b.b.b.b.b.b.b.b.b.b.b.b..................................................................................................................................................................................................................................................................................................................................................................................................................................................................

    C:\Users\user\AppData\Local\Temp\MSI2300a.LOG

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
    Category:dropped
    Size (bytes):246
    Entropy (8bit):3.5441332632710916
    Encrypted:false
    SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8sKcIlnNg9:Qw946cPbiOxDlbYnuRKScI/e
    MD5:9B30DA5C801750546C1A9A0E85A612B0
    SHA1:90C75485C8D94849FC5F8CEE5B6BA28D100BF85B
    SHA-256:D453834A3955F165082FC8AF60A8CD6BEAD589AD95CD6F085A218F22C79459EE
    SHA-512:9A306F2E14FDF84E86AAE84DFD735A7475C0105F4CF292B6558A688583BE04FF40313580F2FA5B58B22A665DE7D578E869C0FEF70C4BEABF78BD165A6F2BC3B1
    Malicious:false
    Reputation:low
    Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.8./.0.6./.2.0.2.4. . .0.2.:.3.8.:.4.9. .=.=.=.....

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9a5vt2u_1fcz0x1_1p0.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:PDF document, version 1.6, 0 pages
    Category:dropped
    Size (bytes):358
    Entropy (8bit):5.091930671864232
    Encrypted:false
    SSDEEP:6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOXO9WAkhO9WGCSyAAO:IngVMre9T0HQIDmy9g06JXu9WAk49WGR
    MD5:632638918B21D6CF1538ADCF7875C89D
    SHA1:A8D2CEA83607337C678599F2198D136EACFCA608
    SHA-256:30201424012BCB8A68441C7A7BBB64343CD491B6515CE205BC388125295DE608
    SHA-512:F83B90A4CC51429BA7C535B8609D0BC63CD5DEECA214C8F8654FF9D3F8B4BA110A28C20B22A9E3285DCE921198CF4B3EFCFDFECE92C25A78ABC7B95A41B664B8
    Malicious:false
    Reputation:low
    Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<FAF1A7C3A812D2498D98FE27E690ABFE><FAF1A7C3A812D2498D98FE27E690ABFE>]>>..startxref..127..%%EOF..

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-06-18 02-38-44-172.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393)
    Category:dropped
    Size (bytes):16525
    Entropy (8bit):5.338264912747007
    Encrypted:false
    SSDEEP:384:lH4ZASLaTgKoBKkrNdOZTfUY9/B6u6AJ8dbBNrSVNspYiz5LkiTjgjQLhDydAY8s:kIb
    MD5:128A51060103D95314048C2F32A15C66
    SHA1:EEB64761BE485729CD12BF4FBF7F2A68BA1AD7DB
    SHA-256:601388D70DFB723E560FEA6AE08E5FEE8C1A980DF7DF9B6C10E1EC39705D4713
    SHA-512:55099B6F65D6EF41BC0C077BF810A13BA338C503974B4A5F2AA8EB286E1FCF49DF96318B1DA691296FB71AA8F2A2EA1406C4E86F219B40FB837F2E0BF208E677
    Malicious:false
    Reputation:low
    Preview:SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:066+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=e060408f-9833-415c-bd59-cc59ace6b516.1696488385066 Timestamp=2023-10-05T08:46:25:067+0200 ThreadID=6912 Component=ngl-lib_NglAppLib Description="SetConfig:

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with very long lines (393), with CRLF line terminators
    Category:dropped
    Size (bytes):16603
    Entropy (8bit):5.353920592414103
    Encrypted:false
    SSDEEP:384:AN5NTNSNLghgYg1jnQaCyaParagapxoxOPcx/tS/t+/tgO0OXOjOKOVb5hzLz7zN:ArNoF2BsjQxy4yp6qQC/w/M/u7scBQ7Z
    MD5:C866ECFE927F2AE190681BD9D8F1DDE1
    SHA1:8D1CA247EC920949C9EB8818CE9E7D96DFFF777C
    SHA-256:804F455500E130AF349E24313640101E1A1BB500A0D9FFCD79F8CBC0689F892B
    SHA-512:02E5B17147B28224FAF9A480F5F632D83D06814FDAFD007BF3894295209C35165A6D7E3BE3A85DE1D718ACCA6507D9F857F06764A8CDC5BCF6F12C47B23EF3C2
    Malicious:false
    Reputation:low
    Preview:SessionID=63af7bd1-b3d8-4ff6-8bbd-4c0a4fb47648.1718692724187 Timestamp=2024-06-18T02:38:44:187-0400 ThreadID=7072 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=63af7bd1-b3d8-4ff6-8bbd-4c0a4fb47648.1718692724187 Timestamp=2024-06-18T02:38:44:204-0400 ThreadID=7072 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=63af7bd1-b3d8-4ff6-8bbd-4c0a4fb47648.1718692724187 Timestamp=2024-06-18T02:38:44:204-0400 ThreadID=7072 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=63af7bd1-b3d8-4ff6-8bbd-4c0a4fb47648.1718692724187 Timestamp=2024-06-18T02:38:44:204-0400 ThreadID=7072 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=63af7bd1-b3d8-4ff6-8bbd-4c0a4fb47648.1718692724187 Timestamp=2024-06-18T02:38:44:205-0400 ThreadID=7072 Component=ngl-lib_NglAppLib Description="SetConf

