Edit tour

Windows Analysis Report
Usc credit Union Bank Letter- copy.pdf

Overview

General Information

Sample name:	Usc credit Union Bank Letter- copy.pdf
Analysis ID:	1528486
MD5:	b0c27a59f6b7246a6ccd99bd675d66f6
SHA1:	478c5f6502d7e529e13a5a6c902eb00765dd594a
SHA256:	93235fca9fbe77a4dc06e55dbc89b657a852a19045d1c04b7d7df7f09c6adb36
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 7772 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Usc credit Union Bank Letter- copy.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 8012 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 7304 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1508,i,6368692328044894760,13148700040641484884,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic

DNS query: name: x1.i.lencr.org

Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443

Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49715 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49715
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 192.168.2.10:49718 -> 23.22.254.206:443
Source: global traffic	TCP traffic: 23.22.254.206:443 -> 192.168.2.10:49718
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 192.168.2.10:49722 -> 23.217.172.185:443
Source: global traffic	TCP traffic: 23.217.172.185:443 -> 192.168.2.10:49722

Source: Joe Sandbox View

IP Address: 23.22.254.206 23.22.254.206

Source: global traffic	HTTP traffic detected: OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-aliveAccept: /Access-Control-Request-Method: GETAccess-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-keyOrigin: https://rna-resource.acrobat.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: 79164422-1e43-4f8b-9b29-d5ef60e753c7x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.22.254.206
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	TCP traffic detected without corresponding DNS query: 23.217.172.185
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: 79164422-1e43-4f8b-9b29-d5ef60e753c7x-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: global traffic

DNS traffic detected: DNS query: x1.i.lencr.org

Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: ReaderMessages.0.dr	String found in binary or memory: https://www.adobe.co

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443

Source: classification engine

Classification label: clean2.winPDF@15/44@1/2

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-13-25-021.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Usc credit Union Bank Letter- copy.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1508,i,6368692328044894760,13148700040641484884,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1508,i,6368692328044894760,13148700040641484884,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Usc credit Union Bank Letter- copy.pdf	Initial sample: PDF keyword /JS count = 0
Source: Usc credit Union Bank Letter- copy.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Usc credit Union Bank Letter- copy.pdf

Initial sample: PDF keyword stream count = 104

Source: Usc credit Union Bank Letter- copy.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: Usc credit Union Bank Letter- copy.pdf

Initial sample: PDF keyword endstream count = 104

Source: Usc credit Union Bank Letter- copy.pdf

Initial sample: PDF keyword obj count = 107

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	13 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://x1.i.lencr.org/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false		unknown
x1.i.lencr.org	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.2.dr	false	URL Reputation: safe	unknown
https://www.adobe.co	ReaderMessages.0.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.22.254.206	unknown	United States		14618	AMAZON-AESUS	false
23.217.172.185	unknown	United States		16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1528486
Start date and time:	2024-10-08 00:12:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Usc credit Union Bank Letter- copy.pdf
Detection:	CLEAN
Classification:	clean2.winPDF@15/44@1/2
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 162.159.61.3, 172.64.41.3, 2.23.197.184, 199.232.210.172, 2.19.126.149, 2.19.126.143
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: Usc credit Union Bank Letter- copy.pdf

