Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
Staff Pay Adjustments.pdf

Overview

General Information

Sample name:Staff Pay Adjustments.pdf
Analysis ID:1675714
MD5:6731a86933e851bc3e6f5bc443110766
SHA1:deb525535f3aa3f273b570f217ded3204128e9fd
SHA256:bff493e2aeb867a1d11e3357372310226fd1b3634b0fe02657099b86e1ab64e4
Infos:

Detection

Score:20
Range:0 - 100
Confidence:60%

Signatures

AI detected landing page (webpage, office document or email)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • Acrobat.exe (PID: 7088 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Staff Pay Adjustments.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
    • AcroCEF.exe (PID: 6220 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
      • AcroCEF.exe (PID: 3096 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1540,i,4064320436729996704,1473693971290279962,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • chrome.exe (PID: 6280 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument about:blank MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2092,i,16827328142346780368,10528204256375826731,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 7796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trainman.thewoodengarden.com/line?line_id=U6yJUltLRZrX&lambdam9SrKq=x3AorHgK3UPAajY0cmRGBARQsgmGKMYKDecbmrFDDvRCPJVpJox4g7oBiL2Qa3iZTJvYNm%2B599fyYSlNwTc2IABR4T%2FQIxRnzMfPSMog3KB1wZ6tc%2BFk7gGla%2FcAJTU855yjLarAKsjZgmqjhGDvTOOKEYGUdcAqyIcMSKe5i0a8NAmD2P9GZelKdv9H&rose=joao.abreu&petal=om-digitalsolutions.com&r1=SkpoFjO9VfP&r2=6ds2W3FWu7O MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: PDF documentJoe Sandbox AI: PDF document contains QR code
Source: https://trainman.thewoodengarden.com/line?line_id=U6yJUltLRZrX&lambdam9SrKq=x3AorHgK3UPAajY0cmRGBARQsgmGKMYKDecbmrFDDvRCPJVpJox4g7oBiL2Qa3iZTJvYNm%2B599fyYSlNwTc2IABR4T%2FQIxRnzMfPSMog3KB1wZ6tc%2BFk7gGla%2FcAJTU855yjLarAKsjZgmqjhGDvTOOKEYGUdcAqyIcMSKe5i0a8NAmD2P9GZelKdv9H&rose=joao.abreu&petal=om-digitalsolutions.com&r1=SkpoFjO9VfP&r2=6ds2W3FWu7OHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.176.4:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 7MB later: 37MB
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.190.194
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.219.177
Source: unknownTCP traffic detected without corresponding DNS query: 20.190.190.194
Source: unknownTCP traffic detected without corresponding DNS query: 23.55.219.177
Source: global trafficHTTP traffic detected: GET /line?line_id=U6yJUltLRZrX&lambdam9SrKq=x3AorHgK3UPAajY0cmRGBARQsgmGKMYKDecbmrFDDvRCPJVpJox4g7oBiL2Qa3iZTJvYNm%2B599fyYSlNwTc2IABR4T%2FQIxRnzMfPSMog3KB1wZ6tc%2BFk7gGla%2FcAJTU855yjLarAKsjZgmqjhGDvTOOKEYGUdcAqyIcMSKe5i0a8NAmD2P9GZelKdv9H&rose=joao.abreu&petal=om-digitalsolutions.com&r1=SkpoFjO9VfP&r2=6ds2W3FWu7O HTTP/1.1Host: trainman.thewoodengarden.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trainman.thewoodengarden.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trainman.thewoodengarden.com/line?line_id=U6yJUltLRZrX&lambdam9SrKq=x3AorHgK3UPAajY0cmRGBARQsgmGKMYKDecbmrFDDvRCPJVpJox4g7oBiL2Qa3iZTJvYNm%2B599fyYSlNwTc2IABR4T%2FQIxRnzMfPSMog3KB1wZ6tc%2BFk7gGla%2FcAJTU855yjLarAKsjZgmqjhGDvTOOKEYGUdcAqyIcMSKe5i0a8NAmD2P9GZelKdv9H&rose=joao.abreu&petal=om-digitalsolutions.com&r1=SkpoFjO9VfP&r2=6ds2W3FWu7OAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
Source: global trafficDNS traffic detected: DNS query: trainman.thewoodengarden.com
Source: global trafficDNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
Source: unknownHTTP traffic detected: POST /report/v4?s=idrI9oGHQpHqH%2BAHqFXXyehgZ7qpFf7Hv4J836%2BP3eeknx97D6BOibutRwuzwvMgPmwbOHH%2BVoX9rwGeZLyGwNILzTTS4zK21nELZaXLMc9ciaB624rVhGXpnfEAwO029EqS4cvCIdGjp8vIDluW HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 708Content-Type: application/reports+jsonOrigin: https://trainman.thewoodengarden.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 27 Apr 2025 23:29:32 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 9Connection: closeServer: cloudflareNel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Cf-Ray: 93721a41cfa283f7-LAXReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H29Pz56Czzel9pk%2FnJjL3RScylUY7SuVHIy0qXdVBIdPUQhdFSS17lUtmc3dv1YvkCLL3y83lQI8e1mI3q2ALQ7iIsciEyHM1dTogVS8E%2BnH5LPkO9b%2FvTxMB5bp9o77SZd7fv8Rxw0URpH4MgbW"}],"group":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=149754&min_rtt=149058&rtt_var=32139&sent=6&recv=8&lost=0&retrans=0&sent_bytes=3059&recv_bytes=1502&delivery_rate=27079&cwnd=252&unsent_bytes=0&cid=2d535380e90b06d4&ts=1404&x=0"
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.16:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 142.250.176.4:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: classification engineClassification label: sus20.winPDF@38/40@7/152
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-27 19-29-29-537.log
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA
Source: unknownProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Staff Pay Adjustments.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument about:blank
