Edit tour

Windows Analysis Report
Smeg SignRequest.pdf

Overview

General Information

Sample name:	Smeg SignRequest.pdf
Analysis ID:	1499932
MD5:	609192a8242e10bb7fdb1daa294b2f4d
SHA1:	5158d75d9317bd56881b30385abe220a1b36a525
SHA256:	cddbf9c1c1de14e5f50f254ffad6d28f6a485283d25b83342a593df577bc52a3
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found potential malicious PDF (bad image similarity)

Yara detected BlockedWebSite

IP address seen in connection with other malware

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7296 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Smeg SignRequest.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 7520 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7800 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1508,i,15954673363511197786,6214592246150896982,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tmsnp.page.link/?link=https://apps.evluator.com/widc/ggu/Y3Jpc3RpbmEubWFyaW5lbGxvQHNtZWcuZXM= MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2540,i,15681474454666713540,6780072518804137637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_262	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.1.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://qahey.teaf-c.org/VdrOrhOG#cristina.marinello@smeg.es

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected BlockedWebSite

Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_262, type: DROPPED

Source: https://qahey.teaf-c.org/VdrOrhOG#cristina.marinello@smeg.es

HTTP Parser: No favicon

Source: Joe Sandbox View	IP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox View	IP Address: 52.202.204.11 52.202.204.11
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A0.2.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_262.6.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_262.6.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

System Summary

Found potential malicious PDF (bad image similarity)

Source: Smeg SignRequest.pdf

Static PDF information: Image stream: 11

Source: classification engine

Classification label: mal64.phis.winPDF@35/69@0/11

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 11-59-09-598.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Smeg SignRequest.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1508,i,15954673363511197786,6214592246150896982,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tmsnp.page.link/?link=https://apps.evluator.com/widc/ggu/Y3Jpc3RpbmEubWFyaW5lbGxvQHNtZWcuZXM=
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2540,i,15681474454666713540,6780072518804137637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1508,i,15954673363511197786,6214592246150896982,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2540,i,15681474454666713540,6780072518804137637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Gmail.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Google Drive.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.5.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Smeg SignRequest.pdf	Initial sample: PDF keyword /JS count = 0
Source: Smeg SignRequest.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A98293bt_1bgwf8g_5p8.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A98293bt_1bgwf8g_5p8.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: Smeg SignRequest.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://qahey.teaf-c.org/VdrOrhOG#cristina.marinello@smeg.es	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://www.cloudflare.com/learning/access-management/phishing-attack/	0%	Avira URL Cloud	safe
https://www.cloudflare.com/5xx-error-landing	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://apps.evluator.com/widc/ggu/Y3Jpc3RpbmEubWFyaW5lbGxvQHNtZWcuZXM=	false		unknown
https://qahey.teaf-c.org/VdrOrhOG#cristina.marinello@smeg.es	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_262.6.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_262.6.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
52.202.204.11	unknown	United States	14618	AMAZON-AESUS	false
142.250.186.36	unknown	United States	15169	GOOGLEUS	false
104.21.5.111	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.133.89	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.105.132	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	unknown	European Union	13335	CLOUDFLARENETUS	false
142.250.185.164	unknown	United States	15169	GOOGLEUS	false
35.190.80.1	unknown	United States	15169	GOOGLEUS	false
23.200.196.138	unknown	United States	2860	NOS_COMUNICACOESPT	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1499932
Start date and time:	2024-08-27 17:58:15 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Smeg SignRequest.pdf
Detection:	MAL
Classification:	mal64.phis.winPDF@35/69@0/11
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 142.250.186.35, 142.250.185.110, 74.125.133.84, 54.144.73.197, 34.193.227.236, 18.207.85.246, 107.22.247.231, 34.104.35.123, 95.101.54.195, 2.16.202.123, 199.232.214.172, 2.19.126.143, 2.19.126.149, 23.44.133.32, 23.44.133.36, 192.229.221.95, 192.168.2.5, 216.58.212.131
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, slscr.update.microsoft.com, clientservices.googleapis.com, acroipm2.adobe.com, a1952.dscq.akamai.net, clients2.google.com, ocsp.digicert.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, apps.identrust.com, wu-b-net.trafficmanager.net, clients1.google.com, fs.microsoft.com, identrust.edgesuite.net, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com, geo2.adobe.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
VT rate limit hit for: Smeg SignRequest.pdf

Simulations

Behavior and APIs

Time	Type	Description
11:59:15	API Interceptor	2x Sleep call for process: AcroCEF.exe modified

QR Codes

Source	URL
Screenshot	https://tmsnp.page.link/?link=https://apps.evluator.com/widc/ggu/Y3Jpc3RpbmEubWFyaW5lbGxvQHNtZWcuZXM=