Simulations

Behavior and APIs

Time	Type	Description
18:13:30	API Interceptor	3x Sleep call for process: AcroCEF.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
23.22.254.206	#U0631#U0648#U0632 #U0633#U06cc#U0627#U0647 #U06a9#U0627#U0631#U06af#U0631.exe	Get hash	malicious	Unknown	Browse
	WOT0089836_Electrical_Single_Line_diagram%2C_lighting__RR_docx_3461849704.pdf	Get hash	malicious	Unknown	Browse
	original.eml	Get hash	malicious	HTMLPhisher	Browse
	Payment Confirmation-- (2).pdf	Get hash	malicious	HTMLPhisher	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:626535c6-68da-4729-b016-6e974989fb70	Get hash	malicious	LummaC Stealer	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:US:4a1d4a71-0ecb-4b97-81ac-6d37886bcc89	Get hash	malicious	LummaC Stealer	Browse
	Keyser & Mackay.pdf	Get hash	malicious	Unknown	Browse
	Money Fellows Signatures Consent Docs#122531(Revised).pdf	Get hash	malicious	Unknown	Browse
	https://indd.adobe.com/view/9cfcac35-338b-4a63-bb28-60a870b890db	Get hash	malicious	HTMLPhisher	Browse
	virus total.pdf	Get hash	malicious	HTMLPhisher	Browse
23.217.172.185	COVID-19.pdf	Get hash	malicious	PDFPhish	Browse
23.217.172.185	Globalfoundries.com_Report_46279.pdf	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bg.microsoft.map.fastly.net	SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exe	Get hash	malicious	LummaC	Browse	199.232.210.172
	https://login.stmarytx.edu/cas/logout?service=http%3A%2F%2Fgoogle.com%2Famp%2Fmatrikaengineeringworks.com/hebc/?#?m=bWVsaXNzYWdAd2Utd29ybGR3aWRlLmNvbQ==	Get hash	malicious	Unknown	Browse	199.232.214.172
	WiTqtf1aiE.exe	Get hash	malicious	LummaC, Vidar	Browse	199.232.214.172
	https://s.craft.me/yB5midhwwaHUPW	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	https://entertaininmotionre.pro/IQCm/	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	https://dsdhie.org/dsjhem	Get hash	malicious	Unknown	Browse	199.232.214.172
	FdjDPFGTZS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	199.232.214.172
	Aew8SXjXEb.exe	Get hash	malicious	Stealc	Browse	199.232.214.172
	Adobe-Setup.msi	Get hash	malicious	Korplug	Browse	199.232.210.172
	https://dsdhie.org/dsjhem	Get hash	malicious	Unknown	Browse	199.232.214.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	PFW1cgN8EK.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	SecuriteInfo.com.Win32.PWSX-gen.27846.23954.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	utmggBCMML.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	lihZ6gUU7V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.102.49.254
	Bn7LPdQA1s.exe	Get hash	malicious	LummaC, Vidar	Browse	104.102.49.254
	https://www.dropbox.com/scl/fi/qo6796ed7hlrt0v8k9nr6/Patagonia-Health-Barcode-Scanner-Setup-2024.exe?rlkey=5bmndvx8124ztopqewiogbnlt&st=yvxpokhf&dl=0	Get hash	malicious	Unknown	Browse	184.28.90.27
	file.exe	Get hash	malicious	LummaC	Browse	104.102.49.254
	https://dsdhie.org/dsjhem	Get hash	malicious	Unknown	Browse	88.221.169.152
AMAZON-AESUS	https://mailstat.us/tr/t/5w8u1qwlwl61e4h/1/https:/krediti.ca/#Y2FyYS5jJGNiZmxvb3JzaW5jLmNvbQ==	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	184.73.182.153