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1540,i,4064320436729996704,1473693971290279962,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2092,i,16827328142346780368,10528204256375826731,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://trainman.thewoodengarden.com/line?line_id=U6yJUltLRZrX&lambdam9SrKq=x3AorHgK3UPAajY0cmRGBARQsgmGKMYKDecbmrFDDvRCPJVpJox4g7oBiL2Qa3iZTJvYNm%2B599fyYSlNwTc2IABR4T%2FQIxRnzMfPSMog3KB1wZ6tc%2BFk7gGla%2FcAJTU855yjLarAKsjZgmqjhGDvTOOKEYGUdcAqyIcMSKe5i0a8NAmD2P9GZelKdv9H&rose=joao.abreu&petal=om-digitalsolutions.com&r1=SkpoFjO9VfP&r2=6ds2W3FWu7O
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding DEEBC9AFE37ED8D4C88D64F5C54C634F
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2140 --field-trial-handle=1540,i,4064320436729996704,1473693971290279962,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2092,i,16827328142346780368,10528204256375826731,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Staff Pay Adjustments.pdfInitial sample: PDF keyword /JS count = 0
Source: Staff Pay Adjustments.pdfInitial sample: PDF keyword /JavaScript count = 0
Source: Staff Pay Adjustments.pdfInitial sample: PDF keyword /EmbeddedFile count = 0
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Process Injection		LSASS Memory1
System Information Discovery		Remote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Extra Window Memory Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Staff Pay Adjustments.pdf0%VirustotalBrowse
Staff Pay Adjustments.pdf0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://trainman.thewoodengarden.com/favicon.ico0%Avira URL Cloudsafe
https://a.nel.cloudflare.com/report/v4?s=H29Pz56Czzel9pk%2FnJjL3RScylUY7SuVHIy0qXdVBIdPUQhdFSS17lUtmc3dv1YvkCLL3y83lQI8e1mI3q2ALQ7iIsciEyHM1dTogVS8E%2BnH5LPkO9b%2FvTxMB5bp9o77SZd7fv8Rxw0URpH4MgbW0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    		high
    a.nel.cloudflare.com
    		35.190.80.1
    		truefalse
      		high
      e8652.dscx.akamaiedge.net
      		184.29.21.112
      		truefalse
        		high
        wu-xlc.download.windowsupdate.com.i.cngslb.com
        		36.249.80.85
        		truefalse
          		unknown
          edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com
          		84.201.221.24
          		truefalse
            		high
            trainman.thewoodengarden.com
            		104.21.48.1
            		truefalse
              		unknown
              www.google.com
              		142.250.176.4
              		truefalse
                		high
                x1.i.lencr.org
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://x1.i.lencr.org/false
                    		high
                    https://trainman.thewoodengarden.com/line?line_id=U6yJUltLRZrX&lambdam9SrKq=x3AorHgK3UPAajY0cmRGBARQsgmGKMYKDecbmrFDDvRCPJVpJox4g7oBiL2Qa3iZTJvYNm%2B599fyYSlNwTc2IABR4T%2FQIxRnzMfPSMog3KB1wZ6tc%2BFk7gGla%2FcAJTU855yjLarAKsjZgmqjhGDvTOOKEYGUdcAqyIcMSKe5i0a8NAmD2P9GZelKdv9H&rose=joao.abreu&petal=om-digitalsolutions.com&r1=SkpoFjO9VfP&r2=6ds2W3FWu7Ofalse
                      		unknown
                      https://trainman.thewoodengarden.com/favicon.icofalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://a.nel.cloudflare.com/report/v4?s=H29Pz56Czzel9pk%2FnJjL3RScylUY7SuVHIy0qXdVBIdPUQhdFSS17lUtmc3dv1YvkCLL3y83lQI8e1mI3q2ALQ7iIsciEyHM1dTogVS8E%2BnH5LPkO9b%2FvTxMB5bp9o77SZd7fv8Rxw0URpH4MgbWfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      104.21.48.1
                      		trainman.thewoodengarden.comUnited States
                      		13335CLOUDFLARENETUSfalse
                      1.1.1.1
                      		unknownAustralia
                      		13335CLOUDFLARENETUSfalse
                      74.125.137.84
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      84.201.221.24
                      		edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.comPoland
                      		34390NPLAYTELEKOM-AS-PONPLfalse
                      104.122.28.154
                      		unknownUnited States
                      		16625AKAMAI-ASUSfalse
                      142.250.68.238
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.68.227
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.176.4
                      		www.google.comUnited States
                      		15169GOOGLEUSfalse
                      162.159.61.3
                      		unknownUnited States
                      		13335CLOUDFLARENETUSfalse
                      142.250.217.142
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      52.5.13.197
                      		unknownUnited States
                      		14618AMAZON-AESUSfalse
                      184.29.21.112
                      		e8652.dscx.akamaiedge.netUnited States
                      		20940AKAMAI-ASN1EUfalse
                      35.190.80.1
                      		a.nel.cloudflare.comUnited States
                      		15169GOOGLEUSfalse
                      72.246.156.199
                      		unknownUnited States
                      		16625AKAMAI-ASUSfalse
                      142.250.72.163
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.189.14
                      		unknownUnited States
                      		15169GOOGLEUSfalse
                      142.250.188.227
                      		unknownUnited States
                      		15169GOOGLEUSfalse