    C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    File Type:ASCII text, with CRLF line terminators
    Category:dropped
    Size (bytes):29845
    Entropy (8bit):5.397322102387297
    Encrypted:false
    SSDEEP:192:acb4I3dcbPcbaIO4cbYcbqnIdjcb6acbaIewcbrVbcbiIgi/cbC:V3fOCIdJDesgi
    MD5:A4770FA710BB612F9AAA4BC459AB6BBA
    SHA1:C0459ADDDF1EC89810383584031F52ADDA105C0E
    SHA-256:F8EBBA922475E793D812FB78CB17C8469B67DDBE9348652DD09A922149E42C70
    SHA-512:DBDDF742487ECA6E569090C156CE119F16DD06AD653E13DF93BFD2C87A65C5D85F906A7FD1703F143C6208B79EFC3065DC43FD262C5AAB9961A134A7896C08CB
    Malicious:false
    Reputation:low
    Preview:05-10-2023 08:20:22:.---2---..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ***************************************..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 08:20:22:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 08:20:22:.Closing File..05-10-

    C:\Users\user\AppData\Local\Temp\acrocef_low\4d153879-1193-46a0-9bed-61c8971b6370.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
    Category:dropped
    Size (bytes):1407294
    Entropy (8bit):7.97605879016224
    Encrypted:false
    SSDEEP:24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R077WLaGZ7wYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs03WLaGZw
    MD5:8B9FA2EC5118087D19CFDB20DA7C4C26
    SHA1:E32D6A1829B18717EF1455B73E88D36E0410EF93
    SHA-256:4782624EA3A4B3C6EB782689208148B636365AA8E5DAF00814FA9AB722259CBD
    SHA-512:662F8664CC3F4E8356D5F5794074642DB65565D40AC9FEA323E16E84EBD4F961701460A1310CC863D1AB38849E84E2142382F5DB88A0E53F97FF66248230F7B9
    Malicious:false
    Reputation:low
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\77abd3a5-c17d-4983-a0bf-732e2763fddb.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
    Category:dropped
    Size (bytes):1419751
    Entropy (8bit):7.976496077007677
    Encrypted:false
    SSDEEP:24576:/xA7owWLaGZDwYIGNPJodpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGk3mlind9i4ufFXpAXkru
    MD5:18E3D04537AF72FDBEB3760B2D10C80E
    SHA1:B313CD0B25E41E5CF0DFB83B33AB3E3C7678D5CC
    SHA-256:BBEF113A2057EE7EAC911DC960D36D4A62C262DAE5B1379257908228243BD6F4
    SHA-512:2A5B9B0A5DC98151AD2346055DF2F7BFDE62F6069A4A6A9AB3377B644D61AE31609B9FC73BEE4A0E929F84BF30DA4C1CDE628915AC37C7542FD170D12DE41298
    Malicious:false
    Reputation:low
    Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

    C:\Users\user\AppData\Local\Temp\acrocef_low\98fa2e0f-b1dc-4c9b-a0e3-e5a7036ab781.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
    Category:dropped
    Size (bytes):386528
    Entropy (8bit):7.9736851559892425
    Encrypted:false
    SSDEEP:6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
    MD5:5C48B0AD2FEF800949466AE872E1F1E2
    SHA1:337D617AE142815EDDACB48484628C1F16692A2F
    SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
    SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
    Malicious:false
    Reputation:low
    Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

    C:\Users\user\AppData\Local\Temp\acrocef_low\d4273e52-7d16-436e-9109-cb5b99c367d8.tmp

    Download File
    Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
    Category:dropped
    Size (bytes):758601
    Entropy (8bit):7.98639316555857
    Encrypted:false
    SSDEEP:12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
    MD5:3A49135134665364308390AC398006F1
    SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
    SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
    SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
    Malicious:false
    Reputation:low
    Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