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
1.1.1.1	PO-230821_pdf.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
	AFfv8HpACF.exe	Get hash	malicious	Unknown	Browse	1.1.1.1/
	INVOICE_90990_PDF.exe	Get hash	malicious	FormBook	Browse	www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
	Go.exe	Get hash	malicious	Unknown	Browse	1.1.1.1/
52.202.204.11	CMB Monaco Signatures Consent Docs#299229(Revised).pdf	Get hash	malicious	Unknown	Browse
	+10618189554_VM_Mbda-usVM.mp3.pdf	Get hash	malicious	Unknown	Browse
	https://dl.dropboxusercontent.com/scl/fi/4mhppt9446w16rxyp8wch/ATDKM0-019002993PDF.zip?rlkey=bolgaypwmfsk0ve6n3zskuk1w&st=655ymbiy&dl=0	Get hash	malicious	Unknown	Browse
	Steve Avery-MFA-Configuration-Update.pdf	Get hash	malicious	HTMLPhisher	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:va6c2:4050cd23-db02-4b91-ab92-8d433723d20e	Get hash	malicious	HTMLPhisher	Browse
	Orden#46789_2024_Optoflux_mexico_sderlss.exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse
	phish_alert_iocp_v1.4.48 (2).eml	Get hash	malicious	Captcha Phish, HTMLPhisher	Browse
	https://drive.google.com/file/d/11Nff_nSTj-qAFgshL0mhor7fJP9kHxH0/view?usp=drive_web	Get hash	malicious	Quasar	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:446a8aa0-0ddf-4503-b329-6e498319961b	Get hash	malicious	HTMLPhisher	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:92095073-e15a-4dff-8e43-d4abc08308b6	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
239.255.255.250	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse
	https://employment-hr.com/66ccd2230405d/5b8cbe0b82e29621df5c72296fc0599da0566b48/	Get hash	malicious	Unknown	Browse
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse
	http://journalscene.secondstreetapp.com/api/organization_user_email_verifications?token=npv0kjeneci&opid=1033948&lrt=rmsqe55tykx&bf=bc07ae1cf7bbffb3bcd5bc7a10f031b8&ip=207.144.57.39&redirect=https://unsus3.ru/oth/chameleon/#tbianetskaya@pierceatwood.com	Get hash	malicious	Unknown	Browse
	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse
	http://pixelmeldit.ru/RMQf	Get hash	malicious	HTMLPhisher	Browse
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFgXXvv2-2BWxavJhSFh1X9YeE09JxYfGZOrfNXpE1b1zMSec6V_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZNvtRLmuq9nwTUBLvlyUQLSTjA0dDcTtmNJHz5AQBzdlGtncKRz08-2BYDBtkpKhh0KX17i2fmd5it7ecx-2FWvhsbD-2BwYBTTPKQ3j-2FAyMvTur79Dsx-2FPO7GwMrKARE8VWDjAjvStKY75qeeBLXHuDipEV3KKO3k4ABqkQG2RlytfHIDieNQv9UnoJapwQuVaik0jLuTXarvnnfl3sa3LYFT4h4hVVagLZJwfqoXYBXcReN-2F1X4eM9FZF-2BvVOXIZ-2BqDy2Q-3D	Get hash	malicious	HTMLPhisher	Browse
	https://files.fm/u/vtrxvgdh6w	Get hash	malicious	GuLoader	Browse
188.114.97.3	Rudvfa0Z17.exe	Get hash	malicious	Nitol	Browse	web.ad87h92j.com/4/t.bmp
	nOyswc9ly2.dll	Get hash	malicious	Unknown	Browse	web.ad87h92j.com/4/t.bmp
	QUOTATION_JULQTRA071244#U00faPDF.scr.exe	Get hash	malicious	Unknown	Browse	filetransfer.io/data-package/0U9QqTZ6/download
	QUOTATION_AUGQTRA071244#U00b7PDF.scr.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	filetransfer.io/data-package/e0pM9Trc/download
	steam_module_x64.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	671893cm.n9shka.top/eternalpipeLowProcessDbDatalifewpPublicCdn.php
	http://membership.garenaa.id.vn/css/tunnel.aspx/manager10.jsp	Get hash	malicious	Unknown	Browse	membership.garenaa.id.vn/user/login/images/fb_ico.png
	Bonelessness.exe	Get hash	malicious	Simda Stealer	Browse	lysyvan.com/login.php
	700987654656676.exe	Get hash	malicious	DBatLoader, FormBook	Browse	www.coinwab.com/kqqj/?eJ=7HHhUI7NBywWL5iw6vBoOC1R9nc6cE2Y1UmgCStXrWBBqhu9PJUZU2f6gs8mUMG7LvvYO9vLlwJ8Ne8neaHQQZFpXb2jdQdMFopJRCp5HeIQieixqdhWtgQ=&zPCT=URo4h
	PI#220824.exe	Get hash	malicious	FormBook	Browse	www.bbyul.shop/1i58/
	Document 21824RXVPO.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.avantfize.shop/y1j7/
104.21.5.111	Smeg SignRequest.pdf	Get hash	malicious	HTMLPhisher	Browse
172.67.133.89	Smeg SignRequest.pdf	Get hash	malicious	HTMLPhisher	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	PO_111234242 6553432.exe	Get hash	malicious	Xeno Stealer	Browse	104.26.13.205
	RFQ-MR-24-09101 .xls	Get hash	malicious	Unknown	Browse	162.159.134.233
	https://downloads-global.3cx.com/downloads/3CXPhoneSystem18.exe	Get hash	malicious	Unknown	Browse	104.18.35.19
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	172.67.202.66
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	172.67.202.66
	http://journalscene.secondstreetapp.com/api/organization_user_email_verifications?token=npv0kjeneci&opid=1033948&lrt=rmsqe55tykx&bf=bc07ae1cf7bbffb3bcd5bc7a10f031b8&ip=207.144.57.39&redirect=https://unsus3.ru/oth/chameleon/#tbianetskaya@pierceatwood.com	Get hash	malicious	Unknown	Browse	104.21.91.69
	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse	104.18.32.137
	DHL WayBill, Invoice & Packing List.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
CLOUDFLARENETUS	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	PO_111234242 6553432.exe	Get hash	malicious	Xeno Stealer	Browse	104.26.13.205
	RFQ-MR-24-09101 .xls	Get hash	malicious	Unknown	Browse	162.159.134.233
	https://downloads-global.3cx.com/downloads/3CXPhoneSystem18.exe	Get hash	malicious	Unknown	Browse	104.18.35.19
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	172.67.202.66
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	172.67.202.66
	http://journalscene.secondstreetapp.com/api/organization_user_email_verifications?token=npv0kjeneci&opid=1033948&lrt=rmsqe55tykx&bf=bc07ae1cf7bbffb3bcd5bc7a10f031b8&ip=207.144.57.39&redirect=https://unsus3.ru/oth/chameleon/#tbianetskaya@pierceatwood.com	Get hash	malicious	Unknown	Browse	104.21.91.69
	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse	104.18.32.137
	DHL WayBill, Invoice & Packing List.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
CLOUDFLARENETUS	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	PO_111234242 6553432.exe	Get hash	malicious	Xeno Stealer	Browse	104.26.13.205
	RFQ-MR-24-09101 .xls	Get hash	malicious	Unknown	Browse	162.159.134.233
	https://downloads-global.3cx.com/downloads/3CXPhoneSystem18.exe	Get hash	malicious	Unknown	Browse	104.18.35.19
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	188.114.96.3
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	172.67.202.66
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	172.67.202.66
	http://journalscene.secondstreetapp.com/api/organization_user_email_verifications?token=npv0kjeneci&opid=1033948&lrt=rmsqe55tykx&bf=bc07ae1cf7bbffb3bcd5bc7a10f031b8&ip=207.144.57.39&redirect=https://unsus3.ru/oth/chameleon/#tbianetskaya@pierceatwood.com	Get hash	malicious	Unknown	Browse	104.21.91.69
	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse	104.18.32.137
	DHL WayBill, Invoice & Packing List.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
AMAZON-AESUS	IMG_00991ORDER_FILES.exe	Get hash	malicious	FormBook, GuLoader	Browse	3.82.56.39
	Murexltd Mail Security Update Required For gjohnson@murexltd.com.msg	Get hash	malicious	HTMLPhisher	Browse	54.227.187.23
	extracted-pkg.ziphttps://fluencydirect-distro.s3.amazonaws.com/releases.macOS/FluencyDirect-11.0.10.40.pkg	Get hash	malicious	Unknown	Browse	3.5.28.200
	https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFl8RKvJCjgfWXgpyGiQbouwIVFCzJZdO6C7IEJWnFiPmUdkD_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOJptL-2BsSl02HxRvbllikFuSJtHHDkVwyIj5AuFgiubBu9sTxc8j0-2BQG5wldcZa7WyDp4BZYdRmFKi1MU2RpCFoGVLX1rLVx-2BFFfe8ZtbBDm0OusvqG9hc8jycErQH9w4yo0iZBNb6ruS35AQpqe-2Bn9sSG0dYdsEjJuPPD68-2FQoiA15kbRIRZcVBuBtywmpClclGh64Ps2rLg6E3U3-2Ft-2B24zaJbCf8tvrjozgadicpaRwQ3KIy53pMZsOUCbTeEqGc-3D#bGFtYmVydC5nZW9yZ2lhQGFpZGIub3Jn	Get hash	malicious	Unknown	Browse	18.211.185.188
	http://journalscene.secondstreetapp.com/api/organization_user_email_verifications?token=npv0kjeneci&opid=1033948&lrt=rmsqe55tykx&bf=bc07ae1cf7bbffb3bcd5bc7a10f031b8&ip=207.144.57.39&redirect=https://unsus3.ru/oth/chameleon/#tbianetskaya@pierceatwood.com	Get hash	malicious	Unknown	Browse	54.197.229.45
	Vertexgroup#Signature.pdf	Get hash	malicious	Unknown	Browse	54.147.21.139
	https://files.fm/u/vtrxvgdh6w	Get hash	malicious	GuLoader	Browse	54.204.123.228
	http://journalscene.secondstreetapp.com/api/organization_user_email_verifications?token=npv0kjeneci&opid=1033948&lrt=rmsqe55tykx&bf=bc07ae1cf7bbffb3bcd5bc7a10f031b8&ip=207.144.57.39&redirect=https://unsus3.ru/oth/chameleon/#mloomans@securustech.net	Get hash	malicious	HTMLPhisher	Browse	54.197.229.45
	Gov Annual Salary + Employer - Provided Benefits.pdf	Get hash	malicious	Phisher	Browse	54.227.187.23
	https://www.dropbox.com/scl/fi/divczsjhc8wrt1wb18r2b/AT-Society-Directory.docx?rlkey=sjkzm3g8jkcekmsxm460sja78&st=r52leq64&dl=0	Get hash	malicious	HTMLPhisher, ReCaptcha Phish	Browse	54.90.44.119