                      Private

                      IP
                      192.168.2.16

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1675714
                      Start date and time:2025-04-28 01:28:25 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:17
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Sample name:Staff Pay Adjustments.pdf
                      Detection:SUS
                      Classification:sus20.winPDF@38/40@7/152
                      Cookbook Comments:
                      • Found application associated with file extension: .pdf
                      • Exclude process from analysis (whitelisted): SgrmBroker.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 184.85.78.223
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenFile calls found.
                      • VT rate limit hit for: trainman.thewoodengarden.com

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):290
                      Entropy (8bit):5.223534300102146
                      Encrypted:false
                      SSDEEP:
                      MD5:ECEE6FE29260AEB24D7AED9FEBAEF466
                      SHA1:B835F1EF6F710780FD3C10AB4A9D9988EFAEFB2E
                      SHA-256:46A456F866BC1F4DB17D5996BC8AE95363AF053D0CFE8ACB30F6AFD57A2EAD3C
                      SHA-512:A08EEACBA54B2DE27770EA91826E1631BBF73342DDF033C471A09EF24AD3FF13F6B07C3BF0367BBD63D544D9D1B98511FB4474C9D2C27E7E6E97FD7298AFD9F9
                      Malicious:false
                      Reputation:unknown
                      Preview:2025/04/27-19:29:29.011 1834 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/04/27-19:29:29.014 1834 Recovering log #3.2025/04/27-19:29:29.014 1834 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):331
                      Entropy (8bit):5.206755724978766
                      Encrypted:false
                      SSDEEP:
                      MD5:0B44CEF7A439699B199A63C21ECDE13C
                      SHA1:52E02816F36F409CEB2BC0CC5A0433DD3041EF29
                      SHA-256:6E0571A1F4E76DB17F6E7F3E38A7DA2F25014CF521A5B93883D2ED9E9EFDBED2
                      SHA-512:9DB6627C2FA529C5F2FBBB03E0009C078D616038DE2CC773A1745C45D46FDE2B2C9E8C046079EE1C82CB96B00CA81F3912031D9C0356DAA273EBF3ECC6A1D2EE
                      Malicious:false
                      Reputation:unknown
                      Preview:2025/04/27-19:29:28.837 83c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2025/04/27-19:29:28.842 83c Recovering log #3.2025/04/27-19:29:28.843 83c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):0
                      Entropy (8bit):0.0
                      Encrypted:false
                      SSDEEP:
                      MD5:15F6358122EE11BBF2BC3287A2E00DEB
                      SHA1:2F57C8E786B127BF67025A253EBD7EB0EF3300EC
                      SHA-256:66A1F2C7050432310F3F42E03C65FA0275F3D6EB72EB68BBDFDC21D5EE011C07
                      SHA-512:FFD71D0B0CEE0D02245CF66D9CA3B280D528E4AA5823B4FC8332DF57D82429012BBE21B8D3494EAA3B55B7C09C31167EF180B88799A25C793F6D55D561F7C15C
                      Malicious:false
                      Reputation:unknown
                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13390356579825854","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":141492},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b0e29c4c-1931-4836-bedb-016021e81e26.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):403
                      Entropy (8bit):4.988102182373151
                      Encrypted:false
                      SSDEEP:
                      MD5:15F6358122EE11BBF2BC3287A2E00DEB
                      SHA1:2F57C8E786B127BF67025A253EBD7EB0EF3300EC
                      SHA-256:66A1F2C7050432310F3F42E03C65FA0275F3D6EB72EB68BBDFDC21D5EE011C07
                      SHA-512:FFD71D0B0CEE0D02245CF66D9CA3B280D528E4AA5823B4FC8332DF57D82429012BBE21B8D3494EAA3B55B7C09C31167EF180B88799A25C793F6D55D561F7C15C
                      Malicious:false
                      Reputation:unknown
                      Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13390356579825854","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":141492},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4099
                      Entropy (8bit):5.229215495169319
                      Encrypted:false
                      SSDEEP:
                      MD5:A228FDC1118714880A11351930C8B459
                      SHA1:BB7A025194014A511CE32449A46ECA04F4B065AE
                      SHA-256:B21F3B23E6F10852FA59AA3007FA3DAE4D834EBE021F43DDEF0E74AC494BC065
                      SHA-512:97F3FCEB5D271C30E541CFB9BC715D47190572E16261CF82336DE735D3A0A63F9AEE41BF056C63704122344A454EA1BB3C1CAEB52E131B04590C0BFE5C977A73
                      Malicious:false
                      Reputation:unknown
                      Preview:*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