    C:\Users\user\Downloads\91a8a3be-429c-4b06-8396-54e3d5e66d73.tmp

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PDF document, version 1.6 (zip deflate encoded)
    Category:dropped
    Size (bytes):261665
    Entropy (8bit):7.984876155555065
    Encrypted:false
    SSDEEP:6144:22CzEmSQz/XF6tsZFtIRSutvZU1e+mKGggQBR3lbvD:22Tmrj16tsSHvZU3G6Z
    MD5:C26F7D14B08BE5EBC70EFE2B8ADCC87D
    SHA1:5C6F304EC99177D2D90D54A56C81FCD26837E2B7
    SHA-256:FFEC9D0932DA38DCBE71DB0E06EC649CCA8EB300139146F7441DE74E2AE49FD4
    SHA-512:4D4052E6F2E2E5D48DDBEA607D3B3EF488D93328A0E628C2ED5F50CEFCF84DA18B2EE7E4ADD69EB56CE9391250057733010A41EE239C7DD55B3D834A0B3F1D27
    Malicious:false
    Reputation:low
    Preview:%PDF-1.6.%......35 0 obj.<</Linearized 1/L 261665/O 37/E 154155/N 3/T 261298/H [ 508 256]>>.endobj. ..55 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<A9000636F50FB65C65AE1E97F62AAF32><14549AC33F79FF4C9E99764CE1900294>]/Index[35 35]/Info 34 0 R/Length 102/Prev 261299/Root 36 0 R/Size 70/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``z.".......b.f.Hf.0).&]...`v%..."Y-@.....u.....-.$.s..{dA." .....&..@.@.T .30^...`..\.E..endstream.endobj.startxref..0..%%EOF.. ..69 0 obj.<</Filter/FlateDecode/I 182/L 166/Length 169/S 93>>stream..h.b```f``.e`a`.~. ..B@1V .........y. 2..+{..J]r.]..l........... h`H..P.@....16`......#...b.o1.a......1.".J...5....^...w....p..a8.....t...00..............B..z....]4,P..endstream.endobj.36 0 obj.<</Metadata 17 0 R/PageLabels 31 0 R/Pages 33 0 R/Type/Catalog>>.endobj.37 0 obj.<</Contents[40 0 R 41 0 R 42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 48 0 R]/CropBox[0 0 612 792]/MediaBox[0 0 612 792]/Parent 33 0 R/Resources 56 0 R/Rot

    C:\Users\user\Downloads\downloaded.pdf (copy)

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PDF document, version 1.6 (zip deflate encoded)
    Category:dropped
    Size (bytes):261665
    Entropy (8bit):7.984876155555065
    Encrypted:false
    SSDEEP:6144:22CzEmSQz/XF6tsZFtIRSutvZU1e+mKGggQBR3lbvD:22Tmrj16tsSHvZU3G6Z
    MD5:C26F7D14B08BE5EBC70EFE2B8ADCC87D
    SHA1:5C6F304EC99177D2D90D54A56C81FCD26837E2B7
    SHA-256:FFEC9D0932DA38DCBE71DB0E06EC649CCA8EB300139146F7441DE74E2AE49FD4
    SHA-512:4D4052E6F2E2E5D48DDBEA607D3B3EF488D93328A0E628C2ED5F50CEFCF84DA18B2EE7E4ADD69EB56CE9391250057733010A41EE239C7DD55B3D834A0B3F1D27
    Malicious:false
    Reputation:low
    Preview:%PDF-1.6.%......35 0 obj.<</Linearized 1/L 261665/O 37/E 154155/N 3/T 261298/H [ 508 256]>>.endobj. ..55 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<A9000636F50FB65C65AE1E97F62AAF32><14549AC33F79FF4C9E99764CE1900294>]/Index[35 35]/Info 34 0 R/Length 102/Prev 261299/Root 36 0 R/Size 70/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``z.".......b.f.Hf.0).&]...`v%..."Y-@.....u.....-.$.s..{dA." .....&..@.@.T .30^...`..\.E..endstream.endobj.startxref..0..%%EOF.. ..69 0 obj.<</Filter/FlateDecode/I 182/L 166/Length 169/S 93>>stream..h.b```f``.e`a`.~. ..B@1V .........y. 2..+{..J]r.]..l........... h`H..P.@....16`......#...b.o1.a......1.".J...5....^...w....p..a8.....t...00..............B..z....]4,P..endstream.endobj.36 0 obj.<</Metadata 17 0 R/PageLabels 31 0 R/Pages 33 0 R/Type/Catalog>>.endobj.37 0 obj.<</Contents[40 0 R 41 0 R 42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 48 0 R]/CropBox[0 0 612 792]/MediaBox[0 0 612 792]/Parent 33 0 R/Resources 56 0 R/Rot