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.262007114042311
Encrypted:	false
SSDEEP:	6:N7Ha+q2P92nKuAl9OmbnIFUt887HrvZmw+87HrvVkwO92nKuAl9OmbjLJ:N7bv4HAahFUt887z/+87p5LHAaSJ
MD5:	C423EFFABB178CFD4C2BEEBE98FFE6A0
SHA1:	7036D5D0190B34E1F5E6FE8D40D87A8DAECC73C8
SHA-256:	A0C91EAB62326A1AE18FB1066711900064E4ADC490E10A6E1267E29D990987D1
SHA-512:	D6D9B808441C019CEA72BD7F4CD361CC218349D9F68CDF73D1FA57B0289DDB345C455BD81697F568EECC983CE3C09EEFE1DDB19A36E36FEEEEE1C17D7B5826FA
Malicious:	false
Reputation:	low
Preview:	2024/08/27-11:59:08.469 1e68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/27-11:59:08.471 1e68 Recovering log #3.2024/08/27-11:59:08.471 1e68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.262007114042311
Encrypted:	false
SSDEEP:	6:N7Ha+q2P92nKuAl9OmbnIFUt887HrvZmw+87HrvVkwO92nKuAl9OmbjLJ:N7bv4HAahFUt887z/+87p5LHAaSJ
MD5:	C423EFFABB178CFD4C2BEEBE98FFE6A0
SHA1:	7036D5D0190B34E1F5E6FE8D40D87A8DAECC73C8
SHA-256:	A0C91EAB62326A1AE18FB1066711900064E4ADC490E10A6E1267E29D990987D1
SHA-512:	D6D9B808441C019CEA72BD7F4CD361CC218349D9F68CDF73D1FA57B0289DDB345C455BD81697F568EECC983CE3C09EEFE1DDB19A36E36FEEEEE1C17D7B5826FA
Malicious:	false
Reputation:	low
Preview:	2024/08/27-11:59:08.469 1e68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/27-11:59:08.471 1e68 Recovering log #3.2024/08/27-11:59:08.471 1e68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.229887690099951
Encrypted:	false
SSDEEP:	6:N7Ho+q2P92nKuAl9Ombzo2jMGIFUt887HaZmw+87H2VkwO92nKuAl9Ombzo2jMmd:N7I+v4HAa8uFUt8876/+87WV5LHAa8RJ
MD5:	55B22B39A53BB22695B63E6E60EF46DA
SHA1:	66E24026EFD818A5369C97E98814A6B3F041E2CE
SHA-256:	9C9FB1BCC7BF842B0D1F2AA3B49BC6CAC7B08C22FA376F29541F381A6E422ACD
SHA-512:	1C47DC49F1FA4E3698AFA5FA1D1B149F6D48334A6F98C095106F00844AA40D959DE9D3CA83A0CE7BCD29265BFB89CE62443ED36226D675390EFF61D15EB4F1B4
Malicious:	false
Reputation:	low
Preview:	2024/08/27-11:59:08.461 1e9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/27-11:59:08.463 1e9c Recovering log #3.2024/08/27-11:59:08.463 1e9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.229887690099951
Encrypted:	false
SSDEEP:	6:N7Ho+q2P92nKuAl9Ombzo2jMGIFUt887HaZmw+87H2VkwO92nKuAl9Ombzo2jMmd:N7I+v4HAa8uFUt8876/+87WV5LHAa8RJ
MD5:	55B22B39A53BB22695B63E6E60EF46DA
SHA1:	66E24026EFD818A5369C97E98814A6B3F041E2CE
SHA-256:	9C9FB1BCC7BF842B0D1F2AA3B49BC6CAC7B08C22FA376F29541F381A6E422ACD
SHA-512:	1C47DC49F1FA4E3698AFA5FA1D1B149F6D48334A6F98C095106F00844AA40D959DE9D3CA83A0CE7BCD29265BFB89CE62443ED36226D675390EFF61D15EB4F1B4
Malicious:	false
Reputation:	low
Preview:	2024/08/27-11:59:08.461 1e9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/27-11:59:08.463 1e9c Recovering log #3.2024/08/27-11:59:08.463 1e9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1a938571-9313-44c8-b5d4-4a8dff4598be.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.047195090775108
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
MD5:	70321A46A77A3C2465E2F031754B3E06
SHA1:	5E7E713285D36F12ACFC68A34D8A34FD33C96B34
SHA-256:	344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
SHA-512:	E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\51a80aea-bbb6-4dc3-9262-9d8b99b9de11.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.054776223441689
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqn8XhsBdOg2HpSfcaq3QYiubxnP7E4TfF+:Y2sRds2GydMH8u3QYhbxP7np+
MD5:	CC94E6C9320000ECA7771DF6DB11AAE4
SHA1:	FC8A3D0890EEE5BE1A7804E0C318F370FC2293F0
SHA-256:	EA46F1CE746D073602B9AB0AC301B34C929CFF9B92D0B7D2FE2B4904A3BABB77
SHA-512:	A5886A9269522838097A88A5D588D79D6374899602B313A66CCEF047A8015F9ACAD51037844F65AC64BD32B0BC970EB3E8CC2AA4FC3EE0545FDEBC4526316CCE
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13369334358934516","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":147907},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.047195090775108
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
MD5:	70321A46A77A3C2465E2F031754B3E06
SHA1:	5E7E713285D36F12ACFC68A34D8A34FD33C96B34
SHA-256:	344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
SHA-512:	E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5f713a.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.047195090775108
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
MD5:	70321A46A77A3C2465E2F031754B3E06
SHA1:	5E7E713285D36F12ACFC68A34D8A34FD33C96B34
SHA-256:	344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
SHA-512:	E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4509
Entropy (8bit):	5.23454656153465
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUtqn2NYs2NZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLp
MD5:	AA403350A1AB3F0B99772397FD757BBE
SHA1:	4C5841D1BACD54EDA5E35140F926FD4209CD326A
SHA-256:	8DC67D132D19E36F3F9AEBD35B129BA66AAFFE5533F59DCEDF66364CD0A0817D
SHA-512:	9AF7FF4E8238CE4449597DC206E06B0023E7AC810A257C965939F03EE632782F3AD7F7F8EDFE586597A62879DA5F3439A5258B8B410A96DA2A31B5AF60DF4680
Malicious:	false
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.207704999736731
Encrypted:	false
SSDEEP:	6:N7kB0+q2P92nKuAl9OmbzNMxIFUt887kaHZmw+87kQVkwO92nKuAl9OmbzNMFLJ:N7/+v4HAa8jFUt887nH/+87hV5LHAa8E
MD5:	926CBD1423C7A0BC39D5364BD9CDB531
SHA1:	7576008C85AA8B14687428C0765EDE38CF04E7C2
SHA-256:	AE954249302EA4835B0FECF4C969C919F82BE2F1DFBD4835DDA4BC89798F2538
SHA-512:	146A9C65E03307434278AB3B318FB61494C92ACDEA3F4283DD44DC7E85DD8836BE6243CCCC49E7AC435058109DCD862A5653D0B554DEFF1585DC62DA4EEA0BB8
Malicious:	false
Preview:	2024/08/27-11:59:09.069 1e9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/27-11:59:09.083 1e9c Recovering log #3.2024/08/27-11:59:09.085 1e9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.207704999736731
Encrypted:	false
SSDEEP:	6:N7kB0+q2P92nKuAl9OmbzNMxIFUt887kaHZmw+87kQVkwO92nKuAl9OmbzNMFLJ:N7/+v4HAa8jFUt887nH/+87hV5LHAa8E
MD5:	926CBD1423C7A0BC39D5364BD9CDB531
SHA1:	7576008C85AA8B14687428C0765EDE38CF04E7C2
SHA-256:	AE954249302EA4835B0FECF4C969C919F82BE2F1DFBD4835DDA4BC89798F2538
SHA-512:	146A9C65E03307434278AB3B318FB61494C92ACDEA3F4283DD44DC7E85DD8836BE6243CCCC49E7AC435058109DCD862A5653D0B554DEFF1585DC62DA4EEA0BB8
Malicious:	false
Preview:	2024/08/27-11:59:09.069 1e9c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/27-11:59:09.083 1e9c Recovering log #3.2024/08/27-11:59:09.085 1e9c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240827155913Z-222.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.984229653861701
Encrypted:	false
SSDEEP:	192:azkIk7Ck7CkAkzk6k6k6kbkSkeBkvkeDkkkfkFOkXOk6k6kok7tZk1k6kwkLCkWE:pZUMZNBP0F7+CrMbN
MD5:	B1DFEE0DAF225E30D36903B287E907E2
SHA1:	DF6C30765D237D8F6C5DEC6957129CC56B22B515
SHA-256:	73632DE20754B06A30D8CE16D4B77F4F6E2B0839B206147D84A1F1881F6C40F6
SHA-512:	0A4D2931F2B1C87C2E643120FDAD3F89D4BE0E34F4E75041C1EFED6142E47C7227F81C8747F4ECBEF2C11489CE11D814639BA092C759F9B87C8C1ADC904793EF
Malicious:	false
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 3, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.2936307824714834
Encrypted:	false
SSDEEP:	192:/edRBMVui5V4R4dcQ5V4R4RtYWtEV2UUTTchqGp8F/7/z+FP:/eOci5H5FY+EUUUTTcHqFzqFP
MD5:	C942224913FF6C5B210F3613C75A9089
SHA1:	5932A14BD0645A3D53C9B97ED10D73989EC07CDA
SHA-256:	92C2B7A6BEC8577FEA73209E49F2C230C37F5E4DFB898A3425BF2AA85EDC880A
SHA-512:	8A6C3C6851CF9E82CCCC2B71904CFE3E122F11972974846D12D8B5414E1D695F1C2307461FB8C09509B4B54F5CA8161A4F4F8737B8449204210405E94959DC79
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	2.2025466315772384
Encrypted:	false
SSDEEP:	24:7+ttl8MEWewKYnqLazkrFsgIFsxX3pALXmnHpkDGjmcxBSkomXk+2m9RFTsyg+wb:7MXhUYnqemFTIF3XmHjBoGGR+jMz+LhS
MD5:	D8EC091B4D986C5F13914B50373264B7
SHA1:	2590A4834F23D18FC6B3B72577287C3C24F29DA2
SHA-256:	7F3E60B1AEED26D6FFB3C094E818922585DF784657C955C6946015E51461D159
SHA-512:	196EF4941E75067FB832FC12B532906AE4986A9D820DC71446F44B2FE3BB9C5D8455E619237CC93E5458C3E1098DD8428AB1E187A4BB7801EE0068D1CD6359BE
Malicious:	false
Preview:	.... .c.....`.?.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.2478978672539016
Encrypted:	false
SSDEEP:	6:kKDM99UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:r1DImsLNkPlE99SNxAhUe/3
MD5:	6D7DEB239D271A5F4038267B8131519F
SHA1:	D1FAC9DC7E22CA7A1DBFE18CC169E79E7AECF753
SHA-256:	4C27D534E96ABDAD6F47F6CC5DECC93AD5169CBAC20FBF01594D0CB220F4ADF0
SHA-512:	2B4309D25FF271200D72084796C94D313655B1B101137A2DA12651725BFB5C5CC7830A16A518CED23F1B6B2317559BB0E3A87C9BC4DADADE2D5A616AE27F7D78
Malicious:	false
Preview:	p...... ...........#....(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.026467887142631
Encrypted:	false
SSDEEP:	3:kkFklBikVltfllXlE/E/KRkzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB8V7l3:kKOVLxliBAIdQZV7I7kc3
MD5:	FA0EFD7D6700F57A6F2C942FE85C7A4D
SHA1:	2A5103A9607A18006F47F0F0D35B10653EA0605C
SHA-256:	5753D3AAFABCF407F44A861B220636E1DE400F93B06E8501DF59B44C57DC53F3
SHA-512:	7411F1E45D773CFE487E675835ADBDEF401342E41A6129B5C08F5D94C1CFF7929B0C3054AC2F70A20C6CFF44127ABDFCF6C47567DC990E6647DDBA3A2E185C91
Malicious:	false
Preview:	p...... ....`...O.@.....(....................................................... ........!.M........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.6.0.7.9.b.8.c.0.9.2.9.c.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.325221781293856
Encrypted:	false
SSDEEP:	6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJM3g98kUwPeUkwRe9:YvXKX/0YpW7ZGMbLUkee9
MD5:	2D1C34CDEBFB0D8E98A39630A8116237
SHA1:	50FDBBEEB958E262FD22AB440F2E928101DB7A68
SHA-256:	96CEAB3EC0C805EFAFC760F367FED505098F5D96E70363A10FCF3D1A9B358003
SHA-512:	DA4898E9DF6D806E40108C386CD5EAC6BC2682A6524B8D7FFFF4A4A7741C49740B66CE63A753B096F74F8647B1F6A514EDC0070935677A33AFFA6B1FF356FB57
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.262342777115941
Encrypted:	false
SSDEEP:	6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfBoTfXpnrPeUkwRe9:YvXKX/0YpW7ZGWTfXcUkee9
MD5:	7E9358B3D77E533BD9770F658BFACBE1
SHA1:	142D568704572A9ED4DD7751B35C17DFB59AE930
SHA-256:	C539323BC1F3B81A7DDD7B6C5E219AD0CF27B83700097143A5B15ED69BA0886D
SHA-512:	FE1376CCD9B15BEE86B6CF6D5A49E41710342CB2724D142C2B29D656156EB420628DF2E8C8DAD4C678E472F711E6AF4F722879135C1BB5CCC5B98AB0B933CC37
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.242102104772937
Encrypted:	false
SSDEEP:	6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfBD2G6UpnrPeUkwRe9:YvXKX/0YpW7ZGR22cUkee9
MD5:	FDB50D00A2B3C24A89E259FB3B421C36
SHA1:	55CD373804ADC1EFFA6411F7B77D9397F5CC125A
SHA-256:	3984E1F9565A0AB43B704C8CCB671D8FE9916855D1F9C47AD9B3D74138F9D0D8
SHA-512:	5009BEDFEB1638F9E0EA2418D4554CD5D9E187A54D9F813B285DDE2C9F63DAB110B6DE191C865285E360DE997B463CC761E4A6E6F614719E18C6FC8D87F5EB3C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.302776357017149
Encrypted:	false
SSDEEP:	6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfPmwrPeUkwRe9:YvXKX/0YpW7ZGH56Ukee9
MD5:	2DAB9015286D2871DC69AD8439CEA21A
SHA1:	0A6321DB66BE2F2A403FC9BC6B8F13FC52B05F6E
SHA-256:	8873E817420BFB57BF3358E1B606A04E72C7749BB60F1EC5EC3978ED014C8F07
SHA-512:	8C915F83ABD484C380B9CBD8A63E99B94143F5016E4F6E48720868E0328E6A6C2FC0CCF95F7E8821CB74549330E21D5D3A9A173ACF438311FF8C0D919C8F51AC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.661255282964882
Encrypted:	false
SSDEEP:	24:Yv6X9i+pLgEFqciGennl0RCmK8czOCY4w2G:Yvn+hgLtaAh8cvYvJ
MD5:	9BFD5ECE21B360007CA91443722C26CC
SHA1:	DB38D9E16931B2C1B7118E7DA993F08BE04EDEAC
SHA-256:	E2301674759E77EFA95223D5646781D620E4464890740EE8E7D7B7136F6005A3
SHA-512:	8F0D19515984B10949D66500EEBB2D64B5F8F9754E676AA87A31B851492E11672E2E01D3591759D2725B859FA9746CF6A9BBCFE2ECC6A77D133E929A3B974ABC
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.6477204031117685
Encrypted:	false
SSDEEP:	24:Yv6X9ioVLgEF0c7sbnl0RCmK8czOCYHflEpwiVG:YvnoFg6sGAh8cvYHWpw/
MD5:	BD8AC578A201BAE52A0C03D5CF4A6A1B
SHA1:	4B424B8FC27EFE77B99AF81CE975EB92B5C7CCE3
SHA-256:	AEB8C7BC97D180F7CB18E34CC4A18E150B8AC23EE29E4F7090881FD64957DFAA
SHA-512:	F08BEF6814BC2287DE8C51AC3E72E234DD9ED45D6FDDFE328B413E39B8CCF4A61E8C5B897E6C0D84A150F35951219DC0709146EAD786F956DADB86357C72A61E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.2496048357982
Encrypted:	false
SSDEEP:	6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfQ1rPeUkwRe9:YvXKX/0YpW7ZGY16Ukee9
MD5:	A20D6F2CA12D42D0540E17BDABF8E5C5
SHA1:	B9055439DEBC15B3F501C2D9DCC2C8EB0C3BC357
SHA-256:	769188DC0F4F4DCFD29DE62EEB2104212DEC8B160753E3F253518302ECCEEE93
SHA-512:	1A46A54D39D5D0298FD5779E3556FF0D3E055EB8EA44AF8CC3E190857D0B365BFE56AA5A4C9CF7155830D1CC34849193E0048410BF0FB89F3914F9B4A709FAD9
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.642271508798411
Encrypted:	false
SSDEEP:	24:Yv6X9it2LgEF7cciAXs0nl0RCmK8czOCAPtciBG:Yvntogc8hAh8cvAk
MD5:	BAD920970D494F2E7E2DAB4C189EAAD4
SHA1:	87998B368F20BEEE12EA8C65E9FE1E432A634CED
SHA-256:	2A238D20D4A10E622515CFA0D419AB1DA524062C711D1E74AFFFBA9145CE4BCE
SHA-512:	1A925BE6AFC60C9AC88BC075D95B3633E32156BE9B23D7A5DF4344230F6FF58F24CE27A601E2B8D77FD9BB061932F7D6D7DC35C1D99F4E8B7031089C08DE727C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.697094264373928
Encrypted:	false
SSDEEP:	24:Yv6X9iFKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5G:YvnFEgqprtrS5OZjSlwTmAfSKI
MD5:	B8030E548C439D8EAD1C868482435C36
SHA1:	B720608CCCC591308CFE229641CB4A047338A519
SHA-256:	0D9DCB70F35AFDD5EB321BF6924F9ACFCF9183B50DF08EDCA1F06D957BDB3242
SHA-512:	D7BDC198821763945016BAE580FA987D523A66969CBD93DEF54EFD496C27DB4EDC4BC55BD91BCD4A172692165BE1850DF2B18C078AB484456C45BAC45C5AE5EA
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.254720699790742
Encrypted:	false
SSDEEP:	6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfYdPeUkwRe9:YvXKX/0YpW7ZGg8Ukee9
MD5:	F19237959B3EA742B61AE3085D03582E
SHA1:	9C8E39F62A49804B90C7142E27647CFFD4273CFA