	https://statics.teams.cdn.office.net/evergreen-assets/safelinks/1/atp-safelinks.html?url=https%3A%2F%2Fphpstack-1335745-4931432.cloudwaysapps.com%2F%23%26%26%2B~XanJlZEBwcm9hZy5jb20=&locale=en-us&dest=https%3A%2F%2Fteams.microsoft.com%2Fapi%2Fmt%2Fpart%2Famer-03%2Fbeta%2Fatpsafelinks%2Fgeturlreputationsitev2%2F&pc=dqIG3sYngZE8N2eRBkF7CAkOWKg5g3tGjnQGJGQlc61U8QGlKCs5AzH6JKtW7FyetS1g5oEXSNBKJVlJbTCgrea0O041dBSjafsPfOc5KxbMkQRnpwalZQdhHfcjoeWL7rzuDGG%252fj2e7scaAUTCy2PY0WmBb87rgNNPdmEQne%252f00jq9aOpwCvhJrGkNK5f8MP5jaUwccFhr9IIoVaCOrXUhSnuRv%252fw%252bxhUGpneOsAgBs7CjJQbmepBIHfEqwCkqvDbYbxYB4Hm9sLVAOFaz9VFMFSXPJt4MqeWAChikWLAZATmvniptR3h97WVF%252fZtjtm3RxdNyPROzhUvL92w9fdWmSw%252bHBxn5rMHOUpaQU16ZpcfATiVaU51fqKaYO2v4ZnK7axAavLgOpgAJivuE6JO2sqksPH41Z6PVam5c4J%252bwwz5Z2pqrOSxPxEcPGeDff%252bxp9PApNxpvURRLl98WzRw%252ftZEOu%252foKPhjN0OiTGAQDLRWTF%252bMCzSQg37tk7ZYUYYc0Ycs4xDjchhFprJCCSfrZ8WyHq6cjqmnbgDKRQig28xGNFnSDEeWMDBQeeeVyNqDv0FAAxkSAMO%252b7t4Qu1y0h0MHJYEb5pxfOYe8Pyfcsn7pyR%252fkKEqziEQVGlIETrpjVMNyrhJrnX9S%252flWaxf0H3tD%252fqMhzPysO9QdPSJTG054WE4jq5GRqTKu8P25t4KJLY15Oz2j5iCg7Bd5lczhgv4PQevplLuCGckM%252fs5EPk2r2FkSOxHF51EB5FR2TgXQR5UAp2BbaWTm9irKwSSUK5z1MsGMDokVMEB4bQ9mpZrl1%252bDMixJ1mQyyLXpelmEyN8zw1nTsbXAvDQgIvPLPj0QUtphEMnmVEXMkQHiw2WHWUSxIxYcY%252fltyp6bnMrankPAnpChbWQmk95rKsUz8tqtLjNDclK1y1FLy%252fh7sed9duxDDFupXnhmXxGJOmUV6FG1arxXL8urm1F98thG8anfchv3DafKsyVHHgmdUFNH6Uhcu4sB8fo0kqm2y7IWS96w5BeG334JvnFDJPLDPvtK5ojeXfDXh%252boKJdBxXGC9NmPwgDp8XeOavQnNlJRfUAXkhukdjDg1EHGF%252b9luUuTH%252fEbKHniTzx4OvIWUnDvXcdpuEIAnW8mDJzMXpmxpl3nwtTqeQWMeSNzjute9yTZEU%252beQk498EMyU%252fuPUg%252fSOH5r%252fwjGCsPpm%252f%252bUA00SsNvWuDD0AbNIKYubFuNKQ3SX6N7M11wOksoUG%252fz9IheWtOawwl7F0lqN3xkTQhfiiHovdudAPiB%252fzt25Im27XxPQ9s1c%252bnOWOPh6m%252bvaCQcj6bcwkFbNl5Y1KL7XQvirYSFsNXnrYuQvTPMk1n5CRq6dxsl9FRGV9MMdrZduC%252bG4B0zxLA58d8fTW2zfEXnRcMTgQKLK%252fmeZT7K3wwAvQiA%253d%253d%3B%20expires%3DWed%2C%2009%20Oct%202024%2014%3A05%3A23%20GMT%3B%20path%3D%2F%3B%20SameSite%3DNone%3B%20secu	Get hash	malicious	HTMLPhisher	Browse	3.5.16.35
	https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzA1Mzk4LCJuYmYiOjE3MjgzMDUzOTgsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJpeHI5d3pqeGcwZnI2NGJjbGwycyIsInRva2VuIjoiaXhyOXd6anhnMGZyNjRiY2xsMnMiLCJzZW5kX2F0IjoxNzI4MzA0MzU0LCJlbWFpbF9pZCI6OTk2Mzg3MCwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTM4MjUsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj1TcHJpbmcraGFzK3NwcnVuZyslRjAlOUYlOEMlQjEifQ.HIDfaWGNVn-TCtUT4qZNHq7EdymoLEqvVA8XxZBU8z8	Get hash	malicious	HtmlDropper	Browse	23.22.106.69
	cenSXPimaG.elf	Get hash	malicious	Mirai, Okiru	Browse	54.29.55.83
	2UngC9fiGa.elf	Get hash	malicious	Mirai, Okiru	Browse	54.133.8.55
	0wG3Y7nLHa.elf	Get hash	malicious	Mirai, Okiru	Browse	44.194.145.148
	XvAqhy3FO6.elf	Get hash	malicious	Mirai, Okiru	Browse	54.87.50.193
	970Qh1XiFt.elf	Get hash	malicious	Mirai, Okiru	Browse	44.194.145.170
	https://t.dripemail3.com/c/eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiJkZXRvdXIiLCJpc3MiOiJtb25vbGl0aCIsInN1YiI6ImRldG91cl9saW5rIiwiaWF0IjoxNzI4MzEwODA2LCJuYmYiOjE3MjgzMTA4MDYsImFjY291bnRfaWQiOiIyNzYyNjA5IiwiZGVsaXZlcnlfaWQiOiJwODJtNGNzMzB4cXl2Zmh0NzQxaSIsInRva2VuIjoicDgybTRjczMweHF5dmZodDc0MWkiLCJzZW5kX2F0IjoxNzI4MzA5NzMyLCJlbWFpbF9pZCI6OTk2NDE4NiwiZW1haWxhYmxlX3R5cGUiOiJCcm9hZGNhc3QiLCJlbWFpbGFibGVfaWQiOjM5NTQwMTYsInVybCI6Imh0dHBzOi8vZGFpbHlhbGFza2EuY29tL25ld3M_X19zPWw5bzljOTZzbG8xZjF3aGFiODZrJnV0bV9zb3VyY2U9ZHJpcCZ1dG1fbWVkaXVtPWVtYWlsJnV0bV9jYW1wYWlnbj0lRjAlOUYlOTElOEMrV2UrTWFkZStJdCtFYXN5K0ZvcitZb3UrJUYwJTlGJTkxJThDIn0.MNRoosOspCCWwx3VuYY41W-crcEzfjjfIELlO_QMAdM	Get hash	malicious	HtmlDropper	Browse	23.22.106.69
	Contract_Agreement_Monday October 2024.pdf	Get hash	malicious	Unknown	Browse	54.227.187.23