    C:\Users\user\Downloads\downloaded.pdf.crdownload

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PDF document, version 1.6 (zip deflate encoded)
    Category:dropped
    Size (bytes):261665
    Entropy (8bit):7.984876155555065
    Encrypted:false
    SSDEEP:6144:22CzEmSQz/XF6tsZFtIRSutvZU1e+mKGggQBR3lbvD:22Tmrj16tsSHvZU3G6Z
    MD5:C26F7D14B08BE5EBC70EFE2B8ADCC87D
    SHA1:5C6F304EC99177D2D90D54A56C81FCD26837E2B7
    SHA-256:FFEC9D0932DA38DCBE71DB0E06EC649CCA8EB300139146F7441DE74E2AE49FD4
    SHA-512:4D4052E6F2E2E5D48DDBEA607D3B3EF488D93328A0E628C2ED5F50CEFCF84DA18B2EE7E4ADD69EB56CE9391250057733010A41EE239C7DD55B3D834A0B3F1D27
    Malicious:false
    Reputation:low
    Preview:%PDF-1.6.%......35 0 obj.<</Linearized 1/L 261665/O 37/E 154155/N 3/T 261298/H [ 508 256]>>.endobj. ..55 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<A9000636F50FB65C65AE1E97F62AAF32><14549AC33F79FF4C9E99764CE1900294>]/Index[35 35]/Info 34 0 R/Length 102/Prev 261299/Root 36 0 R/Size 70/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``z.".......b.f.Hf.0).&]...`v%..."Y-@.....u.....-.$.s..{dA." .....&..@.@.T .30^...`..\.E..endstream.endobj.startxref..0..%%EOF.. ..69 0 obj.<</Filter/FlateDecode/I 182/L 166/Length 169/S 93>>stream..h.b```f``.e`a`.~. ..B@1V .........y. 2..+{..J]r.]..l........... h`H..P.@....16`......#...b.o1.a......1.".J...5....^...w....p..a8.....t...00..............B..z....]4,P..endstream.endobj.36 0 obj.<</Metadata 17 0 R/PageLabels 31 0 R/Pages 33 0 R/Type/Catalog>>.endobj.37 0 obj.<</Contents[40 0 R 41 0 R 42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 48 0 R]/CropBox[0 0 612 792]/MediaBox[0 0 612 792]/Parent 33 0 R/Resources 56 0 R/Rot

    Chrome Cache Entry: 209

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:dropped
    Size (bytes):1150
    Entropy (8bit):4.665213803293841
    Encrypted:false
    SSDEEP:12:RM2BuBMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMhrh/QvR6h5s:y2BuSF/yR6P32jvTOsLHffyoZX
    MD5:FF5E0DFDB1B13C53E4958A0CBE3838EF
    SHA1:FFC6A016F8CE27A4D9D94C7880C2D38D4626ADFD
    SHA-256:F61B9DCA35C762A2A00D8D9D084C8AE1FC0B7F968246D07768035D6AD5FDC6A0
    SHA-512:388DAEA4756153F3C74D6A0FB17DEB6306E03EF84C903F56D0DCA867B50A5609593545A2E8489B9A0ADDBE729C55E5E84995C1095C574018748F4CC3E54BAFB7
    Malicious:false
    Reputation:low
    Preview:............ .h.......(....... ..... .....@...................!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*...C...C...C...C...C...C...C...C...C...C...C...C...C...C...C...C...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...{..h....^..x7...D..Z...{..|>...G..V...T....W..T...m'..T...T.......]...m&..T...b..n(.....T...j".....T...y8..T.......T...T.......T...T...i .....a......T...T......T....W..y7......T...T.......T...d.....h...T......T...T......T...m'..\......T...T.......T.......T...T...T......T...U......T....W...V...T..T...T......U...t..X....M..T......j!..q..r...T...T.......Z...T...T...o*..^...V...v4..r-..Z...o*..g...T...T