                      C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:ASCII text
                      Category:dropped
                      Size (bytes):319
                      Entropy (8bit):5.191253993126557
                      Encrypted:false
                      SSDEEP:
                      MD5:705D55DCE62F032895425A4A9261A7D7
                      SHA1:B32FBCE051244821A1295D3ADAEB898B06ED393F
                      SHA-256:AD433C386605CD2D5FEAB4BE4FB0308AEEC570759F2AF189AC40BF837E61DFBA
                      SHA-512:DEC274F311D0AD0B488B88B11EDD0C5506F29648879A40A87A3C443FC7F5F2AE466588C1F7EFDDBD0862727CCA2D73FFC0ABF959ABD176D8F91D3FC8B64C0641
                      Malicious:false
                      Reputation:unknown
                      Preview:2025/04/27-19:29:29.088 83c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2025/04/27-19:29:29.090 83c Recovering log #3.2025/04/27-19:29:29.092 83c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250427232931Z-173.bmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
                      Category:dropped
                      Size (bytes):65110
                      Entropy (8bit):2.5233206267657757
                      Encrypted:false
                      SSDEEP:
                      MD5:9F72AFDD089AE0A67ADAF311D295D996
                      SHA1:A5EA8F643615B8528AC9B2D22AF227B49A47FA41
                      SHA-256:7ACF8AAC853F14CD885C022999A65D0B118B9C02300FFDDCF207A400C6C96CE7
                      SHA-512:BFB97C86CD65F32F225B90C484C679754C3746A07BD2BFA64EAACC2C277EB8C8482F763C12232729252FF4B71BBDC1ABAF1EDCD3DC614F2C11577C5E994CBD46
                      Malicious:false
                      Reputation:unknown
                      Preview:BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
                      Category:dropped
                      Size (bytes):57344
                      Entropy (8bit):3.291927920232006
                      Encrypted:false
                      SSDEEP:
                      MD5:A4D5FECEFE05F21D6F81ACF4D9A788CF
                      SHA1:1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
                      SHA-256:83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
                      SHA-512:FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
                      Malicious:false
                      Reputation:unknown
                      Preview:SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):16928
                      Entropy (8bit):1.215215420186436
                      Encrypted:false
                      SSDEEP:
                      MD5:14448F3FEC2DE371CEBC3BCD77053464
                      SHA1:B18A0D1734C2BA128DF406BA0FBBAE293144CAC8
                      SHA-256:0B6E03C4D4A8FE90772634E6C83A60538D9CB2B6D4D1E0844EDE76CD2AF29075
                      SHA-512:55E2C400C380184B256B21F90223B8B482CB6A5643EC64CE802EA048521133CBB81845FBDACECB9A71A33F2DF9D7E3625D26F352CCDDF4764885069CD13D59BD
                      Malicious:false
                      Reputation:unknown
                      Preview:.... .c.....Y..4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Certificate, Version=3
                      Category:dropped
                      Size (bytes):1391
                      Entropy (8bit):7.705940075877404
                      Encrypted:false
                      SSDEEP:
                      MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                      SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                      SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                      SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                      Malicious:false
                      Reputation:unknown
                      Preview:0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                      Category:dropped
                      Size (bytes):73305
                      Entropy (8bit):7.996028107841645
                      Encrypted:true
                      SSDEEP:
                      MD5:83142242E97B8953C386F988AA694E4A
                      SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                      SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                      SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                      Malicious:false
                      Reputation:unknown
                      Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):192
                      Entropy (8bit):2.7673182398396405
                      Encrypted:false
                      SSDEEP:
                      MD5:10F44CCAD0A2D6953DDE5385814A0E04
                      SHA1:254FE15A9B053024C6B52D2BADA0AC2A436F3665
                      SHA-256:E0FE0554139F89D5A82793CC177102A6508281C1F4C33A743772C0607DE59CCB
                      SHA-512:50CE6756D454FEE4770E7736242EF76C812080A3D0CE68D165E11B05FE9A0CBE7A856DA7C35644741AC7C563081E05E058C8B3C9C0A74958178306C886FAD150
                      Malicious:false
                      Reputation:unknown
                      Preview:p...... ...........>...(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):330
                      Entropy (8bit):3.173817886722043
                      Encrypted:false
                      SSDEEP:
                      MD5:102FF1A78FA76601759237ACA9C02722
                      SHA1:4F81B98C711715B5DAF03E33546E3D5950F2590F
                      SHA-256:4C519227FF60DD5000ADABDDC8D51EF01631592FAB98445E0B987837543CC988
                      SHA-512:6C09F53B31FA1C5522ECE11690E11FC3D885F0C50942350721F72A9135D2FCB022FB048DB003048DE9AB8D0CAFA9D334F1834FD86610230368006E51F71000A3
                      Malicious:false
                      Reputation:unknown
                      Preview:p...... .........^.Q...(....................................................... ..................(...........Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.383363662553707
                      Encrypted:false
                      SSDEEP:
                      MD5:4102B859473B22994818889F74EC0BF2
                      SHA1:ED7734D5C7D0ED40F344DDD77F43887D69C6C1E8
                      SHA-256:51C73C93FF44F400AFE2BD184982B705A2848693DC6BEF246FF4A8E05BA09FA7
                      SHA-512:82D1BF6DE4FFA26242979DAE7B64C894B0416129423FD14B82568F2CEB58F273F0114BF6752879DE8989674EE3BB1F311429EE188825F4FD791B6543EDD2767F
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.335104734656741
                      Encrypted:false
                      SSDEEP:
                      MD5:9B7B7C977BAB7A29E0E8CB477DB902F7
                      SHA1:C9F4D8596180552BDDA3EA646D9B12396580D138
                      SHA-256:BAAD8AEAF74BDE63E1AA0EC8B22F80658387546EDD3D55A89A8603D5C701688F
                      SHA-512:A3559B5E6FA2BC2671574FB255EF0215CB679C9672730BFCDB399DAD49E20F9E13C0A0A5C48159091AA0C7F92673832CEE23EB2DA54F72C3F0AFCD4F22B2F2A2
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):294
                      Entropy (8bit):5.314302482625946
                      Encrypted:false
                      SSDEEP:
                      MD5:0B2ECB4B366D75F8D263E19F20D2FD1C
                      SHA1:4DA8AFA9330E6637583BA5D3503B9C8EE1DB26EF
                      SHA-256:774E6FAAF854FF4C8D402DBD8DD1222EF48D9D10DAE454EE4A56B9BC1B3BAA2C
                      SHA-512:67356B9FE8422F5C466DFB8EDD4A49426DB0FBB936585B695CEF5F8117BFB2279F3288F7730025FD66BDDF49EA35E61E5247FA91A9B417BF0A070522A85E4EA4
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):285
                      Entropy (8bit):5.372445615373177
                      Encrypted:false
                      SSDEEP:
                      MD5:BF6035C8273CDD1BAD107832A6E01C28
                      SHA1:B934096D9693F6043455566D0E04F411D726CA3A
                      SHA-256:3110C47C11D08BA8F22A3A0FD8D1D2FFFF7A17D61D9B434239C0E175A3F3C3EA
                      SHA-512:40FD88C3F6ED7655CDEF44FE32A8DDF19D4E7695A86BCA04994E4323FDCCFE6A91BE8A6692195E9200EE26210D8CBC9CD832D2413838BF34C2DE2B78108FB173
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2213
                      Entropy (8bit):5.849349565969869
                      Encrypted:false
                      SSDEEP:
                      MD5:4E2FB6B84DB8C5C356B970FD03D417AA
                      SHA1:1A1459688812ABDE313B02154B75635F5BA578C3
                      SHA-256:9C1AF1B2084130001D6E979B6F1264909BFE78847B082C333F0454AFF44C670D
                      SHA-512:01239BCAD884C2A4604A0D7508D425D7D07A0FB7BCE1AEBF0C79478BE6B5E918336D2E7C7B508FB97728096B00AB76697FF192FAE41925CC7B40141C8FDB75E1
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_1","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"5a9d1955-ab74-4b89-837a-074b702313c0","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2NvbnZlcnQiLCJfaWQiOiJlYjYyOWYwOC00YmZiLTRkYmEtYjQzNC01MzUyZTg1MGU4NWYiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRXhwb3J0IFBERnMgdG8gTWljcm9zb2Z0IFdvcmQgYW5kIEV4Y2VsLiIsImN0YUxhYmVsIjpudWxsLCJjdGFCZW