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.22637258359057
Encrypted:	false
SSDEEP:	6:Hdc+q2PFi2nKuAl9OmbnIFUt8MkcZmw+MkcVkwOFi2nKuAl9OmbjLJ:jvdZHAahFUt8I/+Q5wZHAaSJ
MD5:	15E678DD85D579D8142FBB739D665070
SHA1:	22549706F7CC55FB148C4770FA15660211F50CC6
SHA-256:	02A8E5C639727AFE0D41526D14ED37512697DDD5BE425E00E5B2B6DE51676B9F
SHA-512:	10C09552A4D4C767FF743D1B6E93DD17E5ED2ECB5B6BB87A45D0C770534276C143AD90204DE56D9463183600346A4742F0FC2DC79ED8913116A8A513B15CC4E2
Malicious:	false
Reputation:	low
Preview:	2024/10/07-18:13:22.837 1f68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-18:13:22.841 1f68 Recovering log #3.2024/10/07-18:13:22.841 1f68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.22637258359057
Encrypted:	false
SSDEEP:	6:Hdc+q2PFi2nKuAl9OmbnIFUt8MkcZmw+MkcVkwOFi2nKuAl9OmbjLJ:jvdZHAahFUt8I/+Q5wZHAaSJ
MD5:	15E678DD85D579D8142FBB739D665070
SHA1:	22549706F7CC55FB148C4770FA15660211F50CC6
SHA-256:	02A8E5C639727AFE0D41526D14ED37512697DDD5BE425E00E5B2B6DE51676B9F
SHA-512:	10C09552A4D4C767FF743D1B6E93DD17E5ED2ECB5B6BB87A45D0C770534276C143AD90204DE56D9463183600346A4742F0FC2DC79ED8913116A8A513B15CC4E2
Malicious:	false
Reputation:	low
Preview:	2024/10/07-18:13:22.837 1f68 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/10/07-18:13:22.841 1f68 Recovering log #3.2024/10/07-18:13:22.841 1f68 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.206595755553757
Encrypted:	false
SSDEEP:	6:H4L4q2PFi2nKuAl9Ombzo2jMGIFUt8M8JZmw+MYDkwOFi2nKuAl9Ombzo2jMmLJ:NvdZHAa8uFUt8V/+T5wZHAa8RJ
MD5:	EE275B14AE2384411A983D853080DE21
SHA1:	2F2F5A1211EF0CF18B546465B6746D6C81E01DF1
SHA-256:	F0029089DEC10FB118A2BF74137CBB043CAFD2BF9D2FFDFD792D0C83CC1087AB
SHA-512:	698348AE3E85F71F03E901034669B2E936C12910B9331777ABF766DB6DBBD577F03858EE5FC9ACB7DCEF6986B1E0FDF7D5CA0B85162BD14E6C57751C62A4E3F0
Malicious:	false
Reputation:	low
Preview:	2024/10/07-18:13:22.857 1d04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-18:13:22.859 1d04 Recovering log #3.2024/10/07-18:13:22.860 1d04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.206595755553757
Encrypted:	false
SSDEEP:	6:H4L4q2PFi2nKuAl9Ombzo2jMGIFUt8M8JZmw+MYDkwOFi2nKuAl9Ombzo2jMmLJ:NvdZHAa8uFUt8V/+T5wZHAa8RJ
MD5:	EE275B14AE2384411A983D853080DE21
SHA1:	2F2F5A1211EF0CF18B546465B6746D6C81E01DF1
SHA-256:	F0029089DEC10FB118A2BF74137CBB043CAFD2BF9D2FFDFD792D0C83CC1087AB
SHA-512:	698348AE3E85F71F03E901034669B2E936C12910B9331777ABF766DB6DBBD577F03858EE5FC9ACB7DCEF6986B1E0FDF7D5CA0B85162BD14E6C57751C62A4E3F0
Malicious:	false
Reputation:	low
Preview:	2024/10/07-18:13:22.857 1d04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/10/07-18:13:22.859 1d04 Recovering log #3.2024/10/07-18:13:22.860 1d04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\03c8394f-7ae2-41e8-9590-95004dde780c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	476