    Chrome Cache Entry: 210

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:PDF document, version 1.6 (zip deflate encoded)
    Category:downloaded
    Size (bytes):261665
    Entropy (8bit):7.984876155555065
    Encrypted:false
    SSDEEP:6144:22CzEmSQz/XF6tsZFtIRSutvZU1e+mKGggQBR3lbvD:22Tmrj16tsSHvZU3G6Z
    MD5:C26F7D14B08BE5EBC70EFE2B8ADCC87D
    SHA1:5C6F304EC99177D2D90D54A56C81FCD26837E2B7
    SHA-256:FFEC9D0932DA38DCBE71DB0E06EC649CCA8EB300139146F7441DE74E2AE49FD4
    SHA-512:4D4052E6F2E2E5D48DDBEA607D3B3EF488D93328A0E628C2ED5F50CEFCF84DA18B2EE7E4ADD69EB56CE9391250057733010A41EE239C7DD55B3D834A0B3F1D27
    Malicious:false
    Reputation:low
    URL:https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf
    Preview:%PDF-1.6.%......35 0 obj.<</Linearized 1/L 261665/O 37/E 154155/N 3/T 261298/H [ 508 256]>>.endobj. ..55 0 obj.<</DecodeParms<</Columns 5/Predictor 12>>/Filter/FlateDecode/ID[<A9000636F50FB65C65AE1E97F62AAF32><14549AC33F79FF4C9E99764CE1900294>]/Index[35 35]/Info 34 0 R/Length 102/Prev 261299/Root 36 0 R/Size 70/Type/XRef/W[1 3 1]>>stream..h.bbd`.``b``z.".......b.f.Hf.0).&]...`v%..."Y-@.....u.....-.$.s..{dA." .....&..@.@.T .30^...`..\.E..endstream.endobj.startxref..0..%%EOF.. ..69 0 obj.<</Filter/FlateDecode/I 182/L 166/Length 169/S 93>>stream..h.b```f``.e`a`.~. ..B@1V .........y. 2..+{..J]r.]..l........... h`H..P.@....16`......#...b.o1.a......1.".J...5....^...w....p..a8.....t...00..............B..z....]4,P..endstream.endobj.36 0 obj.<</Metadata 17 0 R/PageLabels 31 0 R/Pages 33 0 R/Type/Catalog>>.endobj.37 0 obj.<</Contents[40 0 R 41 0 R 42 0 R 43 0 R 44 0 R 45 0 R 46 0 R 48 0 R]/CropBox[0 0 612 792]/MediaBox[0 0 612 792]/Parent 33 0 R/Resources 56 0 R/Rot

    Chrome Cache Entry: 211

    Download File
    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
    File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
    Category:downloaded
    Size (bytes):1150
    Entropy (8bit):4.665213803293841
    Encrypted:false
    SSDEEP:12:RM2BuBMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMhrh/QvR6h5s:y2BuSF/yR6P32jvTOsLHffyoZX
    MD5:FF5E0DFDB1B13C53E4958A0CBE3838EF
    SHA1:FFC6A016F8CE27A4D9D94C7880C2D38D4626ADFD
    SHA-256:F61B9DCA35C762A2A00D8D9D084C8AE1FC0B7F968246D07768035D6AD5FDC6A0
    SHA-512:388DAEA4756153F3C74D6A0FB17DEB6306E03EF84C903F56D0DCA867B50A5609593545A2E8489B9A0ADDBE729C55E5E84995C1095C574018748F4CC3E54BAFB7
    Malicious:false
    Reputation:low
    URL:https://cdn.aws.isda.org/favicon2.ico
    Preview:............ .h.......(....... ..... .....@...................!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.J:1.Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*..Q*...C...C...C...C...C...C...C...C...C...C...C...C...C...C...C...C...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...T...{..h....^..x7...D..Z...{..|>...G..V...T....W..T...m'..T...T.......]...m&..T...b..n(.....T...j".....T...y8..T.......T...T.......T...T...i .....a......T...T......T....W..y7......T...T.......T...d.....h...T......T...T......T...m'..\......T...T.......T.......T...T...T......T...U......T....W...V...T..T...T......U...t..X....M..T......j!..q..r...T...T.......Z...T...T...o*..^...V...v4..r-..Z...o*..g...T...T

