Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Demande de proposition du Module Ultra Inc.malz.pdf

Overview

General Information

Sample name:Demande de proposition du Module Ultra Inc.malz.pdf
Analysis ID:1563245
MD5:8b1e6486e1807d9acec237d308cd1b9a
SHA1:481dc2905fe8f2a0b83f7774617339ded354a5c5
SHA256:8c121df86dae06bf0f362dbf3fad2d501ac6c51e0b335efbd720d55e05c005e5

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
AI detected landing page (webpage, office document or email)
HTML body contains low number of good links
HTML page contains hidden javascript code
HTML title does not match URL
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 6988 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Demande de proposition du Module Ultra Inc.malz.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6288 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 6668 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1568,i,7926795304041399054,10389309076308554258,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • chrome.exe (PID: 7676 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://moduu6643.prensacheck.com//@ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1964,i,14432773402876805434,14877170212663796203,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Networking
  • System Summary
  • Boot Survival
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: https://heatherhelper.com/thp.htmlJoe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'heatherhelper.com' does not match the legitimate domain for Microsoft., There is no clear association between 'heatherhelper.com' and Microsoft, which is suspicious., The URL does not contain any recognizable elements related to Microsoft, increasing the likelihood of phishing. DOM: 1.1.pages.csv
Source: https://heatherhelper.com/thp.htmlJoe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft OneDrive' is well-known and typically associated with the domain 'onedrive.live.com'., The URL 'heatherhelper.com' does not match the legitimate domain for Microsoft OneDrive., The domain 'heatherhelper.com' does not have any known association with Microsoft or OneDrive., The presence of a generic domain name unrelated to the brand is a common phishing tactic., The input field 'Enter rfp' is unusual for a Microsoft OneDrive page, which typically focuses on file storage and sharing. DOM: 1.0.pages.csv
Source: PDF documentJoe Sandbox AI: Page contains button: 'View PDF' Source: 'PDF document'
Source: PDF documentJoe Sandbox AI: PDF document contains prominent button: 'view pdf'
Source: https://heatherhelper.com/thp.htmlJoe Sandbox AI: Page contains button: 'VIEW PDF' Source: '1.0.pages.csv'
Source: https://heatherhelper.com/thp.htmlJoe Sandbox AI: Page contains button: 'VIEW PDF' Source: '1.1.pages.csv'
Source: https://heatherhelper.com/thp.htmlHTTP Parser: Number of links: 0
Source: https://heatherhelper.com/thp.htmlHTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 640 512"><!--!Font Awesome Free 6.5.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free Copyright 2024 Fonticons, Inc.--><path d="M38.8 5.1C28.4-3.1 13.3-1.2 5.1 9...
Source: https://heatherhelper.com/thp.htmlHTTP Parser: Title: PDF Document does not match URL
Source: https://heatherhelper.com/thp.htmlHTTP Parser: <input type="password" .../> found
Source: https://heatherhelper.com/thp.htmlHTTP Parser: No favicon
Source: https://heatherhelper.com/thp.htmlHTTP Parser: No favicon
Source: https://qgdl.dilatede.ru/y4Yu8nAGz-EmBWLPDI/HTTP Parser: No favicon
Source: https://heatherhelper.com/thp.htmlHTTP Parser: No <meta name="author".. found
Source: https://heatherhelper.com/thp.htmlHTTP Parser: No <meta name="author".. found
Source: https://heatherhelper.com/thp.htmlHTTP Parser: No <meta name="copyright".. found
Source: https://heatherhelper.com/thp.htmlHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 23.195.92.153
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: heatherhelper.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: qgdl.dilatede.ru
Source: global trafficDNS traffic detected: DNS query: code.jquery.com
Source: global trafficDNS traffic detected: DNS query: challenges.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: classification engineClassification label: mal52.phis.winPDF@38/56@29/243
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7076
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9v59aef_1i05fsn_5gk.tmp
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Demande de proposition du Module Ultra Inc.malz.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1568,i,7926795304041399054,10389309076308554258,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 4757013D73AA94AFB52739F751EE8A3F
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=1608 --field-trial-handle=1568,i,7926795304041399054,10389309076308554258,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://moduu6643.prensacheck.com//@
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1964,i,14432773402876805434,14877170212663796203,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://moduu6643.prensacheck.com//@
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1964,i,14432773402876805434,14877170212663796203,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries
Source: Demande de proposition du Module Ultra Inc.malz.pdfInitial sample: PDF keyword /JS count = 0
Source: Demande de proposition du Module Ultra Inc.malz.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Demande de proposition du Module Ultra Inc.malz.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		3
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    		high
    code.jquery.com
    		151.101.194.137
    		truefalse
      		high
      cdnjs.cloudflare.com
      		104.17.24.14
      		truefalse
        		high
        qgdl.dilatede.ru
        		172.67.219.199
        		truefalse
          		unknown
          challenges.cloudflare.com
          		104.18.95.41
          		truefalse
            		high
            heatherhelper.com
            		172.67.211.207
            		truetrue
              		unknown
              www.google.com
              		142.250.181.100
              		truefalse
                		high
                x1.i.lencr.org
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://heatherhelper.com/thp.htmltrue
                    		unknown
                    https://qgdl.dilatede.ru/y4Yu8nAGz-EmBWLPDI/false
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      172.217.17.46
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      104.18.94.41
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      216.58.208.227
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      3.233.129.217
                      		unknownUnited States
                      		14618AMAZON-AESUSfalse
                      151.101.130.137
                      		unknownUnited States
                      		54113FASTLYUSfalse
                      162.159.61.3
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      23.218.208.137
                      		unknownUnited States
                      		6453AS6453USfalse
                      144.217.96.200
                      		unknownCanada
                      		16276OVHFRfalse
                      151.101.194.137
                      		code.jquery.comUnited States
                      		54113FASTLYUSfalse
                      35.190.80.1
                      		a.nel.cloudflare.comUnited States
                      		15169GOOGLEUSfalse
                      172.217.17.42
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      104.17.24.14
                      		cdnjs.cloudflare.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      172.217.17.35
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      172.67.219.199
                      		qgdl.dilatede.ruUnited States
                      		13335CLOUDFLARENETUSfalse
                      104.18.95.41
                      		challenges.cloudflare.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      142.250.181.100
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      216.58.208.234
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      151.101.2.137
                      		unknownUnited States
                      		54113FASTLYUSfalse
                      93.184.221.240
                      		unknownEuropean Union
                      		15133EDGECASTUSfalse
                      64.233.165.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      239.255.255.250
                      		unknownReserved
                      		unknownunknownfalse
                      172.67.211.207
                      		heatherhelper.comUnited States
                      		13335CLOUDFLARENETUStrue
                      23.195.39.65
                      		unknownUnited States
                      		20940AKAMAI-ASN1EUfalse
                      23.195.92.153
                      		unknownUnited States
                      		16625AKAMAI-ASUSfalse
                      104.17.25.14
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse