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.320600802427381
                      Encrypted:false
                      SSDEEP:
                      MD5:CDAE67F9C098E9AB4B90C5761C0D7144
                      SHA1:F63E58FEB2C7F8616DC75A514A0EA33C1BFCA0B8
                      SHA-256:9A1E1CADA1BF555B84A4BA79F40C8387855825C3020A3D63C6AE894DECB29B6C
                      SHA-512:16344518C0943C17700AB61A9F32F461A2D8AC32088F07C8956B121CB27453F14D057408A1AD66C2A1E3D7BE89385A9E6E0668F1FBC2194BC0D51B1BD36B3C09
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):292
                      Entropy (8bit):5.323623001281229
                      Encrypted:false
                      SSDEEP:
                      MD5:C3231FF8494C6DD193F171940CC5510D
                      SHA1:DF9DEE90871A5A384266DECFB7B225A2D01215C9
                      SHA-256:7D49B8BAC2B7B276C6C95389B8A1DAE3CAF7E1129BB261DEBFED8B0502F90E2B
                      SHA-512:6C3DAD52D70A3A954E04189F6D48392FF63AAE738F6A170F6A67C350FC2772713D3901D23406582F564D029C1FBC408729CD6C7174070E61A82D2CB814E849E9
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2160
                      Entropy (8bit):5.837482656519691
                      Encrypted:false
                      SSDEEP:
                      MD5:C92233CF8A5115DF4846A29B4E4CC229
                      SHA1:FCA1BC45184D5BC185CCB5B58AE6B2FF5A666ECA
                      SHA-256:E190FFDFB6D5367AB8290FD1CD258A7701B4F425B74C96E12BFE15F69433DE2B
                      SHA-512:2C857DCBFC7FC0827D43C9F43FB3ED25C8F9A851B6A820C8FB741C4230B5AF94732777AA0FB38839A8886463AB7EB52472307EE7E01DA799020BBD1DDD87345E
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_2","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"164bf29d-ee04-491c-adf2-c0bfeedb2d1b","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL2VkaXQiLCJfaWQiOiIzNzkzMGExNC1kOGMwLTRlZDYtYjI0Yi0zZGUzY2FlZjZlNjAiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjpudWxsLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnVsbCwiY3RhVXJsVHlwZSI6bnVsbCwidHJ

