Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
bc3c228ad2c13f96cb14375c3860e802.pdf

Overview

General Information

Sample name:bc3c228ad2c13f96cb14375c3860e802.pdf
Analysis ID:1531083
MD5:07e084068db2e3ec1b6947d358bdbdb7
SHA1:4fe20678a003e1c40b813d34c8366c06b2b11b2a
SHA256:eb89c56d79d28e97a2c4af49d6880586efe8933543bed5a65048ea5f481f00d8

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected landing page (webpage, office document or email)
Suspicious PDF detected (based on various text indicators)
Detected non-DNS traffic on DNS port
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6556 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\bc3c228ad2c13f96cb14375c3860e802.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6148 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 1544 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1576,i,18144995794146893563,2472083385036013340,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 8108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitcentral-my.sharepoint.com/:f:/p/atrang/EiIzg32--6VGr5srw9SfI9kB0el4nsoa2UWQFBHpDbAY6w?e=tebmO8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,3636695552058561128,17798778156319188125,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Suspicious PDF detected (based on various text indicators)
Source: Adobe Acrobat PDFOCR Text: REES Tania DeAngelo has sent you encrypted PDF Document VIEW PDF DOCUMENT Microsoft respects your privacy. To learn more, please read our Privacy. Statement. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
Source: chrome.exeMemory has grown: Private usage: 17MB later: 30MB
Source: global trafficTCP traffic: 192.168.2.16:54567 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:54567 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:54567 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:54567 -> 1.1.1.1:53
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.136.10
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: spo.nel.measure.office.net
Source: global trafficDNS traffic detected: DNS query: bitcentral.sharepoint.com
Source: global trafficDNS traffic detected: DNS query: r4.res.office365.com
Source: global trafficDNS traffic detected: DNS query: config.fp.measure.office.com
Source: global trafficDNS traffic detected: DNS query: 0b2406163904f9da360672794dbfa8f8.fp.measure.office.com
Source: global trafficDNS traffic detected: DNS query: tr-ooc-atm.office.com
Source: global trafficDNS traffic detected: DNS query: upload.fp.measure.office.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54617
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54625 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 54621 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54621
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54620
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54625
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 54620 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 54617 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: classification engineClassification label: mal48.phis.winPDF@36/38@29/148
Source: bc3c228ad2c13f96cb14375c3860e802.pdfInitial sample: https://bitcentral-my.sharepoint.com/:f:/p/atrang/eiizg32--6vgr5srw9sfi9kb0el4nsoa2uwqfbhpdbay6w?e=tebmo8
Source: bc3c228ad2c13f96cb14375c3860e802.pdfInitial sample: https://bitcentral-my.sharepoint.com/:f:/p/atrang/EiIzg32--6VGr5srw9SfI9kB0el4nsoa2UWQFBHpDbAY6w?e=tebmO8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6992
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 14-42-49-124.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\bc3c228ad2c13f96cb14375c3860e802.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1576,i,18144995794146893563,2472083385036013340,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 51E4D9F6A0D8674E0FA63B14E99E1A98
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2124 --field-trial-handle=1576,i,18144995794146893563,2472083385036013340,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitcentral-my.sharepoint.com/:f:/p/atrang/EiIzg32--6VGr5srw9SfI9kB0el4nsoa2UWQFBHpDbAY6w?e=tebmO8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,3636695552058561128,17798778156319188125,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://bitcentral-my.sharepoint.com/:f:/p/atrang/EiIzg32--6VGr5srw9SfI9kB0el4nsoa2UWQFBHpDbAY6w?e=tebmO8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1768,i,3636695552058561128,17798778156319188125,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: bc3c228ad2c13f96cb14375c3860e802.pdfInitial sample: PDF keyword /JS count = 0
Source: bc3c228ad2c13f96cb14375c3860e802.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: bc3c228ad2c13f96cb14375c3860e802.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: bc3c228ad2c13f96cb14375c3860e802.pdfInitial sample: PDF keyword obj count = 54