SHA-256:	90555C8B7D75053BC3CD26C1E5C88770DB28BD90DC22E809478B3F268E69B149
SHA-512:	B285FBFF4F412B61657E73DFAEAF98A877EA599C6D46099FF5A66D374CC4980C611A6CE41A2293075CF2D59E8C855C5B8558F9B5248AF7D5F5D65990BC199AEE
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.775056774892128
Encrypted:	false
SSDEEP:	24:Yv6X9i4rLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJN+:Yvn4HgDv3W2aYQfgB5OUupHrQ9FJI
MD5:	1FFAFE471CE5B9264AF8BEBF8AFB062A
SHA1:	6EDEF1DE3CBFA0AE170FBEA9775BEA3D3BFF5949
SHA-256:	11F029690FC9D85242093773D0787F1C0C1D402C4B22099D5FC66846915985F4
SHA-512:	014693AF57974629961E99D1369E48FC30350C2A2ADCBB9EE0672428375D38558370DCD8D24E6254D9BCDC643E466065D8B9DF2887F64A57A799E734DA8E0625
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.238578995404186
Encrypted:	false
SSDEEP:	6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfbPtdPeUkwRe9:YvXKX/0YpW7ZGDV8Ukee9
MD5:	83ACDA7A92100A95AD9B940B8DBDB69A
SHA1:	47B22F98BF3CF4C1A08A0284AA9E2680A5EA009A
SHA-256:	757371CD716901AB66D287185537EDC1848E463162CE55907F5114F09B4B57F8
SHA-512:	BA3BFC31D5DF6508C6C1560E0EDAD57FC09A0624FB485B3CC1B6A5F05A31E75C055B76A0A50BC499D01F44A7226B59ACA00A3E1DBA3EE30174AC608F817184C6
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.239921347141799
Encrypted:	false
SSDEEP:	6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJf21rPeUkwRe9:YvXKX/0YpW7ZG+16Ukee9
MD5:	EBF84B2A25FD6A0673C7444A1790EFC9
SHA1:	8E236C5A954FE71D42C2A76E4BC651AE3CCBE085
SHA-256:	61FFC7DAE0DCC2AC730A3B61A0EEC89FC98DB99A00498F9817A22D3B7A4CF985
SHA-512:	7ED88EFF959D3B41222665F3DACEFA741FBB774C448CAC9A820A0459ACD07208845514B64F3E9968A8E4A386A4DEF502EB38BC54ABFE7D7675B341C49CB5032A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.650638299892009
Encrypted:	false
SSDEEP:	24:Yv6X9iiamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8BG:Yvn8BguOAh8cv+NKx
MD5:	A61992BD2BC82576806DEFED6976D963
SHA1:	E56D07CEBBB35C45B7F1B286534AE915494D619E
SHA-256:	ED713E069AB8BF187E0AF51C0425EB6DF62B1938D35F872F653492BC0D95DEC5
SHA-512:	31443795E16F4E3D5D384776536C826ECE72CD304FBF9F00AD1D25F2B76F05B6D04066A1311D14B4AD39D4F8ACB2748CE18EF9772BE8210B2DAE4BE08F9AAE42
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.215377379759185
Encrypted:	false
SSDEEP:	6:YEQXJ2HXVVLBw2t7+FIbRI6XVW7+0YKsoAvJfshHHrPeUkwRe9:YvXKX/0YpW7ZGUUUkee9
MD5:	3D440BB9DA1AAB29CCC71213106F36F4
SHA1:	536D11E3AED2EEBBDD4A00B067BC634D1F8971CF
SHA-256:	74E50E4050BF755B2DEC4C1E1AAD5522A8D4CB697FA585FC484A4DEA736B4E37
SHA-512:	F888857B803B1870F56A8B1D3B22EAD11D3BCF5C85E696FCF7152905F2D57280BA1383826F31E26740293F182D7038C92A7E7C2EA7C7BAEA26C5E9246B93AB6C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.360797805667195
Encrypted:	false
SSDEEP:	12:YvXKX/0YpW7ZGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWa:Yv6X9i1168CgEXX5kcIfANh/
MD5:	2515FB71C5237BF220BB424810E585B9
SHA1:	1F2439B8C3F1CAB7D2897DA1446ABE979370D6F6
SHA-256:	FE5DBACEBAF42761F563565813E4A15D341FDC2218F5BBCC97E8353914B86662
SHA-512:	E3945745A7DF95FFCD95DFEEC36AA8ACAD5357A9E5C36EDCA324D4C7C8ECCB7172410CF2E530764F6C9B138A0B0CA8EC2BC59D5E5CA7BE291239D72C338614B2
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"a3bf0694-41ea-40f0-8872-e8043046d5ea","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1724951492396,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1724774357428}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.139660112519737
Encrypted:	false
SSDEEP:	24:YWnIORbLYTKaf1ayPCN9yTTBcZHYvtjp/Jaj0Sj3Mb262LStPZa45tzBtU9Cc6Ja:YGqxG9yPByY5pB82H7Ps4PTU956Ja
MD5:	574192FCD2C321A0806FC387FC16AB99
SHA1:	741138BE7F7E2BB6515DCC70B929ED2F88DC0560
SHA-256:	D64A609B64486AD63F048C6F4E085960B771AE2134D954A0829CFB2337DB6A67
SHA-512:	B6CA50EFFA6B0971CCC2B381284351DC26A97BE827AF423153B5F2C78D2D58ED4037BC5504EE32FB2D85FA21CB5E33F3CCBF68F7B7B61D06F648EE36CDDCEEE6
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"2f79676022fdea9170da85d70fa662ed","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1724774357000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"e94e6f8a48541ddf6bf7ef7a2eea8f78","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1724774356000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"dd323c4a805914905933c54bab1647e0","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1724774356000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"f5168d42d96621f0f73165f4585ab693","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1724774356000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"90a602ff7d76b55ba9a663a1378cd771","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1724774356000},{"id":"Edit_InApp_Aug2020","info":{"dg":"35c1b187f4e7c13ee5397553f544ab37","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.0030248139537683
Encrypted:	false
SSDEEP:	24:TLKufx/XYKQvGJF7ursB1RZKHs/DsDXyhndp1yuVOLXA/LXRILXRfnBXndF:TGufl2GL7msvgOiChL4uVWBX3
MD5:	E371E491C2BF727BDED8A09B9975789A
SHA1:	8F19BED8E3E6605D316741F14CDF027DBAC36A7E
SHA-256:	737489ED80B5257DB2D0F7EFCC79D1C98EACEB084E3293E78969A5FA134D2FFF
SHA-512:	2BAE22D0E98651A485A5B490040ED441B8BB25B742859D01B25D63E3BE7EF4D5972730BAEE037C26455696210968254D6694F435489C84E057ACD69FC8EA759F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3651472198687646
Encrypted:	false
SSDEEP:	24:7+tg1RZKHs/Ds/SpFndp1yuVOLXA/LXRILXRfnBXndsnqLhx/XYKQvGJF7urs7:7MYgOVpFL4uVWBXiqFl2GL7ms7
MD5:	EBD10CA02DC557677A24CA4E856CBE9A
SHA1:	153A858FB1CC31DF101E4CB7746740C8F1DEDE8F
SHA-256:	B64D2BEB8A7C8150B0BE111A3D50F6FC3BF21CF8A5DD6CDF5F12B80D9A92795C
SHA-512:	2354622371EF9EF6BD1005F8843AB2FFD3DCD94FB1957C4B00C76FF7D493D23175F9E390B3A0A4C890B0090DBE7E334AE32716CB689B82B0D5328DC8C25ED321
Malicious:	false
Preview:	.... .c......\........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#...z.>.....}.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIf39ce.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.53559722477471
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8AAXYle:Qw946cPbiOxDlbYnuRKrw
MD5:	F9C66639F54BF25F5DE2A32678A480D7
SHA1:	C4D60413F063CF7F311651629A547770FD06D2FE
SHA-256:	6172708A13A5C4E29BC3F4C812B5AD7F6424AB03E1F161673557DA9CC3D00FD9
SHA-512:	040E0FE4611F809EC2DC0FA205359B36E72E09E3A8FEC19D52C3B25915353915398E13D7C04AC5BAD345B01AE5D276E8C7935CF52DC2EF0C435CB03A65B0EBA2
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.7./.0.8./.2.0.2.4. . .1.1.:.5.9.:.1.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A97rpvwx_1bgwf8e_5p8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	7.992281805285832
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHti:Cjc7BcePUsSSt0
MD5:	2256FEA23D2D4664E820C92F0FC7AAD5
SHA1:	7C2E5E9A99CF177FD5F3F1C6D19552CDEB382EDB
SHA-256:	664AFEAA76A656A4621F345F69C89F0D56924E935928D2B4486C058E8302FDD9
SHA-512:	0B638C4E84A94CB7BEBA54811BA1CF472DEAA8F45F5BC89C45C9531D7F1A9929EA99FD85248048D1E728768AA1E8CA996BAC74B93A4309B0047AD4341E055422
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A98293bt_1bgwf8g_5p8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.040148334362102
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROODdKW/LAW/LvuLCSyAAO:IngVMre9T0HQIDmy9g06JXzdN37mlX
MD5:	1AEC28BF77E979EB5D761B6FC7289EC2
SHA1:	EE5576E1FA57AAB137C1CA4C14B70D371B3EB5E0
SHA-256:	FA07A831C67B46313778FE4D774EC71247CEA2847CDD559C472192A0334AA25F
SHA-512:	F4F395D9320EF60A2251377778CB4E8F8F98B322552D9FCC0A27682B76665CBA39283C7D3BB0EB41A8E85ECB7C845D7D04F19AA1B6A6D4A51E663E3D425F0263
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<8348D930A42AD54E975C082EC611520F><8348D930A42AD54E975C082EC611520F>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9s197vz_1bgwf8f_5p8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Category:	dropped
Size (bytes):	144514
Entropy (8bit):	7.992637131260696
Encrypted:	true
SSDEEP:	3072:OvjeSq37BcXWpJ/PwBI4lsRMoZVaJctHtTx8EOyhnL:Cjc7BcePUsSSt38snL
MD5:	BA1716D4FB435DA6C47CE77E3667E6A8
SHA1:	AF6ADF9F1A53033CF28506F33975A3D1BC0C4ECF
SHA-256:	AD771EC5D244D9815762116D5C77BA53A1D06CEBA42D348160790DBBE4B6769D
SHA-512:	65249DB52791037E9CC0EEF2D07A9CB1895410623345F2646D7EA4ED7001F7273C799275C3342081097AF2D231282D6676F4DBC4D33C5E902993BE89B4A678FD
Malicious:	false
Preview:	PK.........D.Y...>)...).......mimetypeapplication/vnd.adobe.air-ucf-package+zipPK.........D.Y.+.`............message.xml.]is.8...[.....Oq.'...S...g.X+;....%X."U$.....}.P.%....8.tl. ...../..}......A.......,...a...r.....=..i{......0H..v.g.c0.3~....G.b....,.BvJ.'./.`xJ]..O./.!K...XG?.$.,=.Z...q.f~...,..:b.Pl..f..\|....,.A.....Z..a<.C._..../G\|....q.....~.?...G.............y+.. ...s.,.2...^uon..:....~....C....i.>.<hy..x..?....F.w..4e.\|.'...#?..a......i...W.".+...'.......,..6..... ..}.........llj.>.3v.."..CdA.".....v...4H..C]>........4..$.O........9._..C{(....A~.k...f.x8.<... l!..}...ol.q.......2.s.Y..&:....>...l.S..w.t^D.C....]0......L...z[`J<.....L.1t-.Z.n..7.)...aj;.0.r\|.._.V......JWT.>.p.?s....boN.....X.jkN.9..3jN.9..t...o..c.nX4......0.D.....Cv .....!k..........d.1B....=3.Bq.E.bo.....6..r..6@.b...T......Ig...(..(K].:...#..k..q2G."o.Tz...qJ.......;?\|~..1...J...RA...'..*C...T...dNMZ.3.z-..LCI..I..-.,.Y.J.....m.KY}.Lw......G........-.(E....b..^..}..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-27 11-59-09-598.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.3293801742548705
Encrypted:	false
SSDEEP:	384:dZkZ6ZVZirwrvrvMrHr6rErArFrrRrvrBroxtxxE/EjEqEGEhEoEbmTJTpTHFFus:dqwXIMLDMzuAURrFjd0HTG0RhGNf1dDf
MD5:	CA31135243C52A51096DBAD9C008AB93
SHA1:	01AE7D6E2D49E262620D03ADD72BC49BF237EAC5
SHA-256:	00C8AF2708A574091A7E061CCE6C201C132090D484E2B51B2C56E7CC036961F5
SHA-512:	7A1A6531D3613C6165179D1E9C6C5C0273517996D47FA6EF0FD1F738EBF3344D709815ECE686C1F7FF3534765A6E39F6A0DCBFF4D89A3151803F4505DFB2349A
Malicious:	false
Preview:	SessionID=e4aadc3d-4130-4da4-8ec3-eab2852ecbce.1724774349609 Timestamp=2024-08-27T11:59:09:609-0400 ThreadID=1876 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=e4aadc3d-4130-4da4-8ec3-eab2852ecbce.1724774349609 Timestamp=2024-08-27T11:59:09:609-0400 ThreadID=1876 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=e4aadc3d-4130-4da4-8ec3-eab2852ecbce.1724774349609 Timestamp=2024-08-27T11:59:09:609-0400 ThreadID=1876 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=e4aadc3d-4130-4da4-8ec3-eab2852ecbce.1724774349609 Timestamp=2024-08-27T11:59:09:609-0400 ThreadID=1876 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=e4aadc3d-4130-4da4-8ec3-eab2852ecbce.1724774349609 Timestamp=2024-08-27T11:59:09:610-0400 ThreadID=1876 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.405741135393271
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb1:5
MD5:	A776C2D64F169DA9A5AEADE2528F2335
SHA1:	C792B2800754DB324E3A7E9A396C390B76E1BD7A
SHA-256:	C0C62FDFBC0BD447DABAD474556AFBF32A202DB67496EA962F805E6A24110587
SHA-512:	50C48AAF6B520536CD38A2E47F0FF0A0D4A1798BA10678000DF71972C7267121BABF541033AAF77AB716D8AEDD428C26F159941A43488005254A300AF82800D1
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\1aff6733-f413-46dc-98d4-82e894d97347.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\35ead299-451e-4420-aebc-3ceac32f1b97.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\4acf0237-ec78-4ad5-8f85-81f08916a6b6.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/2wYIGNPRmOWL07otGZ1dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:OwZGDbWLxtGZN3mlind9i4ufFXpAXkru
MD5:	AA6641E4BFC58F44E603CD0EE74AE8FF
SHA1:	29F99293E45449226D99AE893FA31E428BA80BF8
SHA-256:	0C9CEF808C626D2412A4548C0F78FAFD52A30D49C36E1ED1CDA2BBF0E1B5F2F1
SHA-512:	65C9820CA8747BB78292D34D7AB4D1F26F73CA4D7DF2C97F3BD87D777B8D00E981AF6CEC2D078AF5BB660EEDE1480608EC701B6F55A1521C6390F42FFDE6D0A2
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\d56a5c7d-5e4b-46cf-ae70-3d8aa7009d28.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 647360
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/IkwYIGNPQbdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07mWL07oXGZd:zwZG2b3mlind9i4ufFXpAXkrfUs0CWLk
MD5:	9431A1C2A3C1BEFE8F3925B1B333DC34
SHA1:	4E77620153F74BE80B9D533FD16826A276113460
SHA-256:	9C81A3C6CA676D3D45D2C43A2204E3B78DFB3C0082A1748B67CD9F95AD419ABC
SHA-512:	56AC05EAAAD17DBBA09E224C4472D1792C5B038ECB976E9DD107817999ACF7E8A217D0E6A61983777569426A7493661CF2CE16FF6753FE8517EFA360B52C871F
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\915DEAC5D1E15E49646B8A94E04E470958C9BB89.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	98682
Entropy (8bit):	6.445287254681573
Encrypted:	false
SSDEEP:	1536:0tlkIi4M2MXZcFVZNt0zfIagnbSLDII+D61S8:03kf4MlpyZN+gbE8pD61L
MD5:	7113425405A05E110DC458BBF93F608A
SHA1:	88123C4AD0C5E5AFB0A3D4E9A43EAFDF7C4EBAAF
SHA-256:	7E5C3C23B9F730818CDC71D7A2EA01FE57F03C03118D477ADB18FA6A8DBDBC46
SHA-512:	6AFE246B0B5CD5DE74F60A19E31822F83CCA274A61545546BDA90DDE97C84C163CB1D4277D0F4E0F70F1E4DE4B76D1DEB22992E44030E28EB9E56A7EA2AB5E8D
Malicious:	false
Preview:	0...u0...\...0....H........0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1..240807121815Z..240814121815Z0..~.0!.......0.E....[0...210531000001Z0!...7g...(..^`.x.l...210531000001Z0!...\./M.8..>.f.....210531000001Z0!...B.Sh...f...s.0..210531000001Z0!..../n...h..7....>..210601000001Z0!....0..>5..aN.u{D..210601000001Z0!...-...qpWa.!n.....210601000001Z0!..."f...\..N.....X..210601000001Z0!...in.H...[u...]....210602000001Z0!......`......._.]...210602000001Z0!...{..e..i......=..210602000001Z0!......S....fNj'.wy..210602000001Z0!......C.lm..B.*.....210602000001Z0!... .}...\|.,dk...+..210603000001Z0!...U.K....o.".Rj..210603000001Z0!.....A...K.ZpK..'h..210603000001Z0!.....&}{ ......l..210603000001Z0!...:.m...I.p.;..v..210604000001Z0!...1"uw3..Gou.qg.q..210607000001Z0!...1.o}...c/...-R}..210608000001Z0!................210608000001Z0!...[.N.d............210609000001Z0!......x..i........210610000001Z0!...(... (..#.^.f...210