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):295
                      Entropy (8bit):5.344682573944104
                      Encrypted:false
                      SSDEEP:
                      MD5:BCBC075D7F97604E9B8A5BB97688A406
                      SHA1:431390A77D6B41D841D08CCE8DC08580FDA9D2DA
                      SHA-256:C3BB2B5FCC2B83922237CB2EDF2464A2BB10146A0D563E657908E734987AA481
                      SHA-512:23FD7E4C14AC58D7DF01032B35A28BB6870EA612957D01AD7CEE40B86FB5D08AEBA72C7369DF9D2972723F5873B79AACA072A1323D62BFD4CBA949C08887C645
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):289
                      Entropy (8bit):5.326129447246906
                      Encrypted:false
                      SSDEEP:
                      MD5:0129457663343AA268174B9F26E79DDB
                      SHA1:26CDB73B223EAE81E7EFEF9A7E055DF471D93083
                      SHA-256:E941B53A5E189BBFF7ED2A28E0255C90E8A30A5C5D373DA3F62706954C867119
                      SHA-512:19BEF415D973664F0627EF78EEE3D59F54195C088DA553FECD9947BD899276AE1104820132F07BD32FEEAB6143B775C0A75C9B11ADA930BD75C7CF4CFB298D87
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):284
                      Entropy (8bit):5.312639845549477
                      Encrypted:false
                      SSDEEP:
                      MD5:C444B096EA1018339FB2D1C50E435E10
                      SHA1:2C6857F1DF0F6273CE5C451429EBA395DD7902E9
                      SHA-256:100B256F9823F1DC6F19C077ED37714E40544B62D72C0A03762F30A1C4F021B0
                      SHA-512:FF03784167C6B8DC19FB849E5F2F794A81E61AF1E39BC48F8F1A3DA188AD38AED4297C88764AB69B835F374B2DCE27C18BCD9949E304CFE5F7258E3917FB2D23
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):291
                      Entropy (8bit):5.309496961090893
                      Encrypted:false
                      SSDEEP:
                      MD5:DBEE16CA4CA50BD082C77F56B25F6527
                      SHA1:D4E576F3AC9129537E8303C6987988DDDB14B652
                      SHA-256:6495F8075FD24F6135CC82B7FAE6382138FB45E67BA57F7A22ABA4085C878FA8
                      SHA-512:25BE32EB7AE80F58DEE521DA8C022D6BDC7B59DAB9F15F08D96EEE7B50AD89F0E8ED92C5FC5E78E396959164BB35A1179C03C71000BF40CE1C8D2B0A502B64A5
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):287
                      Entropy (8bit):5.313535817561675
                      Encrypted:false
                      SSDEEP:
                      MD5:23336385C3ECE1451C90EA33A1CD025A
                      SHA1:9A3D708B50E2E05B3A182942A800B9E1DC305006
                      SHA-256:E176AC63867ABE1F6DBB1DA1FA9138E1B47A7D3BD95DE56099357189DBD44177
                      SHA-512:61F7B396C6B22FA472D44C119AAD41DC7F400A003C485E211F4EE33B854E54B127E6356D765C4FC2C63A7B0B345421799F5B5B7DDDB90A915BAD4264B7F3F3E8
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2112
                      Entropy (8bit):5.8526374159605625
                      Encrypted:false
                      SSDEEP:
                      MD5:74C919C93B318743561D007767D0667E
                      SHA1:74F9728394836BFA6CDDF6DB7C40895D1F13B6F0
                      SHA-256:1ED07408B4ABDF8946AF137ADC05DC306769B78FEE22029D168D29C36B90DA14
                      SHA-512:AE643D79B84F550720C3834F2226DFE2B0F39C02010BC8DBBCF66B1C1F31CB13A9D3972BC936A7ABD5C4E61E84B8AF87778DD17831F7371F2EAD87A769B70EFA
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"102656_316349ActionBlock_0","campaignId":102656,"containerId":"1","controlGroupId":"","treatmentId":"339c0ba6-2e61-4622-82f6-f07787d206b8","variationId":"316349"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJkYXRhIjp7ImxocFYyQnlQYXRoIjp7Iml0ZW0iOnsiX3BhdGgiOiIvY29udGVudC9kYW0vYWNyb2JhdGRlc2t0b3AvZ3Jvd3RoL3JlYWRlci9lbi11cy9saHAtYmFubmVyL3YyL3NpZ24iLCJfaWQiOiJkMDQzMmY0Yy1hNTM2LTRlMzktOGNkNS1jYThiYjRhZTY2YzIiLCJfdmFyaWF0aW9uIjoicmdzMDM2MS0wIiwidGl0bGUiOm51bGwsImRlc2NyaXB0aW9uIjoiRWFzaWx5IGZpbGwgYW5kIHNpZ24gUERGcy4iLCJjdGFMYWJlbCI6bnVsbCwiY3RhQmVoYXZpb3IiOm51bGwsImN0YVVybCI6bnV

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):286
                      Entropy (8bit):5.288671955221751
                      Encrypted:false
                      SSDEEP:
                      MD5:75B4D3DBCDBC4080EB9E651E5F14ED50
                      SHA1:10552506EB6BD1460F5DACC5A33B87114E3F7F3C
                      SHA-256:3866BAD261F990B258179302CCC0658B01D8402FA5E011DCF7185260D7EB03C8
                      SHA-512:1E2F8891735CCF9A823559C3D007846B7467339CA497DC8CCBBDCA15C991B1B05A7104AD3AF517DFE555FBD929FC3862349B4D54F1C89DCE75208E7E1B5FDEBC
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):282
                      Entropy (8bit):5.297333317960939
                      Encrypted:false
                      SSDEEP:
                      MD5:385AD2F45D96AB77370514E063E2D3ED
                      SHA1:FFC7B2BDFA62144DD4899CF667E454D44CF31F3D
                      SHA-256:3A26537C9CEDD1ACA59881E1E62DC26477C374854405DB45A966AC4972EDFA5D
                      SHA-512:D9211767F3FA2E32A91B1CD66008439B7E37F229977AD7CE002DA58FCA4CBADCA030459A78AE9E1FF9FEC99E3D393AC7231E385D0675BDCBFEA3F2043785B829
                      Malicious:false
                      Reputation:unknown
                      Preview:{"analyticsData":{"responseGUID":"167a8b55-a462-4289-bdd2-b437875a984e","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1745975975062,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):4
                      Entropy (8bit):0.8112781244591328
                      Encrypted:false
                      SSDEEP:
                      MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                      SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                      SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                      SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                      Malicious:false
                      Reputation:unknown
                      Preview:....