Persistence and Installation Behavior

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentLLM: Page contains button: 'VIEW PDF DOCUMENT' Source: 'PDF document'
Source: PDF documentLLM: PDF document contains prominent button: 'view pdf document'
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		Windows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		1
Extra Window Memory Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		unknown
    dual-spo-0005.spo-msedge.net
    		13.107.136.10
    		truefalse
      		unknown
      mira-ooc.tm-4.office.com
      		52.98.179.66
      		truefalse
        		unknown
        www.google.com
        		142.250.181.228
        		truefalse
          		unknown
          x1.i.lencr.org
          		unknown
          		unknownfalse
            		unknown
            0b2406163904f9da360672794dbfa8f8.fp.measure.office.com
            		unknown
            		unknownfalse
              		unknown
              r4.res.office365.com
              		unknown
              		unknownfalse
                		unknown
                upload.fp.measure.office.com
                		unknown
                		unknownfalse
                  		unknown
                  bitcentral.sharepoint.com
                  		unknown
                  		unknownfalse
                    		unknown
                    config.fp.measure.office.com
                    		unknown
                    		unknownfalse
                      		unknown
                      tr-ooc-atm.office.com
                      		unknown
                      		unknownfalse
                        		unknown
                        spo.nel.measure.office.net
                        		unknown
                        		unknownfalse
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://bitcentral-my.sharepoint.com/personal/atrang_bitcentral_com/_layouts/15/onedrive.aspx?id=%2Fpersonal%2Fatrang%5Fbitcentral%5Fcom%2FDocuments%2FUSDCOE063628910&ga=1false
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            52.98.228.50
                            		unknownUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            142.250.185.206
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            13.107.136.10
                            		dual-spo-0005.spo-msedge.netUnited States
                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            52.168.117.175
                            		unknownUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            20.189.173.5
                            		unknownUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            40.99.253.82
                            		unknownUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            2.19.126.89
                            		unknownEuropean Union
                            		16625AKAMAI-ASUSfalse
                            20.42.65.85
                            		unknownUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            20.189.173.16
                            		unknownUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            54.144.73.197
                            		unknownUnited States
                            		14618AMAZON-AESUSfalse
                            23.57.23.230
                            		unknownUnited States
                            		16625AKAMAI-ASUSfalse
                            23.10.249.56
                            		unknownUnited States
                            		20940AKAMAI-ASN1EUfalse
                            52.98.179.66
                            		mira-ooc.tm-4.office.comUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            199.232.210.172
                            		bg.microsoft.map.fastly.netUnited States
                            		54113FASTLYUSfalse
                            172.64.41.3
                            		unknownUnited States
                            		13335CLOUDFLARENETUSfalse
                            142.250.110.84
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            34.104.35.123
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            1.1.1.1
                            		unknownAustralia
                            		13335CLOUDFLARENETUSfalse
                            142.250.186.163
                            		unknownUnited States
                            		15169GOOGLEUSfalse
                            95.101.23.155
                            		unknownEuropean Union
                            		20940AKAMAI-ASN1EUfalse
                            13.107.6.163
                            		unknownUnited States
                            		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            2.17.22.113
                            		unknownEuropean Union
                            		16625AKAMAI-ASUSfalse
                            2.23.197.184
                            		unknownEuropean Union
                            		1273CWVodafoneGroupPLCEUfalse
                            239.255.255.250
                            		unknownReserved
                            		unknownunknownfalse
                            142.250.181.228
                            		www.google.comUnited States
                            		15169GOOGLEUSfalse
                            52.123.138.73
                            		unknownUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                            95.100.50.221
                            		unknownEuropean Union
                            		16625AKAMAI-ASUSfalse
                            40.99.172.162
                            		unknownUnited States
                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                            Private

                            IP
                            192.168.2.16

                            General Information

                            Joe Sandbox version:41.0.0 Charoite
                            Analysis ID:1531083
                            Start date and time:2024-10-10 20:42:13 +02:00
                            Joe Sandbox product:CloudBasic
                            Overall analysis duration:
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                            Number of analysed new started processes analysed:18
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • EGA enabled
                            Analysis Mode:stream
                            Analysis stop reason:Timeout
                            Sample name:bc3c228ad2c13f96cb14375c3860e802.pdf
                            Detection:MAL
                            Classification:mal48.phis.winPDF@36/38@29/148
                            Cookbook Comments:
                            • Found application associated with file extension: .pdf

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                            • Excluded IPs from analysis (whitelisted): 95.100.50.221, 54.144.73.197, 34.193.227.236, 18.207.85.246, 107.22.247.231, 172.64.41.3, 162.159.61.3, 2.23.197.184, 95.101.148.135, 199.232.210.172, 2.19.126.149, 2.19.126.143
                            • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e4578.dscb.akamaiedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl.adobe.com.edgekey.net, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
                            • Not all processes where analyzed, report is missing behavior information
                            • VT rate limit hit for: bc3c228ad2c13f96cb14375c3860e802.pdf

                            LLM Input / Output

                            InputOutput
                            URL: PDF document Model: jbxai
                            {
"brands":["Microsoft",
"Rees"],
"text":"DeAngelo has sent you encrypted PDF Document",
"contains_trigger_text":true,
"trigger_text":"VIEW PDF DOCUMENT",
"prominent_button_name":"VIEW PDF DOCUMENT",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                            Created / dropped Files