                      Private

                      IP
                      192.168.2.16
                      192.168.2.4
                      127.0.0.1

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1563245
                      Start date and time:2024-11-26 17:41:14 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:18
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Sample name:Demande de proposition du Module Ultra Inc.malz.pdf
                      Detection:MAL
                      Classification:mal52.phis.winPDF@38/56@29/243
                      Cookbook Comments:
                      • Found application associated with file extension: .pdf
                      • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 93.184.221.240, 23.218.208.137, 3.233.129.217, 3.219.243.226, 52.6.155.20, 52.22.41.97, 162.159.61.3, 172.64.41.3, 23.195.39.65, 23.32.238.24, 23.32.238.32, 23.32.238.40, 2.19.198.219, 23.32.238.8, 2.19.198.216, 23.32.238.35, 2.19.198.211, 23.32.238.19, 216.58.208.227, 172.217.17.46, 64.233.165.84
                      • Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, moduu6643.prensacheck.com, clientservices.googleapis.com, prensacheck.com, wu.azureedge.net, acroipm2.adobe.com, clients2.google.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, clients.l.google.com, geo2.adobe.com
                      • Not all processes where analyzed, report is missing behavior information
                      • VT rate limit hit for: Demande de proposition du Module Ultra Inc.malz.pdf

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):290
                      Entropy (8bit):5.190403998184653
                      Encrypted:false
                      SSDEEP:
                      MD5:332A5EA315C79834202A68021E54D4FE
                      SHA1:21CC7569B995107EDC24A178117B121CF7FDE230
                      SHA-256:A45A9C5661540042C5522F759E112361C4C338DAF94B30EFF41179C5A35A1541
                      SHA-512:CA7594B7AD1987708229B5B6FAC9812E3288D0526386355E524AE41A0488BEF2903ECE1200EDC00C7956973D9098DAB7AA090ECF690AD834C0D92C34697BD6B3
                      Malicious:false
                      Reputation:unknown
                      Preview:2024/11/26-11:41:48.753 1a10 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/11/26-11:41:48.755 1a10 Recovering log #3.2024/11/26-11:41:48.755 1a10 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):334
                      Entropy (8bit):5.1491464954287185
                      Encrypted:false
                      SSDEEP:
                      MD5:26EF0F31E026E90132652177EE809574
                      SHA1:4DBA26F2B60140D1A35BC6FDF9C1D510A1DA14B8
                      SHA-256:C9BF1E279733EB976C6A957E07A552C7BC6F92BD53D730778FA5144F807671F8
                      SHA-512:56B7AA7E0D9BCD7A52EC099ACBD1DBD178FC2F415F0CE8006CA2D7DE9030FE1958DC70578C9ED1D86C5988A6805A26BDD6F920227F28E6C035825784B89A0D16
                      Malicious:false
                      Reputation:unknown
                      Preview:2024/11/26-11:41:48.667 1a18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/11/26-11:41:48.670 1a18 Recovering log #3.2024/11/26-11:41:48.671 1a18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\394ea04e-706b-4982-b218-0cc35fb1c823.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):403
                      Entropy (8bit):4.9880380842367655
                      Encrypted:false
                      SSDEEP:
                      MD5:613E979294EDB4CF9B2792B4F3EB2A1C
                      SHA1:629054BBC71FB42642A709194782EA8ECD844540
                      SHA-256:60AD1A5CA7E2C2FB61F0DD8CBAFA886BD2EAFA48F1CC81CEEF551CEA017758FA
                      SHA-512:6A86A7E44EA009E076B1D5FEDE72BFFBE87578BFB7A989B869EE25263B5F7094B8B886FC4104C347395E18B083FE3302D59E2B19291E5BE4E81ECD1533CC0C68
                      Malicious:false
                      Reputation:unknown
                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377199320541198","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":681274},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):0
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:613E979294EDB4CF9B2792B4F3EB2A1C
                      SHA1:629054BBC71FB42642A709194782EA8ECD844540
                      SHA-256:60AD1A5CA7E2C2FB61F0DD8CBAFA886BD2EAFA48F1CC81CEEF551CEA017758FA
                      SHA-512:6A86A7E44EA009E076B1D5FEDE72BFFBE87578BFB7A989B869EE25263B5F7094B8B886FC4104C347395E18B083FE3302D59E2B19291E5BE4E81ECD1533CC0C68
                      Malicious:false
                      Reputation:unknown
                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13377199320541198","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":681274},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4099
                      Entropy (8bit):5.2333922082193505
                      Encrypted:false
                      SSDEEP:
                      MD5:D148F213D9C1753FF529922EF4F010FA
                      SHA1:4EA4D8B18107FFA05DD8ED8BD66E3A352178DD5E
                      SHA-256:332F47C9F0A515C145310BE8C4846C0DF2546041191AE855043913802342362B
                      SHA-512:D394F054465C36CB550F815926C6C1A4094055DEB21D1849C5BC67AAF8080C9957523475911CF51EEF64908196F2F77641B2A2A84A2CDEF107EF6BC5AC11A92A
                      Malicious:false
                      Reputation:unknown
                      Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):322
                      Entropy (8bit):5.1796397362629065
                      Encrypted:false
                      SSDEEP:
                      MD5:F7CCB111774F98E54E49743141B27545
                      SHA1:536FA7A7B1940110AE1BE56AC44649B8DCA9FCE4
                      SHA-256:33DF83294FD504F2466B5E8BECF6A10564F2C936D4E50EBC9FF0000A8871EAB7
                      SHA-512:57E48FBD50BC8A27983FD923AB7806CA9F519BCC2748AFB4BB06114471B3DAE712C0F4C2C14BFAE517B382D80F017BD1E2422F694677893D537E60C5D104801B
                      Malicious:false
                      Reputation:unknown
                      Preview:2024/11/26-11:41:48.788 1a18 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/11/26-11:41:48.789 1a18 Recovering log #3.2024/11/26-11:41:48.790 1a18 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241126164152Z-166.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
                      Category:dropped
                      Size (bytes):71190
                      Entropy (8bit):0.39318430494039547
                      Encrypted:false
                      SSDEEP:
                      MD5:DD614CD8DB42197262A4B89B9E05770B
                      SHA1:7BAC0B55BFE24D40D60F7715C2FE2C7AB7EA488E
                      SHA-256:98150268394A258E39B53F17DC6B89B5F8A81D5BDB8DD8ECD63ED5879D9C4246
                      SHA-512:DD28B6E52BF26B7B9BD0EE89C14D0BC55A9E8ADD972FA25B9BED7EB98F3A472090934BB9B2A51F126AB5BD88BF8561653BCA532AADCE7FDB7EB9E07C3C1CAF2B
                      Malicious:false
                      Reputation:unknown
                      Preview:BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                      Category:dropped
                      Size (bytes):57344
                      Entropy (8bit):3.291927920232006
                      Encrypted:false
                      SSDEEP:
                      MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                      SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                      SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                      SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                      Malicious:false
                      Reputation:unknown
                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):16928
                      Entropy (8bit):1.2137432510461552
                      Encrypted:false
                      SSDEEP:
                      MD5:189AF339D872AF7DFDCBA19AE2E84378
                      SHA1:FFFCAAECD8790DCDEA11EB32ED8B974562184F51
                      SHA-256:A96A0893BA595FF85277ED82F486397CD94DF30FCE388404D5974B69E1070015
                      SHA-512:CCE398865233245226F32C3A0249F79912BF8A6A79FA847A6B729227E32CC740131CF8F4F7760C430F12CF69E3DA90517F8C2AA195978F92B1501F5128BDBD77
                      Malicious:false
                      Reputation:unknown
                      Preview:.... .c.......A.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Certificate, Version=3
                      Category:dropped
                      Size (bytes):1391
                      Entropy (8bit):7.705940075877404
                      Encrypted:false
                      SSDEEP:
                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                      Malicious:false
                      Reputation:unknown
                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                      Category:dropped
                      Size (bytes):71954
                      Entropy (8bit):7.996617769952133
                      Encrypted:true
                      SSDEEP:
                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                      Malicious:false
                      Reputation:unknown
                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):192
                      Entropy (8bit):2.7647458239154146
                      Encrypted:false
                      SSDEEP:
                      MD5:F142F4BC4404C2454B9CDFA124E9687B
                      SHA1:520A66BF4DF460B1469DD9DB59C7B68261C904BE
                      SHA-256:F74F8908120AD631BB35E4CF49117997072DB99776C2C20C886F4E2FB1E34123
                      SHA-512:29C3A981D5B8A64CD99E85BBA634B153AE4909C03207AE6C78BAE8FAF133205BBBC675D7109737D051E47057DD37DE819180115F1635EBEDE8FBC8C60F11AEA2
                      Malicious:false
                      Reputation:unknown
                      Preview:p...... .........|.."@..(....................................................... ..........W.....I..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:modified
                      Size (bytes):328
                      Entropy (8bit):3.1272885043655076
                      Encrypted:false
                      SSDEEP:
                      MD5:B18E502ED21336A9F6660FFFAD75E60E
                      SHA1:6B71880CF603AB3A7769BA088D9DE6C358FAD0AE
                      SHA-256:3F9D7EEE101C6C47BFE7B68BB4AADC730BD19502AA8651671C0EA1CDFA656679
                      SHA-512:983577A3482A0FD1F469787CA40FEAC167770DBD276138639213CB4E49707FA8151991CFA7549796E7A89C0ED5C891B1596B2C7FEEC71EC5058BD3232974A6F1
                      Malicious:false
                      Reputation:unknown
                      Preview:p...... ...........1"@..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):0
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                      Malicious:false
                      Reputation:unknown
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7076