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:JSON data
                      Category:dropped
                      Size (bytes):2815
                      Entropy (8bit):5.135860410744662
                      Encrypted:false
                      SSDEEP:
                      MD5:7041B6D07C886166C1D66D7138462031
                      SHA1:3D125353E3E35C6D7C1F361DB77427F62F4205BB
                      SHA-256:6DE0405B521D5D2A2246A76D35DAF8632E304A9558AE213898782F2719B3128B
                      SHA-512:8B08603D11D8AB1BF95402C850B986BD2DAB1706374350E8868B245E074B1157E0AFEB8B1F4636FF5BAAE46DB3F31D085195CB23348DF895DB4379F49A6E2559
                      Malicious:false
                      Reputation:unknown
                      Preview:{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"525fb08a8a105432d4b6b0ae438b1b04","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1745796574000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"07efae67022578412a609481b554084d","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":2160,"ts":1745796574000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"dbe5497d654dd19d5397cb4e19c0d189","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":2213,"ts":1745796574000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"087017f8d814004f3d40240fa6d2271c","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":2112,"ts":1745796574000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"f7e50e3f5e864e603163cd0b38d247e4","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":295,"ts":1745796574000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"9908b703a2b97ca719d39714b4303699","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file",

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
                      Category:dropped
                      Size (bytes):12288
                      Entropy (8bit):0.9887184792286546
                      Encrypted:false
                      SSDEEP:
                      MD5:D0FF12E228708F87087BDF7899E87C86
                      SHA1:9B4EC2078BD0937504AAEF00084773F90B590D47
                      SHA-256:6E78ABE9DE0809FDBC0E04A06B3BA10D6D68E496DE4CB6C21F9EDDBB1B80964B
                      SHA-512:1C0521A7A69D9F9D9B93507B32EEA02FEED0BB7202A4693C74ABA4DE67158DDACFEDE8D2B0515D1E1EFB565849FC82F3FC73923D8939E6DCBBFD8AC5DAB0EBD7
                      Malicious:false
                      Reputation:unknown
                      Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:SQLite Rollback Journal
                      Category:dropped
                      Size (bytes):8720
                      Entropy (8bit):1.3451874141420466
                      Encrypted:false
                      SSDEEP:
                      MD5:14C23E5481339F52FC397C03580CFBE1
                      SHA1:9144938A72DE1DACC907DED139DB4EF4D30C0A56
                      SHA-256:BAE56963DE043C1EF936819226CB7365FD996608781470EA60DE0A2D2F7E6F5D
                      SHA-512:82838D18F85375B595C9DA31235186CD8B436C217024375A478DBD3BE9870C85BDC07C5D267974DF5C6975CE024F8D3344CB07262626A2A08D9CA89A997418BB
                      Malicious:false
                      Reputation:unknown
                      Preview:.... .c...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\MSIc4258.LOG

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):246
                      Entropy (8bit):3.5325285763919316
                      Encrypted:false
                      SSDEEP:
                      MD5:26B684D932DCA79400D87192F39F261F
                      SHA1:BB1743F2B5A3310020DE7891B324BE93803203DE
                      SHA-256:09BFCD501B8E02D2018138CECC0F4E4DE5C9D1932D67B967B57D33900E0720D1
                      SHA-512:E621D9F8B423BAEA974856F9A054FFC7E1941CB9A9AD43531FA4D33116981E697103CFD5BF85E4AF81A8A0AACEBBDF70D0B9D2EE2B1ADC4AF3D962DA9D1EFD68
                      Malicious:false
                      Reputation:unknown
                      Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.4./.2.0.2.5. . .1.9.:.2.9.:.3.5. .=.=.=.....

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-04-27 19-29-29-537.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393)
                      Category:dropped
                      Size (bytes):16525
                      Entropy (8bit):5.353642815103214
                      Encrypted:false
                      SSDEEP:
                      MD5:91F06491552FC977E9E8AF47786EE7C1
                      SHA1:8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
                      SHA-256:06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
                      SHA-512:A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
                      Malicious:false
                      Reputation:unknown
                      Preview:SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with very long lines (393), with CRLF line terminators
                      Category:dropped
                      Size (bytes):15114
                      Entropy (8bit):5.368711606691347
                      Encrypted:false
                      SSDEEP:
                      MD5:A17E7B83310CEBDDCB1C6F9F0369FCA3
                      SHA1:9113AC90DEB4170FEED15C78C3A52BC1D7B0D50B
                      SHA-256:08586AEDB8F4A957D7BAF8DC1261AB0F48D803B27215690E3E7174D10059B3CD
                      SHA-512:40595611833C368CFCB28D2B36A0787B5E38FA049089726B6F4EAD6BBB4EFA01099771AC690DAFE0FEF71A2FD49B5B29B3143EAA0315B7DB7BDF47150C5DD185
                      Malicious:false
                      Reputation:unknown
                      Preview:SessionID=ffb6e39c-77d1-4a09-b4c3-557a026bdf1c.1745796569555 Timestamp=2025-04-27T19:29:29:555-0400 ThreadID=6228 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=ffb6e39c-77d1-4a09-b4c3-557a026bdf1c.1745796569555 Timestamp=2025-04-27T19:29:29:557-0400 ThreadID=6228 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=ffb6e39c-77d1-4a09-b4c3-557a026bdf1c.1745796569555 Timestamp=2025-04-27T19:29:29:557-0400 ThreadID=6228 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=ffb6e39c-77d1-4a09-b4c3-557a026bdf1c.1745796569555 Timestamp=2025-04-27T19:29:29:558-0400 ThreadID=6228 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=ffb6e39c-77d1-4a09-b4c3-557a026bdf1c.1745796569555 Timestamp=2025-04-27T19:29:29:560-0400 ThreadID=6228 Component=ngl-lib_NglAppLib Description="SetConf

                      C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):29752
                      Entropy (8bit):5.426465656539103
                      Encrypted:false
                      SSDEEP:
                      MD5:F38F444744B938D7B1110ADD396FA686
                      SHA1:0D3AD0354FE19734202AFCF1F1FD787D5BA368C1
                      SHA-256:5AF1A145C6C58CE1AD2955AD40742E20E36792189B9478C0C8C28BB4AFA48B37
                      SHA-512:7D337B666FAB86B5B6F309D1C8542346B7B3A9BDD70417A3351616C66D7C0BD87C6406BDC789B419FCB40C8DD8DA45566FFE252F53F427CF5BB19EB0075E5D1B
                      Malicious:false
                      Reputation:unknown
                      Preview:06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