                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241010184251Z-168.bmp

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PC bitmap, Windows 3.x format, 164 x -125 x 32, cbSize 82054, bits offset 54
                            Category:dropped
                            Size (bytes):82054
                            Entropy (8bit):0.7220301092929367
                            Encrypted:false
                            SSDEEP:
                            MD5:35B745C4F07E3A5650C5C0C82A515A7D
                            SHA1:E641E307469961B52C7CC2007AD2BC96631924C4
                            SHA-256:1B8F8D401BFC0E4A37345785B8E6D60662F01E17861660DCB39D11389897BA07
                            SHA-512:C79FDD149A8647A9D34D1230FBA3F5F9635A1EC8315BEAC516A473920D32C19BE4DDB923588589D04B989F33320C12BD8856A864CA0C8F445DC7729682D8ED35
                            Malicious:false
                            Reputation:unknown
                            Preview:BM.@......6...(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                            Category:dropped
                            Size (bytes):57344
                            Entropy (8bit):3.291927920232006
                            Encrypted:false
                            SSDEEP:
                            MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                            SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                            SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                            SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                            Malicious:false
                            Reputation:unknown
                            Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):16928
                            Entropy (8bit):1.2153029201564682
                            Encrypted:false
                            SSDEEP:
                            MD5:CA9E19A069DEC201ECE9D7507E1DCC22
                            SHA1:E2828A03F8A0B2B05260EDD48E5414EA331DE003
                            SHA-256:8D7CCFFDD99B3B3194B52AA923F067C0D6607E16D47B884349C1FCF4A5185FF5
                            SHA-512:5747FE29938A42DDCDE0114D3123123E32328FDCC9A793A433F00A3570A1EF7A2F005FDA3C13E17260204E418B04BF2E39A344185A796E28F0A1B6CE41284B79
                            Malicious:false
                            Reputation:unknown
                            Preview:.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Certificate, Version=3
                            Category:dropped
                            Size (bytes):1391
                            Entropy (8bit):7.705940075877404
                            Encrypted:false
                            SSDEEP:
                            MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                            SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                            SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                            SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                            Malicious:false
                            Reputation:unknown
                            Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                            Category:dropped
                            Size (bytes):71954
                            Entropy (8bit):7.996617769952133
                            Encrypted:true
                            SSDEEP:
                            MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                            SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                            SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                            SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                            Malicious:false
                            Reputation:unknown
                            Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):192
                            Entropy (8bit):2.7529698674325394
                            Encrypted:false
                            SSDEEP:
                            MD5:188AF1E8057D7A4A849358CCA021E093
                            SHA1:04F3CFF9645564277580B2ADB4A50736E8B55880
                            SHA-256:8FCF912A93CE5289993ADA57FBED9B3FC4478ECCC615C0021EBB11F4015A2900
                            SHA-512:23943C4D31810058E4CB17366F2B5FDA1594C74563F061C2BA62255F26C1E25EDCE5AEEE55655E0D5AF87A67B0D8239860545938B5114E42F8820AB9511AEC58
                            Malicious:false
                            Reputation:unknown
                            Preview:p...... ........c..;D...(....................................................... ..........W....^...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                            C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):328
                            Entropy (8bit):3.2539954282295116
                            Encrypted:false
                            SSDEEP:
                            MD5:15558789107E05C5E570756E2AAF986C
                            SHA1:7E2EBE24B2EB1C693A01A271F5281E5757977431
                            SHA-256:3EF68F9D7B9109EDCB31C6C720D141DA32D2BF32BE5D422F7A54802F146F5670
                            SHA-512:B26BF480B22E95AED21FC758C70FF012218952368CFD10DD9B8B396910DCFD9BB8E8598B54601EA18EADDCDCFF385D0D4FAA1E720462E7A427620C9365BF7EC1
                            Malicious:false
                            Reputation:unknown
                            Preview:p...... .........}JMD...(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6992