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\CRLCache\DF22CF8B8C3B46C10D3D5C407561EABEB57F8181.crl

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	737
Entropy (8bit):	7.501268097735403
Encrypted:	false
SSDEEP:	12:yeRLaWQMnFQlRKfdFfBy6T6FYoX0fH8PkwWWOxPLA3jw/fQMlNdP8LOUa:y2GWnSKfdtw46FYfP1icPLHCfa
MD5:	5274D23C3AB7C3D5A4F3F86D4249A545
SHA1:	8A3778F5083169B281B610F2036E79AEA3020192
SHA-256:	8FEF0EEC745051335467846C2F3059BD450048E744D83EBE6B7FD7179A5E5F97
SHA-512:	FC3E30422A35A78C93EDB2DAD6FAF02058FC37099E9CACD639A079DF70E650FEC635CF7592FFB069F23E90B47B0D7CF3518166848494A35AF1E10B50BB177574
Malicious:	false
Preview:	0...0.....0....H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G4..240806194648Z..240827194648Z.00.0...U.#..0.......q]dL..g?....O0...U........0....H.............vz..@.Nm...6d...t;.Jx?....6...p...#.[.......o.q...;.........?......o...^p0R.......~....)....i.n;A.n.z..O~..%=..s..W.4.+........G...*..=....xen$_i"s..\...L..4../<.4...G.....L...c..k@.J.rC.4h.c.ck./.Q-r53..a#.8#......0.n......a.-'..S. .>..xAKo.k.....;.D>....sb '<..-o.KE...X!i.].c.....o~.q........D...`....N... W:{.3......a@....i....#./..eQ...e.......W.s..V:.38..U.H{.>.....#....?{.....bYAk'b0on..Gb..-..).."q2GO<S.C...FsY!D....x..]4.....X....Y...Rj.....I.96$.4ZQ&..$,hC..H.%..hE....