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):1233
                      Entropy (8bit):5.233980037532449
                      Encrypted:false
                      SSDEEP:
                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                      Malicious:false
                      Reputation:unknown
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):0
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:8BA9D8BEBA42C23A5DB405994B54903F
                      SHA1:FC1B1646EC8A7015F492AA17ADF9712B54858361
                      SHA-256:862DE2165B9D44422E84E25FFE267A5E1ADE23F46F04FC6F584C4943F76EB75C
                      SHA-512:26AD41BB89AF6198515674F21B4F0F561DC9BDC91D5300C154065C57D49CCA61B4BA60E5F93FD17869BDA1123617F26CDA0EF39935A9C2805F930A3DB1956D5A
                      Malicious:false
                      Reputation:unknown
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):0
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:B60EE534029885BD6DECA42D1263BDC0
                      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                      Malicious:false
                      Reputation:unknown
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.7076

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PostScript document text
                      Category:dropped
                      Size (bytes):10880
                      Entropy (8bit):5.214360287289079
                      Encrypted:false
                      SSDEEP:
                      MD5:B60EE534029885BD6DECA42D1263BDC0
                      SHA1:4E801BA6CA503BDAE7E54B7DB65BE641F7C23375
                      SHA-256:B5F094EFF25215E6C35C46253BA4BB375BC29D055A3E90E08F66A6FDA1C35856
                      SHA-512:52221F919AEA648B57E567947806F71922B604F90AC6C8805E5889AECB131343D905D94703EA2B4CEC9B0C1813DDA6EAE2677403F58D3B340099461BBCD355AE
                      Malicious:false
                      Reputation:unknown
                      Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-H.Registry:Adobe.Ordering:Identity.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-H.FileLength:8228.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:Identity-V.Registry:Adobe.Ordering:Identity.UseCMap:Identity-H.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\Identity-V.FileLength:2761.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UCS2-GBK-EUC.Registry:Adobe.Ordering:UCS2_GBK_EUC.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UCS2-GBK-EUC.FileLength:243835.FileModTime:1612212568.%EndFont..%BeginFont.Handler:DirectoryHandler.FontType:CMap.CMapName:UniKS-UTF16-H.Registry:Adobe.Ordering:Korea1.OutlineFileName:C:\Program Files\Adobe\Acrobat DC\Resource\CMap\UniKS-UTF16-H.FileLength:131902.FileModTime:1612212568.%EndFont..%BeginFont.Handler:D