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):185099
                            Entropy (8bit):5.182478651346149
                            Encrypted:false
                            SSDEEP:
                            MD5:94185C5850C26B3C6FC24ABC385CDA58
                            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                            Malicious:false
                            Reputation:unknown
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:PostScript document text
                            Category:dropped
                            Size (bytes):0
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:
                            MD5:94185C5850C26B3C6FC24ABC385CDA58
                            SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                            SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                            SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                            Malicious:false
                            Reputation:unknown
                            Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):295
                            Entropy (8bit):5.369068803350795
                            Encrypted:false
                            SSDEEP:
                            MD5:AB3D7C1BE01FA8C61148681DC0E8790F
                            SHA1:D3A7AF056B68B287B7E92A5E1E761BB84EC8468C
                            SHA-256:66B92BA5265D0BE4BB0285C55242EC2532861AB0ABC37191C44BAA5D68CD3D9E
                            SHA-512:0EE0E37299FDDB92831B40FB320A050FE8B9342A6B4C61F369B32DFA3EFAF911E7845A573C7BA776CDCBCC59BB554DE4AF96518FF33D2E4C8B8D462A940C2B17
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):294
                            Entropy (8bit):5.315602510455398
                            Encrypted:false
                            SSDEEP:
                            MD5:9168D455D7F068FA5CEA21F7634450DD
                            SHA1:97445297CC73EAD144A63E8265A12298CE3BDB37
                            SHA-256:53D05DDF295A93A6AA8EE73E567F68745174526EB1B61A6FC2618AF14F38F48C
                            SHA-512:D44B05F312700B0FAE601246ABA752B1F73FD3C7CC6C7B5398EF6CB0064312729C66151389C19AE637EBA11FC2428812D657AC4F5A4753432F75C6BD187C3825
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):294
                            Entropy (8bit):5.294597545850474
                            Encrypted:false
                            SSDEEP:
                            MD5:9E722F8566845F58D3864D02D73B61F5
                            SHA1:638BE79A7193AD95486FD5A25BE964E093EDA1F9
                            SHA-256:5853A5961E0A4AC39000A45D23A5DBB0E514FFE2F2B942D4BDF05119BC645A22
                            SHA-512:67EE03FE4B8615B092834E11C68A63FDE724A6B5033DC76A4B7D09F2A2F32B60C05B176CE52A4DB916D8EE9E00FCB74B4E59D7854C78676707DA9BBFD5CB8CA6
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):285
                            Entropy (8bit):5.3576491821631445
                            Encrypted:false
                            SSDEEP:
                            MD5:DB2BFC553E223DF94BF6EEC72AD00DC1
                            SHA1:E13193255EC7BA08FEB5CB52ED057D72B7D44FC2
                            SHA-256:7171BA8701B757B523CB393DA4356F3BBB08CC8CBF3BB683CACED89077A173EC
                            SHA-512:3D7DD467995152FD02E9216DAA8AADF18BE49EBA335525C7CC7CC392402D8DE1A20649B695FE3C802C4270D1D9877802746F761F9862AFE617561302A26C9857
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1083
                            Entropy (8bit):5.682123224996117
                            Encrypted:false
                            SSDEEP:
                            MD5:AA613B9E56FF604760F3846D385B399A
                            SHA1:292433C1C63EB24CD269D729475ABCC4C6A16839
                            SHA-256:CD0BFF295C5FE364D75B81CFAC50BDBF6FE5A4A948A0DB4BA8B75885F4D46B2C
                            SHA-512:394A2CB6A2549B6638093A25EC9946485A6E3C5ACE0C1A8499A7B33E7241EA37C096DB52C68F6323D3EF5A716C150F7F14B7509AE0542A3F937466A6904A91A9
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"22b145c0-22bc-4bba-811f-7234f288595b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ29udHJvbCJ9","dataType":"applicatio

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1050
                            Entropy (8bit):5.655048994015326
                            Encrypted:false
                            SSDEEP:
                            MD5:626CB654DA33B306E77016BEB0ADB9F0
                            SHA1:91844994B252B2246387B5E4598F99F947B14104
                            SHA-256:F7BF8FD6435D290DC84304DFA7AD38149C4D136A3EC32C7E05C71E3A75A9F369
                            SHA-512:3F4126A1F18A2FFC56992121097AC0647A33E73203C1DBB5340833DEDA5200FEB527E6D0915967CE69D55911D1CB0ED5AD3B4B4B14BA75FC476FBF21587487FF
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):292
                            Entropy (8bit):5.307057737709465
                            Encrypted:false
                            SSDEEP:
                            MD5:2C8F393C92C8F3D73A3E437B268B0A8C
                            SHA1:1A45C1C193AB6210376DE48F704DB15B24738303
                            SHA-256:F6D9C037EB482E3C76A1A045793A168AEA2645C9B3892C89B845CC05D5E5FB6A
                            SHA-512:D21B17E4340777C5F9DD578B5B3B0D6AAE3BC21540614AC4F4D8CBB64BD2752CA9AD3486F39F9681DA036E6B5C3A14B33E36259DE3CB39D60D24E3E730D6D7BC
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1062
                            Entropy (8bit):5.689199160218824
                            Encrypted:false
                            SSDEEP:
                            MD5:174E75FE0D0767850A1F52A8219F1630
                            SHA1:3FBD28891B35482DE3D84BD6B3D74E3A1CD3C4FB
                            SHA-256:B59FB1D540848EC6A89AA348311FD875DA1C5FBF95868DD837E1CBC3D6FB6438
                            SHA-512:BAC98DD74907CFF162EC488CADE270DEF4EDC639435E84C81AE54CD55001A6A36FF76DF2464BA85462CF558CB6182C92AB8EEA7D2D37BBEC530C2761CBED48AB
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"58886bd3-acd7-4f84-ae2e-6684bc127c41","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application\/json","encodingSch