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ISO-8859 text, with very long lines (3486), with CRLF, CR line terminators
Category:	dropped
Size (bytes):	14456
Entropy (8bit):	4.2098179599164975
Encrypted:	false
SSDEEP:	192:gcPqYV/saFlwwR+kMqe8TlZMX1sgUVa3ddMVsuNeMcGdSD9obOUAVlcMudM/Y14e:g7Q/X4kMb0lZ6mgtdHOelGdWaolvsTZ
MD5:	32FCA302C8B872738373D7CCB1E75FD4
SHA1:	DA85FAF24ED0ECFD5D69CCFD6286D8B77D7EB4F1
SHA-256:	CD0DD26304B88C20801FE80B33C49C009E2E5D4411B5D7F83252E1D90CD461C6
SHA-512:	57F8CC85FAFB15455074431216E47433E50DF5DE74ED74C395B7FF2C433DB7CE06F0A1C1FE1EFDC17229DBC33325D559789F43901556DD1A12963B94F01D5A1F
Malicious:	false
Preview:	%PPKLITE-2.1.%......1 0 obj.<</PPK<</AddressBook<</Entries[2 0 R 3 0 R 4 0 R 5 0 R 6 0 R]/NextID 1006/Type/AddressBook>>/Type/PPK/User<</Type/User>>/V 65537>>/Type/Catalog>>.endobj.2 0 obj.<</ABEType 1/Cert<308204A130820389A00302010202043E1CBD28300D06092A864886F70D01010505003069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F74204341301E170D3033303130383233333732335A170D3233303130393030303732335A3069310B300906035504061302555331233021060355040A131A41646F62652053797374656D7320496E636F72706F7261746564311D301B060355040B131441646F6265205472757374205365727669636573311630140603550403130D41646F626520526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100CC4F5484F7A7A2E733537F3F9C12886B2C9947677E0F1EB9AD1488F9C310D81DF0F0D59F690A2F5935B0CC6CA94C9C15A09FCE20BFA0CF54E2E02066453F3986387E9CC48E0722C624F60112B035DF55EA6990B