    Static File Info

    No static file info

    File Icon

    Icon Hash:00b29a8e86828200

    Network Behavior

    Network Port Distribution

    TCP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jun 18, 2024 08:37:14.262335062 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:14.262373924 CEST4434971140.113.103.199192.168.2.6
    Jun 18, 2024 08:37:14.262449026 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:14.263221025 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:14.263232946 CEST4434971140.113.103.199192.168.2.6
    Jun 18, 2024 08:37:15.390948057 CEST4434971140.113.103.199192.168.2.6
    Jun 18, 2024 08:37:15.391216993 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:15.393443108 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:15.393454075 CEST4434971140.113.103.199192.168.2.6
    Jun 18, 2024 08:37:15.394036055 CEST4434971140.113.103.199192.168.2.6
    Jun 18, 2024 08:37:15.396469116 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:15.396549940 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:15.396554947 CEST4434971140.113.103.199192.168.2.6
    Jun 18, 2024 08:37:15.396739960 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:15.444521904 CEST4434971140.113.103.199192.168.2.6
    Jun 18, 2024 08:37:15.641357899 CEST4434971140.113.103.199192.168.2.6
    Jun 18, 2024 08:37:15.642014027 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:15.642034054 CEST4434971140.113.103.199192.168.2.6
    Jun 18, 2024 08:37:15.642054081 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:15.642105103 CEST49711443192.168.2.640.113.103.199
    Jun 18, 2024 08:37:15.740125895 CEST49674443192.168.2.6173.222.162.64
    Jun 18, 2024 08:37:15.755650997 CEST49673443192.168.2.6173.222.162.64
    Jun 18, 2024 08:37:16.036997080 CEST49672443192.168.2.6173.222.162.64
    Jun 18, 2024 08:37:16.879189968 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:16.879242897 CEST4434971240.113.110.67192.168.2.6
    Jun 18, 2024 08:37:16.879429102 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:16.880139112 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:16.880153894 CEST4434971240.113.110.67192.168.2.6
    Jun 18, 2024 08:37:17.989859104 CEST4434971240.113.110.67192.168.2.6
    Jun 18, 2024 08:37:17.990005016 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:18.106249094 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:18.106287003 CEST4434971240.113.110.67192.168.2.6
    Jun 18, 2024 08:37:18.107305050 CEST4434971240.113.110.67192.168.2.6
    Jun 18, 2024 08:37:18.108632088 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:18.108844995 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:18.108853102 CEST4434971240.113.110.67192.168.2.6
    Jun 18, 2024 08:37:18.108999014 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:18.152514935 CEST4434971240.113.110.67192.168.2.6
    Jun 18, 2024 08:37:18.354171038 CEST4434971240.113.110.67192.168.2.6
    Jun 18, 2024 08:37:18.354919910 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:18.354988098 CEST4434971240.113.110.67192.168.2.6
    Jun 18, 2024 08:37:18.355020046 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:18.355047941 CEST49712443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:22.909049034 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:22.909101963 CEST4434971840.113.110.67192.168.2.6
    Jun 18, 2024 08:37:22.909161091 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:22.910048008 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:22.910064936 CEST4434971840.113.110.67192.168.2.6
    Jun 18, 2024 08:37:24.015544891 CEST49719443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.015584946 CEST4434971952.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.015665054 CEST49719443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.015957117 CEST49719443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.015974045 CEST4434971952.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.016331911 CEST49720443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.016340017 CEST4434972052.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.016681910 CEST49720443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.016853094 CEST49720443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.016861916 CEST4434972052.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.018429995 CEST4434971840.113.110.67192.168.2.6
    Jun 18, 2024 08:37:24.018510103 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:24.023232937 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:24.023246050 CEST4434971840.113.110.67192.168.2.6
    Jun 18, 2024 08:37:24.023492098 CEST4434971840.113.110.67192.168.2.6
    Jun 18, 2024 08:37:24.027378082 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:24.027441025 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:24.027446985 CEST4434971840.113.110.67192.168.2.6
    Jun 18, 2024 08:37:24.027599096 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:24.068501949 CEST4434971840.113.110.67192.168.2.6
    Jun 18, 2024 08:37:24.273201942 CEST4434971840.113.110.67192.168.2.6
    Jun 18, 2024 08:37:24.274349928 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:24.274434090 CEST4434971840.113.110.67192.168.2.6
    Jun 18, 2024 08:37:24.274487019 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:24.274521112 CEST49718443192.168.2.640.113.110.67
    Jun 18, 2024 08:37:24.700109005 CEST4434971952.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.700443983 CEST4434972052.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.700500011 CEST49719443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.700515985 CEST4434971952.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.700689077 CEST49720443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.700695992 CEST4434972052.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.701653957 CEST4434971952.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.701726913 CEST49719443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.701813936 CEST4434972052.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.701864004 CEST49720443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.702950954 CEST49719443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.703025103 CEST4434971952.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.703269005 CEST49720443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.703332901 CEST4434972052.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.703413010 CEST49719443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.703422070 CEST4434971952.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.755489111 CEST49719443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.756999969 CEST49720443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:24.757014036 CEST4434972052.201.165.217192.168.2.6
    Jun 18, 2024 08:37:24.812148094 CEST49720443192.168.2.652.201.165.217
    Jun 18, 2024 08:37:25.340620041 CEST49674443192.168.2.6173.222.162.64
    Jun 18, 2024 08:37:25.364749908 CEST49673443192.168.2.6173.222.162.64
    Jun 18, 2024 08:37:25.644454956 CEST49672443192.168.2.6173.222.162.64
    Jun 18, 2024 08:37:25.911140919 CEST4434971952.201.165.217192.168.2.6
    Jun 18, 2024 08:37:25.911161900 CEST4434971952.201.165.217192.168.2.6
    Jun 18, 2024 08:37:25.911170006 CEST4434971952.201.165.217192.168.2.6
    Jun 18, 2024 08:37:25.911192894 CEST4434971952.201.165.217192.168.2.6