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1164
                            Entropy (8bit):5.700792977541924
                            Encrypted:false
                            SSDEEP:
                            MD5:9D559FF2A6E6F5C0FF1969705495ECA4
                            SHA1:F55C9CE09314451B4E412892549640A97330FEF9
                            SHA-256:AAF12EF931F7D560EF9CF5C44E9785E0A2C3D1E7AD77549D2062C253F9C076BE
                            SHA-512:BD898279ED69DBF17F21938A99E1F3841B9F2F493806184C11E800B583758559AE7416EAD277DA7EAAC12CB26646C1B900A3A8A25A70E73967436A741E852C23
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):289
                            Entropy (8bit):5.309670564738935
                            Encrypted:false
                            SSDEEP:
                            MD5:0FC646DF2742DC8300F213B9ADAC477C
                            SHA1:1807943497C5E697FD24EC2B26712AE47C832F48
                            SHA-256:C279265AB67A1ECCB8A89625A728FEC9D77F26F8F912D32971DB05D44C5DE69C
                            SHA-512:23D82C1114ED8FB2B31064931958C238E2F2062D9C2BF4E28C01DC4F780F3339008D2D170D6AA9EAF4260BD1DE24204E5FEB6AB9D4D28F121E7BD1F2D818CE96
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1395
                            Entropy (8bit):5.778458779651227
                            Encrypted:false
                            SSDEEP:
                            MD5:91858F773C16AC360E3F915C55E02079
                            SHA1:AB81DABBABB852D3F6A6012C0E1E79C0ABDA047F
                            SHA-256:F88080B7BDE592346F9AD6C6F7BF2BC7E5E3989E75E4988662E6EFC87F5A3FE9
                            SHA-512:0C26C6A9B3D84AEB18393227CF1EF5E5E8D139DB7688AA32A0D929651E59C0D9230BE108247DF3F9E5FF005A40964D8CB4CF23B87AAA1B74C60CD61D264186D1
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):291
                            Entropy (8bit):5.293151198050331
                            Encrypted:false
                            SSDEEP:
                            MD5:028729E0293130264419392CF679283C
                            SHA1:7BF0760F26A28652DFF7E559E411C7EEC87F75AA
                            SHA-256:59F239E1C7CFBD1C76E2E1664301605AE5CA0502E780EE93D3020128207BE83F
                            SHA-512:E33930ECC162CF290752DD0A7AF296EE69F1F2851ACD79762298EF74BBC40A2CD3351396D88A3F924B8F95DF0931681EB4B93AF26B3281A7A630068750745B1E
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):287
                            Entropy (8bit):5.297241650174766
                            Encrypted:false
                            SSDEEP:
                            MD5:9447AF2549C2A778F11E59F6783CEE67
                            SHA1:B2586751B072AF31883616D11BA00EB693EFA8D9
                            SHA-256:8F1FAF1A61F621342F622CC9E6C6FCB3F59E6B086806C78783036B2BA67C0F7E
                            SHA-512:31354472A6D4B6B9045B85ECFAA1A1ED52BF16C8AFC717B279DAFE7BE78AA1FABF4457CB988AD7F0CAC6C2F67029EEB97A18B00C53FB51EB3BFC53A8B167AA20
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):1082
                            Entropy (8bit):5.687598028214496
                            Encrypted:false
                            SSDEEP:
                            MD5:6C8ACD4A1B5CB908C3C315D12829FE0D
                            SHA1:7DD5EB63AF8D212737A77C00548E9AC98A4585BD
                            SHA-256:8084FE948E3EBBB605C08B4245569B28F70AB5295BE7991AF4052CDE46626A10
                            SHA-512:013EFA8D861260B606165228EFEA4FBDC5B07AC24D887A959B33C52CDD84F127EDCEA7C739852FDCF80B4698A4ED0BEBBEDE19F754A22846868DD65BAC041393
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_277808ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"a8b11c37-7d39-4b12-9d33-a040ee4d296b","variationId":"277808"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNvbnRyb2wifQ==","dataType":"application