                      C:\Users\user\AppData\Local\Temp\acrocef_low\12642e26-0eff-4dd7-ae45-9ac98dcb78d1.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
                      Category:dropped
                      Size (bytes):1407294
                      Entropy (8bit):7.97605879016224
                      Encrypted:false
                      SSDEEP:
                      MD5:A0CFC77914D9BFBDD8BC1B1154A7B364
                      SHA1:54962BFDF3797C95DC2A4C8B29E873743811AD30
                      SHA-256:81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
                      SHA-512:74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
                      Malicious:false
                      Reputation:unknown
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      C:\Users\user\AppData\Local\Temp\acrocef_low\31d953af-77a8-4576-a1ef-adf1edd7952c.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
                      Category:dropped
                      Size (bytes):758601
                      Entropy (8bit):7.98639316555857
                      Encrypted:false
                      SSDEEP:
                      MD5:3A49135134665364308390AC398006F1
                      SHA1:28EF4CE5690BF8A9E048AF7D30688120DAC6F126
                      SHA-256:D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
                      SHA-512:BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
                      Malicious:false
                      Reputation:unknown
                      Preview:...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!|G.1...... .3.`./....`~......G.............|..pS.e.C....:o.u_..oi.:..|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

                      C:\Users\user\AppData\Local\Temp\acrocef_low\a0efee05-e91f-40ca-930e-f2ce0c817d54.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
                      Category:dropped
                      Size (bytes):386528
                      Entropy (8bit):7.9736851559892425
                      Encrypted:false
                      SSDEEP:
                      MD5:5C48B0AD2FEF800949466AE872E1F1E2
                      SHA1:337D617AE142815EDDACB48484628C1F16692A2F
                      SHA-256:F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
                      SHA-512:44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
                      Malicious:false
                      Reputation:unknown
                      Preview:...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-|..h#.g.\.PO.|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..|m.WC.....|.....e.[W.p.8...rm....^..x'......5!...|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

                      C:\Users\user\AppData\Local\Temp\acrocef_low\f16e1203-8d49-49f5-b529-a31f807b80a9.tmp

                      Download File
                      Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                      File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
                      Category:dropped
                      Size (bytes):1419751
                      Entropy (8bit):7.976496077007677
                      Encrypted:false
                      SSDEEP:
                      MD5:0A347312E361322436D1AF1D5145D2AB
                      SHA1:1D6C06A274705F8A295F62AD90CF8CA27555C226
                      SHA-256:094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7
                      SHA-512:9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE
                      Malicious:false
                      Reputation:unknown
                      Preview:...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E|.P..$ni.{.....T.^~<m-..J....RQk..*..f.....q.......V.rC.M.b.DiL\.....wq.*...$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..D*T...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W*..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.......*..R.....j.WD).M..9.Fw...W.-a..z.l\..u*.^....*L..^.`.T...l.^.B.DMc.d....i...o.|M.uF|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,*.e....5...X.}6.P....y\.s|..Si..BB..y...~.....D^g...*7'T-.5*.!K.$\...2.

                      Static File Info

                      General

                      File type:PDF document, version 1.4, 0 pages
                      Entropy (8bit):7.411554054785745
                      TrID:
                      • Adobe Portable Document Format (5005/1) 100.00%
                      File name:Staff Pay Adjustments.pdf
                      File size:43'250 bytes
                      MD5:6731a86933e851bc3e6f5bc443110766
                      SHA1:deb525535f3aa3f273b570f217ded3204128e9fd
                      SHA256:bff493e2aeb867a1d11e3357372310226fd1b3634b0fe02657099b86e1ab64e4
                      SHA512:257b9f5157369d969ef5049f7bda08ea3dc60aed2e2f907877517c22c6febdcf4b6425c77e5e75a60d6686ca9ab813343494603df857fd12616b3ea70422e878
                      SSDEEP:768:wuQrVzoZJRB8OEi5nr5P8e5ULz9U9X6twEGH9X0uZzAYleUbk:wrJgmOEwr5/A2Kt9eEuORWk
                      TLSH:33136CA450EA1E2CE8B68A33DDE43CEB4429730356D41EC32EA14E81F64491E7D1F6DB
                      File Content Preview:%PDF-1.4.1 0 obj.<<./Title (...P.o.l.i.c.y...U.p.d.a.t.e .)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20250422125326Z).>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS fal

                      File Icon

                      Icon Hash:62cc8caeb29e8ae0

                      Static PDF Info

                      General

                      Header:%PDF-1.4
                      Total Entropy:7.411554
                      Total Bytes:43250
                      Stream Entropy:7.444814
                      Stream Bytes:37344
                      Entropy outside Streams:5.163134
                      Bytes outside Streams:5906
                      Number of EOF found:1
                      Bytes after EOF:
                      NameCount
                      obj44
                      endobj44
                      stream13
                      endstream13
                      xref1
                      trailer1
                      startxref1
                      /Page1
                      /Encrypt0
                      /ObjStm0
                      /URI0
                      /JS0
                      /JavaScript0
                      /AA0
                      /OpenAction0
                      /AcroForm0
                      /JBIG2Decode0
                      /RichMedia0
                      /Launch0
                      /EmbeddedFile0
                      IDDHASHMD5Preview
                      68082828282828282f33510efe4fc7555dec0283224ceeb61
                      80000000000000000bc10ff671c983b3e8cbbdbdb5d90de9d
                      10515a525c17b29980649c78df4596253a2ab552f740a75f44
                      12405a525c17b29980fe035d61cb1f70c20435084fdc704023
                      180000000000000000a9f2b20570288d5645a948c8eda88e89