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.366621464388624
                      Encrypted:false
                      SSDEEP:
                      MD5:4540451EFB88074FB7D7187F5CBC0298
                      SHA1:E4B09C97E37A38090F882FEDF30B9E35438EAB40
                      SHA-256:579939C67548BD3F5637E1E80A5BD766EA28895749F6297728E4D2EF16B4A114
                      SHA-512:7B318B27C0762CE14ED3C44C4EF276C3216F82887868A7737AFFB6E714E0492DB6C7B02F84D0FF2B8742607E74E5FCD4A9CDAD66C21EFCA93F63F968AB7F4124
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.311749989653846
                      Encrypted:false
                      SSDEEP:
                      MD5:2D04E13B3B4FA9F7712138309F3D000F
                      SHA1:9484B56B61E5CD3B67393229C1B0D2073089EBEB
                      SHA-256:345CD2AC29A7322A00019B1B626DB6B99F952771691256423C876271AD4A40A5
                      SHA-512:C025E8524FEBD9F21BBACB95F58ACEA8E47CECE7A255FA44832F77CFAF251977D82C6665670DB63590222AFBE8FEB36B9331F16E3D710D0B096677A37C7E9D8F
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.290829453858807
                      Encrypted:false
                      SSDEEP:
                      MD5:E5B22E78126DBD7727E889BE9338C479
                      SHA1:28EA0441719B87CE3010FE373CFDAF00663DDDBD
                      SHA-256:E780136CB93FA0F599762D9ACE7D4D822A0B6A7FE96F90BBA10B08B9C5D5D137
                      SHA-512:31F903E2474B03FC0B2E2407339FE27FE2D703CFB23FE3CE219E703FAE0127E2F8931AE0DF8BD66133D47CB9A9FB14B2AD84F8598DDE5111FDE44B84F4368F5B
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.355115971658441
                      Encrypted:false
                      SSDEEP:
                      MD5:5C413DF66E2D563AAC9E5CADFC9DFFF6
                      SHA1:FE066F6F1FC760B97EF11EBBEFC3268AD600BE2F
                      SHA-256:40CBBF08EE3EA9FF32A44A2D2F10504F6E1BA2A5B85F772689063828559A43B3
                      SHA-512:C3766ADC2F0CDD88A1AF1BAE0B93E477520C5DE16C7B7E2C51579A1987AF2EDD9E1554991A01E14B9974D51A3979B0C00413C8C5537EF883831976366E9C94BE
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1123
                      Entropy (8bit):5.685307846652498
                      Encrypted:false
                      SSDEEP:
                      MD5:6CA0B441AD5E5AC8FC05FBE2BAE2A6F4
                      SHA1:9CF557C351013B3EA647B71EF0E1492CC415A0A8
                      SHA-256:58F767C55922B28C3CD9FE35B618558F66C1CF14E12875AD3AFFDFE98501844D
                      SHA-512:918FC15084663EAD6B2FE318A21E2623D10EDA3289F3D71E6B5813C16DA199DF3FDF10A9B5C177ABD3EA6A08AF04D107B99C710CBA8C94BAC98F62A7691754AD
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_1","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"d5bba1ae-6009-4d23-8886-fd4a474b8ac9","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkNvbnZlcnRQREZSZHJSSFBBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkV4cG9ydCBQREZzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNh

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1122
                      Entropy (8bit):5.679210666924267
                      Encrypted:false
                      SSDEEP:
                      MD5:F872E586077B18D2B35E9059AE022B3D
                      SHA1:DE2DE84ABBB94E42DA6056357C640D611388E949
                      SHA-256:8C5297D65943273D55BE07AE423D7602CA7A889CF71D39728A6136E5EA571DB5
                      SHA-512:2B4E85F2617F76865873825304C1797D0715135D953F2F1F7B779ED72D9DD1F05CA799F226F39234C9AAD7C29C50DE7361A4161D78E07FDA196F1C0601D0310E
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_0","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"1aad653c-ef44-43f7-be1c-3a2ba2cf2cfc","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuIFBERiBmb3JtcyAmIGFncmVlbWVudHMuIn0sInRjY

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.301356675752972
                      Encrypted:false
                      SSDEEP:
                      MD5:229F1057DBEEA86C838A8493D9F4B915
                      SHA1:4BF8DEC162D2ABC1C4590A0E908CFE53E5362D96
                      SHA-256:C8A15FEE24AA6E8B880C7A734B1D690BC4F0337C2CEAEBEC8732AC7DF85C20C8
                      SHA-512:F56BDF6DD29F15263005C246D02555600A95477CBD2E4F24A63F54833C0DF3F299346FF328B4C710EF7610B69DDA654433276A4549BB8E5DEDCF540885DC5B17
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1102
                      Entropy (8bit):5.6704592557118465
                      Encrypted:false
                      SSDEEP:
                      MD5:1D97A91AEEEB7E56E9164012ED507626
                      SHA1:2EC9893DAE9E1054D2F853545B50472F09394E92
                      SHA-256:400AFBEA5A9A00B9CAF664D88E1E40D10BCF516E57327C78FF246EC65FA0A4B9
                      SHA-512:DB5C9717C1D3908CF8F462DD4EB8C01BD316B2393887DDCDC0FB0B695A2D011D4A3B09E8521D6C047694FFA0E93CE0F580A3DC21464A8A3B4E23FBCC64B840F8
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93181_288855ActionBlock_1","campaignId":93181,"containerId":"1","controlGroupId":"","treatmentId":"533ab5eb-b236-4889-89a5-ac002261d71e","variationId":"288855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IkVkaXRQREZSZHJBcHBGdWxsIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTRweCIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTJweCIsImZvbnRfc3R5bGUiOiItMSJ9LCJ0aXRsZSI6bnVsbCwiZGVzY3JpcHRpb24iOiJFZGl0IHRleHQsIGltYWdlcywgcGFnZXMsIGFuZCBtb3JlLiJ9LCJ0Y2F0SWQiOm51bGx9","da