    UDP Packets

    TimestampSource PortDest PortSource IPDest IP
    Jun 18, 2024 08:37:22.164285898 CEST53637651.1.1.1192.168.2.6
    Jun 18, 2024 08:37:22.165307999 CEST53639981.1.1.1192.168.2.6
    Jun 18, 2024 08:37:23.554342985 CEST53647361.1.1.1192.168.2.6
    Jun 18, 2024 08:37:23.974090099 CEST5370053192.168.2.61.1.1.1
    Jun 18, 2024 08:37:23.974488020 CEST6404253192.168.2.61.1.1.1
    Jun 18, 2024 08:37:23.996126890 CEST53640421.1.1.1192.168.2.6
    Jun 18, 2024 08:37:24.014826059 CEST53537001.1.1.1192.168.2.6
    Jun 18, 2024 08:37:26.533845901 CEST6213153192.168.2.61.1.1.1
    Jun 18, 2024 08:37:26.534686089 CEST5746053192.168.2.61.1.1.1
    Jun 18, 2024 08:37:26.540777922 CEST53621311.1.1.1192.168.2.6
    Jun 18, 2024 08:37:26.541627884 CEST53574601.1.1.1192.168.2.6
    Jun 18, 2024 08:37:27.884346962 CEST5734053192.168.2.61.1.1.1
    Jun 18, 2024 08:37:27.884756088 CEST5467953192.168.2.61.1.1.1
    Jun 18, 2024 08:37:28.048213959 CEST53546791.1.1.1192.168.2.6
    Jun 18, 2024 08:37:28.048302889 CEST53573401.1.1.1192.168.2.6
    Jun 18, 2024 08:37:29.302901983 CEST5800153192.168.2.61.1.1.1
    Jun 18, 2024 08:37:29.303633928 CEST5603653192.168.2.61.1.1.1
    Jun 18, 2024 08:37:29.342432022 CEST53560361.1.1.1192.168.2.6
    Jun 18, 2024 08:37:29.354439020 CEST53580011.1.1.1192.168.2.6
    Jun 18, 2024 08:37:40.842355013 CEST53535821.1.1.1192.168.2.6
    Jun 18, 2024 08:37:59.944591999 CEST53520191.1.1.1192.168.2.6
    Jun 18, 2024 08:38:21.815973043 CEST53572651.1.1.1192.168.2.6
    Jun 18, 2024 08:38:22.324947119 CEST53647981.1.1.1192.168.2.6
    Jun 18, 2024 08:38:47.645592928 CEST5270253192.168.2.61.1.1.1
    Jun 18, 2024 08:38:47.654561043 CEST53527021.1.1.1192.168.2.6
    Jun 18, 2024 08:38:54.035972118 CEST49940443192.168.2.6172.64.41.3
    Jun 18, 2024 08:38:54.347479105 CEST49940443192.168.2.6172.64.41.3
    Jun 18, 2024 08:38:54.641580105 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:54.641623974 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:54.641643047 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:54.641839981 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:54.641951084 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:54.642282963 CEST49940443192.168.2.6172.64.41.3
    Jun 18, 2024 08:38:54.645334959 CEST49940443192.168.2.6172.64.41.3
    Jun 18, 2024 08:38:54.959100008 CEST49940443192.168.2.6172.64.41.3
    Jun 18, 2024 08:38:55.086867094 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:55.601006985 CEST49940443192.168.2.6172.64.41.3
    Jun 18, 2024 08:38:55.601336956 CEST49940443192.168.2.6172.64.41.3
    Jun 18, 2024 08:38:55.732567072 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:55.732610941 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:55.732640982 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:55.732671022 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:55.733619928 CEST49940443192.168.2.6172.64.41.3
    Jun 18, 2024 08:38:55.733813047 CEST49940443192.168.2.6172.64.41.3
    Jun 18, 2024 08:38:55.870518923 CEST44349940172.64.41.3192.168.2.6
    Jun 18, 2024 08:38:55.896164894 CEST49940443192.168.2.6172.64.41.3
    Jun 18, 2024 08:39:07.835800886 CEST49940443192.168.2.6172.64.41.3

    DNS Queries

    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
    Jun 18, 2024 08:37:23.974090099 CEST192.168.2.61.1.1.10x6036Standard query (0)www.isda.orgA (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:23.974488020 CEST192.168.2.61.1.1.10x85c3Standard query (0)www.isda.org65IN (0x0001)false
    Jun 18, 2024 08:37:26.533845901 CEST192.168.2.61.1.1.10xc0b8Standard query (0)www.google.comA (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:26.534686089 CEST192.168.2.61.1.1.10x38c6Standard query (0)www.google.com65IN (0x0001)false
    Jun 18, 2024 08:37:27.884346962 CEST192.168.2.61.1.1.10xf046Standard query (0)cdn.aws.isda.orgA (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:27.884756088 CEST192.168.2.61.1.1.10x747dStandard query (0)cdn.aws.isda.org65IN (0x0001)false
    Jun 18, 2024 08:37:29.302901983 CEST192.168.2.61.1.1.10xf816Standard query (0)cdn.aws.isda.orgA (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:29.303633928 CEST192.168.2.61.1.1.10xf847Standard query (0)cdn.aws.isda.org65IN (0x0001)false
    Jun 18, 2024 08:38:47.645592928 CEST192.168.2.61.1.1.10xb881Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false