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 14:59:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.97714529695486
Encrypted:	false
SSDEEP:	48:8/2d3TvjOHgidAKZdA19ehwiZUklqehRdy+3:8e3dwdy
MD5:	EB58660D5D4547AF5A2CC2D310F06536
SHA1:	E5595B223138130A5537502EC645AA10BF503DF3
SHA-256:	990F92D4F106D88B79681AAAA7118EC46AC72340AF74506130C58B9B94F2308B
SHA-512:	8ECD0E12C380EA0F273889014505AAA2810AC2BE44DAC1772A15A7EA7FDA34DA31977D79CFEB920FCD4C78E96CFD25EC4752B60C2029287010C91EB53863397D
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....P8.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yd.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ye.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Ye.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Ye............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yh............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 14:59:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9917030693800246
Encrypted:	false
SSDEEP:	48:8C2d3TvjOHgidAKZdA1weh/iZUkAQkqehgdy+2:8t3X9Q/dy
MD5:	CA301F812F57947ED5709FE7BB066CC2
SHA1:	8873CA1C315E3CF7099805D08A2C66CFE31D452C
SHA-256:	17EE44E17C91297EC922F29608DC438D87C2C71E1E5142F3FCCF8AADC6EACE15
SHA-512:	6A00CE31DA5143C4DC70ECD154EA3649CAC66F4BBDF27AC2168C92BACB1C1197BE9874657C57760AB894043D1DD4B38B5B1C6EAC12B0D27A61445CC3DCC00511
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....c .....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yd.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ye.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Ye.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Ye............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yh............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.005077479182944
Encrypted:	false
SSDEEP:	48:8xY2d3TvjsHgidAKZdA14tseh7sFiZUkmgqeh7sGdy+BX:8xn31ncdy
MD5:	EA8A00CFF8963BBF31CE6E56487513B9
SHA1:	904BDF7721CBD7954970508E365212D243F4AD85
SHA-256:	A67E369A25CD866D98EE5F7D02ED09D029C6CD0373129EAE9DF753DEE9662D54
SHA-512:	5168A0F7C7C8C0CB64700A520C956FB2A1915FECDE3EBEDE4084113EA86A4E7703D92DF2F009235D6FB88FD5C957874715C1F251E0687FBCCE5FB7B8545CF068
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yd.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ye.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Ye.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Ye............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 14:59:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9906963537149474
Encrypted:	false
SSDEEP:	48:8yb2d3TvjOHgidAKZdA1vehDiZUkwqehEdy+R:8yS3Uudy
MD5:	550E24AA3997D8928A2C2DEC593E8252
SHA1:	798A179482C99082C8E7E981317544E226212666
SHA-256:	BD9C1FF687E1768BACE9F0AE284714A12BE0985389C2E05EEA8432EE1975A3F2
SHA-512:	50C70B9A62DB085F3366532693EE3E70CA3AAFA942756F70FB8ADFBBBB22CD4274F815C29CC53D72800B0D77BCFFF9D90A66C87DCCDCF44E3F1AD8212BA48744
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....X......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yd.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ye.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Ye.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Ye............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yh............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 14:59:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.980966023738085
Encrypted:	false
SSDEEP:	48:8i2d3TvjOHgidAKZdA1hehBiZUk1W1qehCdy+C:8N309idy
MD5:	BD78710F50E81B040F953C6598A763DB
SHA1:	BAEA805C5E5689F88F100C188A769A8645BA80E5
SHA-256:	949F2794A8D7FD6AB8A0E291A9DD7646DCEFA18A6A43EEDFBEFD817097CDD714
SHA-512:	8B16CA4BCF5989F12C433E9F70ED5C13DBA2C096F69A94D343F2F1A706A280515AFF5F15B2978303B80EEC9BAC4C7FFBC2ADDEA328E241C6E7212ED6F3BB21A2
Malicious:	false
Preview:	L..................F.@.. ...$+.,......(.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yd.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ye.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Ye.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Ye............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yh............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Aug 27 14:59:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.9905920549934506
Encrypted:	false
SSDEEP:	48:8N2d3TvjOHgidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbcdy+yT+:8A3aT/TbxWOvTbcdy7T
MD5:	A1FF323896366832981F5B60277DABDB
SHA1:	8416CA243ACE911009F66776D0E9A10F68B17003
SHA-256:	7624B465DC90F676AFF06C56FA54AC9AD53B1C74AF2543C90CBBBBC4CAA29FBA
SHA-512:	6756EE98138FC996AD9822BCDA730AD87CC381F1C4A373E26D96A47FD5C39EB07001D97BAA85BD1DF26C66A5DD86A8C6B0FEEFA451A1EB64EA9F1F0FD2CDA686
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....O......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Yd.....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Ye.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Ye.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Ye............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Yh............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............n.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 260