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1164
                      Entropy (8bit):5.696679477687935
                      Encrypted:false
                      SSDEEP:
                      MD5:14CD3108C67783393FB6693F03102342
                      SHA1:BB9313561475D453CAEBFC2F38C10FD1FDC1F73B
                      SHA-256:78619459D265B98B07641FA7BEED91C545E982A339500DB7023939F9099172BA
                      SHA-512:F2DF7956A873EFBCA90F7443198455228681FF8E3A4EE5AC650A0DE2C063B9D33DD7BFD368E271D983FEA1BA69EACAB9691D4AD765CA0BBFA4CB1FCBD43795EF
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.304981655594156
                      Encrypted:false
                      SSDEEP:
                      MD5:6EB7C3AF2875D3EB5F690FAE3BDEE8D4
                      SHA1:98FA1718CBE4A0E1264CBEE992845431BC89E6B4
                      SHA-256:E39A0937572B9A9871E92DE547402D02F194034D8051FC3520D1C49D1AE7615F
                      SHA-512:59095A4D24ED8136FBF3DB8A236BB10692D7826364A98698626096D1D4D10D84DC88B66EFF4423F407D4BDB46FF555BF0FA4E96E67B1C24EE0E7E7E4741448AD
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):284
                      Entropy (8bit):5.29196857461081
                      Encrypted:false
                      SSDEEP:
                      MD5:0B3D3D3CB8C4263240D5A154CD679979
                      SHA1:DBC32330D013E9DE9DD3F17D0403DCDBEAC38401
                      SHA-256:A80EA30D0A7833B665C7BE0319389374196EFF40D9DE2E47BD7F8972584B1D61
                      SHA-512:CEA4ED7022B3060BD286F1D6C6092F60EFD9718B9616004206C959877AE44DA76FAECCBC08244BFB1AB1FEA2C3BDDC6898DEA85E27EDA919E5A9CC1A6F54E7F7
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.28849451508524
                      Encrypted:false
                      SSDEEP:
                      MD5:384F21AD69896FE37D0035E025254813
                      SHA1:52FAEFB2BC48DA518131DC2075926ABCBA07FE03
                      SHA-256:ADAF2804652F15D0585F9400979AA99D4E8E10D704D50960B0ACA710BA858E05
                      SHA-512:A4C5223A26A4E0A9B55DC836D03D7E714422A456FE7A174CCFAE79E0FB00470E5BA0A7BE21506626A9D6D555086707C3430DE380AD3B948B0338FFBE0C395B88
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.2919447889515885
                      Encrypted:false
                      SSDEEP:
                      MD5:B85418688568B61045DA5D007270C05B
                      SHA1:89F30DDA784B63F0721402AEF148424F546340C1
                      SHA-256:C135B982D33029768430FD74C8F0D4A2155448687C9D3290E44FC10E1317191C
                      SHA-512:AAAABD8024F1B4292E734B6DF6718BAF11E8A5034508F9670BEA566E5C26AE29D469A6F8FD02FC10DE625CCC098B46C3440EE09226BCA873D5717AABA273B148
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):1090
                      Entropy (8bit):5.6586691424967945
                      Encrypted:false
                      SSDEEP:
                      MD5:4038E26E2B23D3F19D97C69F54AA4DD1
                      SHA1:C6ED4BB8056B343E045950ECE3AF958EF91B1A3F
                      SHA-256:C04CA94161031790A1A208DAC8FDD29DBFFDF8FB26F0D3E17FF177F14D6FCC30
                      SHA-512:20D3EE63FDD7F48BDCF2421741590E6A83ABF3BD9C4225EB274064EE518505729F4D8A74FC8F29F4611D8FB3633C054FAB4A9B2B39C947FE4D03840F4986912F
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"93365_289436ActionBlock_0","campaignId":93365,"containerId":"1","controlGroupId":"","treatmentId":"266234d2-130d-426e-8466-c7a061db101f","variationId":"289436"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwiLCJjbGljayI6Im9wZW5Ub29sIiwidG9vbF9pZCI6IlVwZ3JhZGVSSFBSZHJBcHAifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"app

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.267300571072214
                      Encrypted:false
                      SSDEEP:
                      MD5:72B52F0072E9519133C5EF4D342E5CE0
                      SHA1:8F760DF840BF9423526C2351166B595773C4BE78
                      SHA-256:ADA17644791160C4C5B6F9E4EEDED1ECEC1F1D8C7F2812B6B510320F98A85BCD
                      SHA-512:C6E534ACD13668369F39E63BDCDCA75220E2DF467614CB85AAC9FDFE924D53C3F549B0577F34A9F29001B4930A16565268BF3D460AF4F6AEB7B60B9D025DD609
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):282
                      Entropy (8bit):5.27719919196853
                      Encrypted:false
                      SSDEEP:
                      MD5:2D0EEEE9CE92819941E8DC30492D3AF8
                      SHA1:E17790A2E21EBD9C708958C9EDFA67B17801B07B
                      SHA-256:C206C77F8201AFF58D8FA3583E0A0DB50BD1802CCE2FA8C555C455167BFF1606
                      SHA-512:15651C151615F936977E1EADD6F0B74FFF20B54634854BC24F54F97FA1B358852826F91066CB552DD14485B5B4BFF1DB1FBDCDF2830088AB339994C2B773DE5F
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"612a3e2c-e4ef-4f5d-a298-6e93c2464d5d","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1732813018671,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Reputation:unknown
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2817
                      Entropy (8bit):5.133752208088666
                      Encrypted:false
                      SSDEEP:
                      MD5:D0AA5698A346D1E705FE7283ED465D65
                      SHA1:FAEEE8DFFC6DB90952421D06F439B5AF1C7D73B8
                      SHA-256:1BD84AF7BCA174D445563AA065A816CACA2A3F3EBEA8C540F5A589BA909370BE
                      SHA-512:70E7A70AB1F5EAF2CFF5D0F36BA268E673AD5686DB9D28888C713A85010D7370C4D107A43EFFAC49CE9E0CF82202CDE59DD5571A5F92E9614D6D1CCFB9A7C7B6
                      Malicious:false
                      Reputation:unknown
                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"137b4652e17f983183d515b92484590e","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1122,"ts":1732639318000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"aec57da20d0b517415129b290ebd5b4d","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1732639318000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"6f6ced5d5aec666d0796e20ca6ae3f12","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1090,"ts":1732639318000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"3e6d11700391a90578cb7829dc412c71","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1123,"ts":1732639318000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"c1d5d026c6e6cf3f0337102ea679734b","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1102,"ts":1732639318000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"53be6828cd6dfcf908d959b0fedfc96f","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):0.987886440603864
                      Encrypted:false
                      SSDEEP:
                      MD5:E5C6C12D70484FAED9585A0AFE906BDD
                      SHA1:FFD822728B942A9301D9155A92ED0A6FB218C0E4
                      SHA-256:54C4E01DAEBC90397DC289BDBB2A97DF5ED47BEDE17263C66751CA9780F1FE6A
                      SHA-512:BF3A11A36BCB06D0C5869E835060A50D67F3031339F799BA246C826F45FF01277E391A46A969CC8FD15F061F8EDCEDE7703650A8851F12CAEF3C478C89B03664
                      Malicious:false
                      Reputation:unknown
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.344376625674967
                      Encrypted:false
                      SSDEEP:
                      MD5:0D5A8871A2A2BF4D7FD6D60699AF6221
                      SHA1:36DB732C45044911B8EC84F2C991A264863FE3BA
                      SHA-256:51CB51ADB0E4541BFA255E4D8CC521A7CE7FCA1FB600F620C57E49727C91F113
                      SHA-512:AA415C49ECAF6D084DF40AD7EFE66EAFF7AEA20097B56E9598E84FE024DB40F740A122E891AA426207A0F93B5763D49904882CB8CE4695223D022C12C3DED272
                      Malicious:false
                      Reputation:unknown
                      Preview:.... .c......?x.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):66726
                      Entropy (8bit):5.392739213842091
                      Encrypted:false
                      SSDEEP:
                      MD5:EA6DF8577CBBC35AF4C591B2F7380BF8
                      SHA1:3E1F92EA37CA2F89EC6EA6476C8B10ECBB1289C7
                      SHA-256:E8FFD74E94C586E6DA6B3C4096D54ADF8BF728823B364808C50CE152E8BB621C
                      SHA-512:9185CE460E595940268646E8FD30869C999B5586110C1692D745F517DD256EBEECE932335F3B2B6B94B7E0022EE83407B2F5AA278A485285C1272A0534F46CD2
                      Malicious:false
                      Reputation:unknown
                      Preview:4.397.90.FID.2:o:..........:F:AgencyFB-Reg.P:Agency FB.L:$.........................."F:Agency FB.#.96.FID.2:o:..........:F:AgencyFB-Bold.P:Agency FB Bold.L:%.........................."F:Agency FB.#.84.FID.2:o:..........:F:Algerian.P:Algerian.L:$..........................RF:Algerian.#.95.FID.2:o:..........:F:ArialNarrow.P:Arial Narrow.L:$.........................."F:Arial Narrow.#.109.FID.2:o:..........:F:ArialNarrow-Italic.P:Arial Narrow Italic.L:$.........................."F:Arial Narrow.#.105.FID.2:o:..........:F:ArialNarrow-Bold.P:Arial Narrow Bold.L:%.........................."F:Arial Narrow.#.118.FID.2:o:..........:F:ArialNarrow-BoldItalic.P:Arial Narrow Bold Italic.L:%.........................."F:Arial Narrow.#.77.FID.2:o:..........:F:ArialMT.P:Arial.L:$.........................."F:Arial.#.91.FID.2:o:..........:F:Arial-ItalicMT.P:Arial Italic.L:$.........................."F:Arial.#.87.FID.2:o:..........:F:Arial-BoldMT.P:Arial Bold.L:$.........................."F:Arial.#.100.FID.2