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):286
                            Entropy (8bit):5.2723373271750615
                            Encrypted:false
                            SSDEEP:
                            MD5:9AB181732FF1764356162E406FEEA4D8
                            SHA1:11538FCB6761E8F127408BDE8182B6EB80BBBF1E
                            SHA-256:E7CF2D3CA50B0D7E822118A371FFEA4B7F4A209BFA31C321275D4E44BCA24F93
                            SHA-512:BB641E08B5E9BDAC8E8CAD5D1995DEF0D9868639B26AE80A1ECAA02C1FFCAD59F44B53D02CB6511015461EBA708814C7D3D6A278C2161BABF26A8E6633047D5A
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):782
                            Entropy (8bit):5.374052728037244
                            Encrypted:false
                            SSDEEP:
                            MD5:141D93A99B686B66B6881E8515B8E804
                            SHA1:993BD0CB79F7C48E8CC1475429BB42AF2CDFF84A
                            SHA-256:DCEC3C42EC81381B590FAA0448907F0F7B373F960AD75D152E7AF9DD74932915
                            SHA-512:744AC5482F86552E5C9FECD975DB2C59DA0367497E470C0F2C3BD273E28B65FFD57BE8AF28C66DC164C0CA66A838AD7AEDBF2EC767DD1022388011E7FCB2D521
                            Malicious:false
                            Reputation:unknown
                            Preview:{"analyticsData":{"responseGUID":"aacfe406-4813-4abd-a443-d3299ef8324f","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1728763883213,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728585773252}}}}

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):4
                            Entropy (8bit):0.8112781244591328
                            Encrypted:false
                            SSDEEP:
                            MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                            SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                            SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                            SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                            Malicious:false
                            Reputation:unknown
                            Preview:....

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:JSON data
                            Category:dropped
                            Size (bytes):2818
                            Entropy (8bit):5.132560359379472
                            Encrypted:false
                            SSDEEP:
                            MD5:278BD9E1E402EBA80EEB23383BA6FB43
                            SHA1:7B22062D9E26E6C8C1923D0A6A75849554BF35F4
                            SHA-256:714D81DEF6734771A2FEA9E4639A6EC9E5CAC2ED99C267CDC7C9F22D008A2627
                            SHA-512:9697E6CEAD1DEF2609BDEE21CE6D7DC3E95BA30E6321F5C93AD6EF343BBABB8B350229A9BF6B707FCD286D6943FA5F7E8783CA17420BC791C5DEDABF0262DDDF
                            Malicious:false
                            Reputation:unknown
                            Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"3bbb4c3caa30c9dc5d61e683fbc0e9b9","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728585772000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"8aa0424c8550859d08f6b34256978a78","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728585772000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"9a3a7e6af257f28d2b8998794244db87","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1082,"ts":1728585772000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"fe65fa61cc1565b93433b8b282cd40fe","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1083,"ts":1728585772000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"3ec5ec0ffa598fc68fb0153f8be10ff1","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1062,"ts":1728585772000},{"id":"Edit_InApp_Aug2020","info":{"dg":"15ceb9d94931977d64ad2f80b63756cb","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                            Category:dropped
                            Size (bytes):12288
                            Entropy (8bit):0.9876153733080555
                            Encrypted:false
                            SSDEEP:
                            MD5:86A22B295EBC6FB99E36A6F2B3EE2FAC
                            SHA1:95EDF243034BEA22F9B009F4DCD5FCB3055265FA
                            SHA-256:EA41F8FE96591714772F4252BB3CA76BB1A3F67754F8D1E8FA58C08533A51C2E
                            SHA-512:38B157911A639CDF78A41473ECEF36E4C280D2FD4A850AC4C3239496C01E47410541D6D41FEA5C4706699A10D76C4AA3A5C8B09CF409D521E0D4AEF1F0100A5B
                            Malicious:false
                            Reputation:unknown
                            Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:SQLite Rollback Journal
                            Category:dropped
                            Size (bytes):8720
                            Entropy (8bit):1.3451374565823317
                            Encrypted:false
                            SSDEEP:
                            MD5:B4E5CA450ED84CD3B91BD3331AFFB9B7
                            SHA1:E068DAA8B8E776801A34D5A87E699BAB349404F3
                            SHA-256:28E4660F3E04CFA7EE7C5E1FF6067533551A460103B09DF5040C4587416DC14A
                            SHA-512:1B8BBB99BBA1576447813215C18AF9D5D4C9EBF98F5AB6053233E3E2BD80788C15FA73D1DE439374E73040A34BA2713412ABF997726F49C6AAC7DEFE00B4C6E7
                            Malicious:false
                            Reputation:unknown
                            Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                            C:\Users\user\AppData\Local\Temp\MSI53aac.LOG