    DNS Answers

    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
    Jun 18, 2024 08:37:24.014826059 CEST1.1.1.1192.168.2.60x6036No error (0)www.isda.org52.201.165.217A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:24.014826059 CEST1.1.1.1192.168.2.60x6036No error (0)www.isda.org34.205.113.90A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:26.540777922 CEST1.1.1.1192.168.2.60xc0b8No error (0)www.google.com216.58.206.36A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:26.541627884 CEST1.1.1.1192.168.2.60x38c6No error (0)www.google.com65IN (0x0001)false
    Jun 18, 2024 08:37:28.048302889 CEST1.1.1.1192.168.2.60xf046No error (0)cdn.aws.isda.org18.66.147.7A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:28.048302889 CEST1.1.1.1192.168.2.60xf046No error (0)cdn.aws.isda.org18.66.147.73A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:28.048302889 CEST1.1.1.1192.168.2.60xf046No error (0)cdn.aws.isda.org18.66.147.129A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:28.048302889 CEST1.1.1.1192.168.2.60xf046No error (0)cdn.aws.isda.org18.66.147.121A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:29.354439020 CEST1.1.1.1192.168.2.60xf816No error (0)cdn.aws.isda.org18.66.147.121A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:29.354439020 CEST1.1.1.1192.168.2.60xf816No error (0)cdn.aws.isda.org18.66.147.73A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:29.354439020 CEST1.1.1.1192.168.2.60xf816No error (0)cdn.aws.isda.org18.66.147.7A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:29.354439020 CEST1.1.1.1192.168.2.60xf816No error (0)cdn.aws.isda.org18.66.147.129A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:38.534245968 CEST1.1.1.1192.168.2.60xf1f4No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
    Jun 18, 2024 08:37:38.534245968 CEST1.1.1.1192.168.2.60xf1f4No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
    Jun 18, 2024 08:38:35.015013933 CEST1.1.1.1192.168.2.60x867fNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
    Jun 18, 2024 08:38:35.015013933 CEST1.1.1.1192.168.2.60x867fNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
    Jun 18, 2024 08:38:37.859091043 CEST1.1.1.1192.168.2.60xcd2bNo error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
    Jun 18, 2024 08:38:37.859091043 CEST1.1.1.1192.168.2.60xcd2bNo error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
    Jun 18, 2024 08:38:47.654561043 CEST1.1.1.1192.168.2.60xb881No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
    Jun 18, 2024 08:38:47.654561043 CEST1.1.1.1192.168.2.60xb881No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false

    HTTP Request Dependency Graph

    • ipinfo.io
    • www.isda.org
    • https:
      • cdn.aws.isda.org
    • fs.microsoft.com
    • slscr.update.microsoft.com
    • chrome.cloudflare-dns.com

    Statistics

    Behavior

    Click to jump to process

    System Behavior

    General

    Target ID:0
    Start time:02:37:18
    Start date:18/06/2024
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
    Imagebase:0x7ff684c40000
    File size:3'242'272 bytes
    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    General

    Target ID:2
    Start time:02:37:21
    Start date:18/06/2024
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2212,i,7945811400495194843,7150962842891366104,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
    Imagebase:0x7ff684c40000
    File size:3'242'272 bytes
    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    General

    Target ID:3
    Start time:02:37:23
    Start date:18/06/2024
    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.isda.org/a/r41gE/ISDA-SIFMA-Basel-III-Endgame-Comment-Letter-Partial-LTA.pdf"
    Imagebase:0x7ff684c40000
    File size:3'242'272 bytes
    MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    General

    Target ID:8
    Start time:02:38:40
    Start date:18/06/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
    Imagebase:0x7ff651090000
    File size:5'641'176 bytes
    MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    General

    Target ID:9
    Start time:02:38:41
    Start date:18/06/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
    Imagebase:0x7ff70df30000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    General

    Target ID:10
    Start time:02:38:42
    Start date:18/06/2024
    Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
    Wow64 process (32bit):false
    Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2152 --field-trial-handle=1684,i,6915552693595644880,6808186178863427705,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
    Imagebase:0x7ff70df30000
    File size:3'581'912 bytes
    MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
    Has elevated privileges:true
    Has administrator privileges:true
    Programmed in:C, C++ or other language
    Reputation:low
    Has exited:true

    Disassembly

    No disassembly