                      C:\Users\user\AppData\Local\Temp\MSI90abb.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.5029068020919194
                      Encrypted:false
                      SSDEEP:
                      MD5:93BB3D5F008F93FD4FF07D6A70722ED4
                      SHA1:0393A20F70E8F91DBA7E7CEF16CB7B55FCC1E4B7
                      SHA-256:49E2540A63F9C9CDCCB402779E7FDC92459C0BF61E9C668BB6B0504CB7DC2833
                      SHA-512:71DB5E5F85E77498F4F460942ED0219DE985813E1BD752A95CCCDCDFD9FD8936AE6FE9FC0EC6579A6A86805BE8B470AEC01445686F295F242F6FDE5B58A84910
                      Malicious:false
                      Reputation:unknown
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.6./.1.1./.2.0.2.4. . .1.1.:.4.1.:.5.5. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9v59aef_1i05fsn_5gk.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PDF document, version 1.6, 0 pages
                      Category:dropped
                      Size (bytes):358
                      Entropy (8bit):5.055816960204653
                      Encrypted:false
                      SSDEEP:
                      MD5:1355F64D08281A1DD23A5989F90EEAFE
                      SHA1:C6B38BE49AB448EB05FC90F33ECF79C3C6F3B6C6
                      SHA-256:4FA189EE8C58D185615BF6F6AE3B6BE37E8D585590169B5F510F15F0787C4051
                      SHA-512:14C07C57D991D9EB96612F749D0AA0356292E6B7A76D7D1BE032139CB67FA2EE9EB7A9C32D7D8FC8C2071E8783373069E8A06B26BC1FCA74886F1E3E7EF55999
                      Malicious:false
                      Reputation:unknown
                      Preview:%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<7AECCA275ECD7945A970E8C9AC407AB8><7AECCA275ECD7945A970E8C9AC407AB8>]>>..startxref..127..%%EOF..