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):246
                            Entropy (8bit):3.50000825118868
                            Encrypted:false
                            SSDEEP:
                            MD5:F308E916E4D38D3D2E6D5EA1D6E9762D
                            SHA1:B3E17EFB95BA38C44B395458F6749573A1A58461
                            SHA-256:2858A8E5A548EAEC1241B87268E777F47FA2770BCC6CBEE4075658B5D0DDF749
                            SHA-512:FE3B864733BCCC81C929B169F5E6AB95F8E0EEA293D5EFB732C3FF21169CB2FD6A700D14815ABBFB818EECC310E4B15831CE7F7248E865FFF120A8E0586F084D
                            Malicious:false
                            Reputation:unknown
                            Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.0./.1.0./.2.0.2.4. . .1.4.:.4.2.:.5.4. .=.=.=.....

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-10 14-42-49-124.log

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with very long lines (393)
                            Category:dropped
                            Size (bytes):16525
                            Entropy (8bit):5.353642815103214
                            Encrypted:false
                            SSDEEP:
                            MD5:91F06491552FC977E9E8AF47786EE7C1
                            SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                            SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                            SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                            Malicious:false
                            Reputation:unknown
                            Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                            C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                            Download File
                            Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):29752
                            Entropy (8bit):5.415661226643462
                            Encrypted:false
                            SSDEEP:
                            MD5:50122E73C9FF2CD4485056D88C6E7A79
                            SHA1:B23B5CF98445C5CF5BE254FC5EAA4E5C2C1F631F
                            SHA-256:FD40ECD1FECBB3F4D563A99DA111659583A2DB43DA13D3C2E0DD8BB4FC7575C6
                            SHA-512:DD581EEA39F1B6F3F6B3EAD03D66ACB7618E71271BE48AD9104755C4BA05B45C7C1E646166B67F3ECE1D8A41DD6A2DA66E4EC063C898B6AD7F54984ACA2C16F7
                            Malicious:false
                            Reputation:unknown
                            Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:44:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2673
                            Entropy (8bit):3.989957408790173
                            Encrypted:false
                            SSDEEP:
                            MD5:893C12B7D9C3D29E9AE991E8D31171C5
                            SHA1:9E263C52B23888640B04A27F7F9CC1200D22EF37
                            SHA-256:349017D1847A6F92BD7462DC909DAE250DB178F244CC85FB37A1AD5D771E289B
                            SHA-512:7687BCE0C8A07B019326E130C1D9E1939C719D3DF68008759163920C0B1000564CFF013E1DEF273DB5062FE27DACBCABE1BA77B3C5DD13ED1F1CBB63B194CE97
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....x.eD...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VJY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:44:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2675
                            Entropy (8bit):4.008922873376878
                            Encrypted:false
                            SSDEEP:
                            MD5:52F369632B67EFF22715D2CE0EECFE58
                            SHA1:A55D7904B73532E8D16997DB3FE44CFA0EFB36A9
                            SHA-256:B4EE63C01EAF4351CCF00C604AA58E560276BAF0A351CF907DE55ECE06ADBAE8
                            SHA-512:8A6CD3721DD150B2D7CBAC3FCC1E41816156DF0126C9AD9E49244CCF1F268FAE325B64ADFD48DDA6AC0D2A32E5CA0312C8A6FB4B5992849E5BC00B09E35EB806
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....zeD...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VJY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2689
                            Entropy (8bit):4.014966506272029
                            Encrypted:false
                            SSDEEP:
                            MD5:04103086094462ABF6A063E29A78ADA7
                            SHA1:4ABE30730F86910649A1616D14E55593FAD0FFA6
                            SHA-256:46F276F0A5F95B13E8D44151C5161BF0F3221CCDC7450D54F7FC5423678F0AE2
                            SHA-512:267C347755F7F458EB92DCFFEBEF441C077D7CDA83B2B4A44087A888A8D413550B9439BF1CF587627341A0BA13C4DC8C8C79AB615760BF6A3E65D530199D383F
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:44:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):4.002979751776442
                            Encrypted:false
                            SSDEEP:
                            MD5:45DD1F6C1F61968368099A0D3897C209
                            SHA1:17250F28D916C069A19B11FF0A4F0E81F1EE3E4F
                            SHA-256:65D52D06D0630CDE08BB5305ADA535518C8E485FFC2762251A0F4D47B8492ECA
                            SHA-512:9551604B8F968091C2748C02297ADB68DCA61F0A1FE96B70407D3AA87D451A028AE0755CCB9CC2F066A5C7C5817A31824348C40132BDAF72E3354C07E045FFFD
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....`)teD...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VJY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:44:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2677
                            Entropy (8bit):3.9953174961734788
                            Encrypted:false
                            SSDEEP:
                            MD5:A7373F2909ACEEE8099B3BF1EAD69090
                            SHA1:9AB4425DC13A060FCD5F04370D57B607E7FA7FC5
                            SHA-256:E7BC74489A7732C2712723DA9CB6F0889ED576429D0907F448CECA9617DC3662
                            SHA-512:EC2F305C4FB026AAED3460397AE6973C796368C08367483C18990901261F29749E68B25E8C38A50764D24C73FC696AFE3B23133A04AA76F77A3F3313A00B8B07
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,.......eD...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VJY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                            Download File
                            Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 10 17:44:11 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                            Category:dropped
                            Size (bytes):2679
                            Entropy (8bit):3.9992936673262234
                            Encrypted:false
                            SSDEEP:
                            MD5:D649A28FC9A3D6F95DB563FAA99677BC
                            SHA1:2605F4E8E909179CECA33C9643A30088E24FB0C4
                            SHA-256:E40B94BF62E9987A6E4EDB53D96AFE92319E84D331AEEAD929164CAB0284B99C
                            SHA-512:1E5C8CDDBB5D2566E69021168225A496C2E29963D22A23444CE1031D357CAFC1C3B4E489A5C8E7B73B8A6830CE6FE9711DE8B33B4006397DEBDE84D9B0EBC98F
                            Malicious:false
                            Reputation:unknown
                            Preview:L..................F.@.. ...$+.,....9ejeD...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IJYN.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VJY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VJY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VJY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VJY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............H{.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                            Static File Info