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	315
Entropy (8bit):	5.0572271090563765
Encrypted:	false
SSDEEP:	6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR
MD5:	A34AC19F4AFAE63ADC5D2F7BC970C07F
SHA1:	A82190FC530C265AA40A045C21770D967F4767B8
SHA-256:	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
SHA-512:	42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
Malicious:	false
URL:	https://apps.evluator.com/favicon.ico
Preview:	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

Chrome Cache Entry: 261

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
URL:	https://qahey.teaf-c.org/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 262

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4402
Entropy (8bit):	5.092676476273466
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOis9MpA2ZLimQrR49PaQxJbGD:1j9jhjYjIK/Vo+tsqDZOmQrO9ieJGD
MD5:	BE697F2521822A28441A32AA12ED349D
SHA1:	B4D13B45C567D83689D75C11D312488BBE787A51
SHA-256:	7BAEA57F0FFC139624A527A9D9312EC85A3440391E3DD9C2E971124134497C9C
SHA-512:	E340B1D328E462D8762D947D2681AFC1E584FC04892C7A7E16886D0DFC29F387EBD59410E3BF3672887EEB0E486E893DCD6120BB89405E886FD7CC40684249FF
Malicious:	false
URL:	https://qahey.teaf-c.org/VdrOrhOG
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 263

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
URL:	https://qahey.teaf-c.org/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 264

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Static File Info

General

File type:	PDF document, version 1.4, 1 pages
Entropy (8bit):	7.764215127264455
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Smeg SignRequest.pdf
File size:	23'434 bytes
MD5:	609192a8242e10bb7fdb1daa294b2f4d
SHA1:	5158d75d9317bd56881b30385abe220a1b36a525
SHA256:	cddbf9c1c1de14e5f50f254ffad6d28f6a485283d25b83342a593df577bc52a3
SHA512:	7c0e7fb4746376a2c03e77f882416a282e58951ec9863eb487f49a07184e6a5f3a21fb69a71e72847a2fdcf62bc54d72f6c18153d563b99fa532976ebfa689df
SSDEEP:	384:RaV97XlRKtEyyGIOOvK5bCRbuWRKpNjr8CUSzsBvy+n7CUSiM:Rs97XyRtOi5bC8WRKr0jBvrs
TLSH:	E6B2BFF8B49A0C8CFCC792129DB63C5D85BDB2A38AC5355630354F81EC08D8979659EF
File Content Preview:	%PDF-1.4.1 0 obj.<<./Title (..)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20240809174348Z).>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endobj.4 0

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4
Total Entropy:	7.764215
Total Bytes:	23434
Stream Entropy:	7.963762
Stream Bytes:	19102
Entropy outside Streams:	5.130497
Bytes outside Streams:	4332
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	32
endobj	32
stream	10
endstream	10
xref	1
trailer	1
startxref	1
/Page	1
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
7	1838e6d894726a06	9a89ccaa141abedea8eb2aa9a3fc5539
9	0000000000000000	2341b247a5d4b9368a6fb189b667c8b2
11	dca66d5155599ac4	ceb3c68b0a65e38427782232d0899215
13	ccb26971757d92cc	cb87815411998bae8d5e8925c029f951
15	5d4d11295929557d	4205a02791ba6e45c52e65eb5788d8b6

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7296, Parent PID: 1028

General

Target ID:	0
Start time:	11:59:06
Start date:	27/08/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Smeg SignRequest.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7520, Parent PID: 7296

General

Target ID:	2
Start time:	11:59:06
Start date:	27/08/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7800, Parent PID: 7520

General

Target ID:	4
Start time:	11:59:08
Start date:	27/08/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2252 --field-trial-handle=1508,i,15954673363511197786,6214592246150896982,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7844, Parent PID: 4768

General

Target ID:	5
Start time:	11:59:08
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://tmsnp.page.link/?link=https://apps.evluator.com/widc/ggu/Y3Jpc3RpbmEubWFyaW5lbGxvQHNtZWcuZXM=
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7736, Parent PID: 7844

General

Target ID:	6
Start time:	11:59:11
Start date:	27/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 --field-trial-handle=2540,i,15681474454666713540,6780072518804137637,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Smeg SignRequest.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\1a938571-9313-44c8-b5d4-4a8dff4598be.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\51a80aea-bbb6-4dc3-9262-9d8b99b9de11.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5f713a.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240827155913Z-222.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Windows Analysis Report
Smeg SignRequest.pdf