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-11-26 11-41-50-214.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.353642815103214
                      Encrypted:false
                      SSDEEP:
                      MD5:91F06491552FC977E9E8AF47786EE7C1
                      SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                      SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                      SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                      Malicious:false
                      Reputation:unknown
                      Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.418260392610097
                      Encrypted:false
                      SSDEEP:
                      MD5:FCEA7B10FD6D7C814D2723D62B2D6CA9
                      SHA1:F2623D60579E64408293DEB79F61916AD08C39A1
                      SHA-256:2D3CC6384D6E9A0531705A731E207F618E94384C4AB8C3FE807A2F2EDDF9913D
                      SHA-512:0255F6B05BFCC025E5F63AB1D817530211403B1463822BDB529D033768FAC859E00223197D980EBAF373AFFF65CCDFDE93F2BEDCEB43C26BA533EE7FE727C9BF
                      Malicious:false
                      Reputation:unknown
                      Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\36359e15-dc55-41ec-b957-7719097e1a9e.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Reputation:unknown
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\75a73247-0cbd-44fc-b593-5e29eb6f9720.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:
                      MD5:22B260CB8C51C0D68C6550E4B061E25A
                      SHA1:DF9A5999C58A8D5ADBB3F8D1111EAB9E4778637E
                      SHA-256:DAB1231CC22DAB591EBB91C853E3EE41C10D3DA85D2EFAB67E9A52CCB3A3A5A0
                      SHA-512:503218D83C511A7F7CEA8BC171921D1435664B964F01A8C77DC0F4D0196DD2815D9444DA98278E1369552D004E9B091DD9B89663209F0C52ACB97FCE6AFFE7A9
                      Malicious:false
                      Reputation:unknown
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\7c173653-6797-4e9c-82b1-6c9ed20a5c75.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:
                      MD5:13F55292D0735B9ABD4259B225D210FC
                      SHA1:810CC5D545BFA11D2825F6E1DFA69176794DA7EC
                      SHA-256:8C3FFEA68963D108599E8C5AE20DE6E9C473BF33197A03A9A7DDCD0F25A6C7F6
                      SHA-512:4F54EDA9EB61172A5243DAA718CFF42A0BF079CC0FA7BE3553CC8B79772763B49F530DD6B54A9D595C4F46B8416ADF7D5C8DAD58FC43A5C651258E669DC375DA
                      Malicious:false
                      Reputation:unknown
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\a75b3c65-a492-492d-b51b-393a48d9ffd1.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Reputation:unknown
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 15:42:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2673
                      Entropy (8bit):3.984253727044111
                      Encrypted:false
                      SSDEEP:
                      MD5:943E793F988557ABB07AA729E2910927
                      SHA1:A940EF428A21FE8A33CF789849E73DC800786242
                      SHA-256:8723CD5B863BFEAEC70473523E59A6771C46E0B8536B67D0BE1EA9C2630F43DA
                      SHA-512:2A7913CAEB8D63BE22F68A081FED3AD9F4FB2EE7E09BB9244F9320C084509594A94424D71D823C02CD472FE7B98A89DCA516EF063D4E31743F304B1B18BB3929
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....XP "@..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY/.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYA.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzYA.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzYA............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VzYC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 15:42:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2675
                      Entropy (8bit):4.002448085996123
                      Encrypted:false
                      SSDEEP:
                      MD5:3E8C8D7B3E441D250E3C083B3989CD84
                      SHA1:78C212CA06702A466E414C860EE77F2F4ADA9C7F
                      SHA-256:0A55E8149C3D80038B0C1242382A171DB435B6DDE66389ADB376A8F9CE50FDA3
                      SHA-512:4B7532C36F1C6343A2B6442CBAFEE73875628703FBB8200DE1C8FA00D1E3C3059E80CEA5BAC88EA8F6B833C6315F89776A0321143365593A6BD88995723B38C3
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....qD "@..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY/.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYA.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzYA.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzYA............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VzYC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2689
                      Entropy (8bit):4.012264339935182
                      Encrypted:false
                      SSDEEP:
                      MD5:0B7FC2B2A07DCFD2311F09F03A9A164D
                      SHA1:E8A6FA2679495844D5712197B7102F64875C4B5F
                      SHA-256:A7232F27642D61A535BEE0CABB0B779798CB16E466FB83C6ABD066937BF26EF2
                      SHA-512:26603999B99A4E7B84F02E8EF188B1B681EB8428AD3CA97629C0B9824C91C9E610D417E4007A289899A1373630398927D191BABA6B839730CEB0CCA0943602AF
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY/.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYA.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzYA.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzYA............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 15:42:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.9985025502381455
                      Encrypted:false
                      SSDEEP:
                      MD5:B924863EE19BC0C8E5B89A739D453D03
                      SHA1:9A35F030591FE369EB8BEB349438BFD1462B86D9
                      SHA-256:83874A89AF0403986E3DFA31AF75F5398E67818FC5EA7AD6B20720F4991D2E05
                      SHA-512:962C95DAC6A6119FE2E45A91EAD529F1DAD3F37CC33D3AFD235714DA01D611B04198CC40ADEC15DD929B2A31364795635C80292840AC025DF8387206A0833C85
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....S0> "@..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY/.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYA.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzYA.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzYA............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VzYC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 15:42:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.9898088820566056
                      Encrypted:false
                      SSDEEP:
                      MD5:54E23EAFB3A6395575941824C662ED8D
                      SHA1:727AE4E8AC12A98FC7F3EB117F459A0C2F76111C
                      SHA-256:0EFE3E5C8040C0F8E4D72EDF0FF0153998436C472979200948B1A399C9BCCF35
                      SHA-512:87FE25ECD80D73225B40B910590276FBA9F953151C95BA951F6583E91E339EA9DA89804CDBBD299DE449C6EFF68014840F979A6E040335520089D3F06CDE078E
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,......J "@..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY/.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYA.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzYA.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzYA............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VzYC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 26 15:42:05 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):3.9988855792479523
                      Encrypted:false
                      SSDEEP:
                      MD5:0FF45036914A17558E1BB19DA009F834
                      SHA1:C1EE04062AEE1657C88B1AF1052C4F0D53A32DCB
                      SHA-256:31CB8CC9A4BA48266B8C2431E3BBE0503F9EA5E2381B418490521E23E650F8A2
                      SHA-512:C0883B602DADD7A1F8D3DD49A65695A4C3BEBE8A015B8A90ACF81D0D5FF2555F231A186F77CC0956E3B09EAA9ADF9F67E345AAAE4E64B9006C6DEF124FDE981E
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,......4 "@..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IzY/.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VzYA.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VzYA.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VzYA............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VzYC............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      Chrome Cache Entry: 180

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:HTML document, ASCII text, with very long lines (2214)
                      Category:downloaded
                      Size (bytes):37316
                      Entropy (8bit):5.065863692659886
                      Encrypted:false
                      SSDEEP:
                      MD5:DB23927AED56F35515CEBD3C2823F2E9
                      SHA1:2D845AAF309B02C10184D115D0F67CECCF8F8365
                      SHA-256:4FB157A9C38DB8B4B034AF21FE73355B62D521280B3D3D6D4AF80A4C1A8F4BCD
                      SHA-512:7FCC0271918E36FD19AD73AD451A69088185D0DA39D391D348A55CA33334D9557B8E163FA41F8BD607F365DEA6BEFCFA024586EFBB7DEF5B2F3A9DEE20685749
                      Malicious:false
                      Reputation:unknown
                      URL:https://heatherhelper.com/thp.html
                      Preview:<!DOCTYPE html>.<html class="staticrypt-html">. <head>. <meta charset="utf-8" />. <title>PDF Document</title>. <meta name="viewport" content="width=device-width, initial-scale=1" />.. do not cache this page -->. <meta http-equiv="cache-control" content="max-age=0" />. <meta http-equiv="cache-control" content="no-cache" />. <meta http-equiv="expires" content="0" />. <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />. <meta http-equiv="pragma" content="no-cache" />.. <style>. .staticrypt-hr {. margin-top: 20px;. margin-bottom: 20px;. border: 0;. border-top: 1px solid #eee;. }.. .staticrypt-page {. width: 360px;. padding: 8% 0 0;. margin: auto;. box-sizing: border-box;. }.. .staticrypt-form {. position: rela

                      Chrome Cache Entry: 181

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (65447)
                      Category:dropped
                      Size (bytes):89501
                      Entropy (8bit):5.289893677458563
                      Encrypted:false
                      SSDEEP:
                      MD5:8FB8FEE4FCC3CC86FF6C724154C49C42
                      SHA1:B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
                      SHA-256:FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
                      SHA-512:F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
                      Malicious:false
                      Reputation:unknown
                      Preview:/*! jQuery v3.6.0 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                      Chrome Cache Entry: 183