                            General

                            File type:PDF document, version 1.5, 1 pages
                            Entropy (8bit):7.979453440148222
                            TrID:
                            • Adobe Portable Document Format (5005/1) 100.00%
                            File name:bc3c228ad2c13f96cb14375c3860e802.pdf
                            File size:191'950 bytes
                            MD5:07e084068db2e3ec1b6947d358bdbdb7
                            SHA1:4fe20678a003e1c40b813d34c8366c06b2b11b2a
                            SHA256:eb89c56d79d28e97a2c4af49d6880586efe8933543bed5a65048ea5f481f00d8
                            SHA512:938dc755a218d6515b2fb1648dc0c34a39913c006d3ce9b63a9d12c96f6fe8bcc703cc951f467b3278dec524a38c4b318f03e419896e0e5d6d18b80d14a32743
                            SSDEEP:3072:WSu1Q7TyzxV4AF9fXPfIIn7xhXr+ntc8EijNV+S7ms12y1i6thJgYXqVOiPKu1b5:WSr7TyVV1PVO+g+JE1i6eVPK2b8cB0oX
                            TLSH:E414022FE5BBAC0CF4BA8E76A5652948CB5CF636A6411450C03CC39AD948FD8FD83356
                            File Content Preview:%PDF-1.5.%.....7 0 obj.<<./Type /FontDescriptor./FontName /Times#20New#20Roman./Flags 32./ItalicAngle 0./Ascent 891./Descent -216./CapHeight 693./AvgWidth 401./MaxWidth 2614./FontWeight 400./XHeight 250./Leading 42./StemV 40./FontBBox [-568 -216 2046 693]

                            File Icon

                            Icon Hash:62cc8caeb29e8ae0

                            Static PDF Info

                            General

                            Header:%PDF-1.5
                            Total Entropy:7.979453
                            Total Bytes:191950
                            Stream Entropy:7.990589
                            Stream Bytes:183648
                            Entropy outside Streams:5.052944
                            Bytes outside Streams:8302
                            Number of EOF found:1
                            Bytes after EOF:

                            Keywords Statistics

                            NameCount
                            obj54
                            endobj54
                            stream4
                            endstream4
                            xref1
                            trailer1
                            startxref1
                            /Page1
                            /Encrypt0
                            /ObjStm0
                            /URI2
                            /JS0
                            /JavaScript0
                            /AA0
                            /OpenAction0
                            /AcroForm0
                            /JBIG2Decode0
                            /RichMedia0
                            /Launch0
                            /EmbeddedFile0

                            Image Streams

                            IDDHASHMD5Preview
                            253b514b13964d0e96752d3d94fd28564025d9ab79360efe72