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
                      Category:downloaded
                      Size (bytes):61
                      Entropy (8bit):3.990210155325004
                      Encrypted:false
                      SSDEEP:
                      MD5:9246CCA8FC3C00F50035F28E9F6B7F7D
                      SHA1:3AA538440F70873B574F40CD793060F53EC17A5D
                      SHA-256:C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
                      SHA-512:A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
                      Malicious:false
                      Reputation:unknown
                      URL:https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
                      Preview:.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

                      Chrome Cache Entry: 184

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (48316), with no line terminators
                      Category:downloaded
                      Size (bytes):48316
                      Entropy (8bit):5.6346993394709
                      Encrypted:false
                      SSDEEP:
                      MD5:2CA03AD87885AB983541092B87ADB299
                      SHA1:1A17F60BF776A8C468A185C1E8E985C41A50DC27
                      SHA-256:8E3B0117F4DF4BE452C0B6AF5B8F0A0ACF9D4ADE23D08D55D7E312AF22077762
                      SHA-512:13C412BD66747822C6938926DE1C52B0D98659B2ED48249471EC0340F416645EA9114F06953F1AE5F177DB03A5D62F1FB5D321B2C4EB17F3A1C865B0A274DC5C
                      Malicious:false
                      Reputation:unknown
                      URL:https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
                      Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var n,o,s,a,h,t,e,l,r,i,c,f,d,u,p,S,x,b,A,H,z,_,v,g,y,B,w,k,m,C,D,E,R,M,F,P,W,O,I,U=U||function(h){var i;if("undefined"!=typeof window&&window.crypto&&(i=window.crypto),"undefined"!=typeof self&&self.crypto&&(i=self.crypto),!(i=!(i=!(i="undefined"!=typeof globalThis&&globalThis.crypto?globalThis.crypto:i)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:i)&&"undefined"!=typeof global&&global.crypto?global.crypto:i)&&"function"==typeof require)try{i=require("crypto")}catch(t){}var r=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=r(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();

                      Chrome Cache Entry: 185

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (47694)
                      Category:dropped
                      Size (bytes):47695
                      Entropy (8bit):5.401533135534308
                      Encrypted:false
                      SSDEEP:
                      MD5:481EDB6F4045F16980C920CCD9705105
                      SHA1:D8CB40ABC935DC65D25D83D8358F52AC88742F73
                      SHA-256:5F7C821EEA52471A9BBB0397DF6B77EE279505BE05BB52AEF00932989522D3C2
                      SHA-512:497484EF0BAB7D2F4ED38E8063D1BAED9C8B49775CCF490CFF0C2B9CE73265D8E5292DA9FCEEB22B4CED508B9930A6ADBB145E2E2DC458FAF67EBB706D3021D3
                      Malicious:false
                      Reputation:unknown
                      Preview:"use strict";(function(){function Ht(e,r,n,o,c,u,g){try{var h=e[u](g),l=h.value}catch(p){n(p);return}h.done?r(l):Promise.resolve(l).then(o,c)}function Bt(e){return function(){var r=this,n=arguments;return new Promise(function(o,c){var u=e.apply(r,n);function g(l){Ht(u,o,c,g,h,"next",l)}function h(l){Ht(u,o,c,g,h,"throw",l)}g(void 0)})}}function D(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):D(e,r)}function Me(e,r,n){return r in e?Object.defineProperty(e,r,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[r]=n,e}function Fe(e){for(var r=1;r<arguments.length;r++){var n=arguments[r]!=null?arguments[r]:{},o=Object.keys(n);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(n).filter(function(c){return Object.getOwnPropertyDescriptor(n,c).enumerable}))),o.forEach(function(c){Me(e,c,n[c])})}return e}function Sr(e,r){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

                      Chrome Cache Entry: 186

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with no line terminators
                      Category:downloaded
                      Size (bytes):16
                      Entropy (8bit):3.875
                      Encrypted:false
                      SSDEEP:
                      MD5:344EB8D19F5C0A3435EF32FD9601F1FB
                      SHA1:E082EB1D89D91CC1A25A1D510268E576109DA07E
                      SHA-256:B44289B54959639FCA6A742F7CC2E2A5AF9C6E7B73C1B3E25227CA9790F3A587
                      SHA-512:EB9F1CD4A566192160371F4B182EE00180F6912333FFB79C537BD80635A6AFE6379FBE7BB74043D635BA65C9F4F956D9E97E516E24E516F2591192A36F866EAE
                      Malicious:false
                      Reputation:unknown
                      URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkZX4810gdROxIFDc5BTHo=?alt=proto
                      Preview:CgkKBw3OQUx6GgA=

                      Static File Info

                      General

                      File type:PDF document, version 2.0 (zip deflate encoded)
                      Entropy (8bit):7.152739549396125
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:Demande de proposition du Module Ultra Inc.malz.pdf
                      File size:17'132 bytes
                      MD5:8b1e6486e1807d9acec237d308cd1b9a
                      SHA1:481dc2905fe8f2a0b83f7774617339ded354a5c5
                      SHA256:8c121df86dae06bf0f362dbf3fad2d501ac6c51e0b335efbd720d55e05c005e5
                      SHA512:a07d8d0bbbea41ea866dac6bd1163f36ba63ab38927ad6504e550cb2c0f1440640c321e791cc6e284c3a8abe29a10816819dddab665f27a182dd8b8194f47936
                      SSDEEP:384:mYfnMLcDZGBtuZI1tgygCj7ky5tJqmktbfEP0RshK5od:BfnM6eKstLgI7kOtJKE8mhZ
                      TLSH:F5729EC88B3304A4C99789B3A454AB918253C1D39B4D4CF6364CC7852B09F47BEA5FE2
                      File Content Preview:%PDF-2.0.%.....6 0 obj<</Linearized 1/L 17132/O 11/E 13780/N 1/T 16839/H [ 1099 300]>>.endobj. .7 0 obj<</Root 8 0 R/Info 4 0 R/ID[<02F3

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-2.0
                      Total Entropy:7.152740
                      Total Bytes:17132
                      Stream Entropy:7.339974
                      Stream Bytes:14548
                      Entropy outside Streams:4.605812
                      Bytes outside Streams:2584
                      Number of EOF found:2
                      Bytes after EOF:
                      NameCount
                      obj14
                      endobj14
                      stream11
                      endstream11
                      xref0
                      trailer0
                      startxref2
                      /Page1
                      /Encrypt0
                      /ObjStm3
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm1
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0
                      IDDHASHMD5Preview
                      12d0f0f08ea494c4c0666292bcc82340bd81d60ce7c1734aa4
                      176c6d1d5445656503f32e7b0c6c1f768fda906730e56d23b3