Entropy (8bit):	4.96365226768736
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqlosBdOg2H9Zcaq3QYiubpP7E4T3y:Y2sRdsmdMH9g3QYhbd7nby
MD5:	70C54A3F82ACFAA2FB74DCA2C3692C87
SHA1:	4364CD3A84F04E1A3B0DB6DE90BB085DA18D818E
SHA-256:	7B27FBFFB7DF42491B5237E2616345D6153BED3429415FF635B3F1A9A80696F2
SHA-512:	7E4F78983681670E2CB9E9EC8B6529073AF5E9FF96532721C19A3FEFE960C6A12699A5635F2B33F6221EC1DA4AA597DC1DEA1793FB45AD4B01F54EF9BA07171F
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372899214218981","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":140116},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.10","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	476
Entropy (8bit):	4.96365226768736
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqlosBdOg2H9Zcaq3QYiubpP7E4T3y:Y2sRdsmdMH9g3QYhbd7nby
MD5:	70C54A3F82ACFAA2FB74DCA2C3692C87
SHA1:	4364CD3A84F04E1A3B0DB6DE90BB085DA18D818E
SHA-256:	7B27FBFFB7DF42491B5237E2616345D6153BED3429415FF635B3F1A9A80696F2
SHA-512:	7E4F78983681670E2CB9E9EC8B6529073AF5E9FF96532721C19A3FEFE960C6A12699A5635F2B33F6221EC1DA4AA597DC1DEA1793FB45AD4B01F54EF9BA07171F
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372899214218981","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":140116},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.10","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4288
Entropy (8bit):	5.230319021948648
Encrypted:	false
SSDEEP:	96:wshFT0h7cA4YC2EVPCqY35NEmNOYcGPtqKYSEVIA3CbEO5LbEZ:wshFT0h7cZb2EVKZPEANcGIK5EVIASbs
MD5:	11510D4C457EFDA4D1B26569A7D6DDEB
SHA1:	F3E05545B7CA7438924C9491DC93F6878D136A83
SHA-256:	E67311A4DED4A5007389BEC0CEF3078CE6CAE3E7ABB07D1654C7DC2F3F450161
SHA-512:	456EEB276FEEA1A55DDA6459B12ED2878C34CE2F432B9D3B7312048F107825D0DD2247505EEF6BAA1CB5F49F9ED3FC3B098F544066D23AAAFD99CC5C9CCF074E
Malicious:	false
Reputation:	low
Preview:	*...#................version.1..namespace-#..o................next-map-id.1.Pnamespace-03b00fbd_48ad_47b1_8693_0d5562b6d54b-https://rna-resource.acrobat.com/.0..QRr................next-map-id.2.Snamespace-9efb0a2e_bf8a_4008_b12a_325311a763d0-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-493a2582_fd2f_403f_a0b6_bf623eaab337-https://rna-v2-resource.acrobat.com/.2%e.o................next-map-id.4.Pnamespace-285943ad_4ed5_46fb_8713_f1874054bf05-https://rna-resource.acrobat.com/.3nU..^...............Pnamespace-03b00fbd_48ad_47b1_8693_0d5562b6d54b-https://rna-resource.acrobat.com/"..C^...............Pnamespace-285943ad_4ed5_46fb_8713_f1874054bf05-https://rna-resource.acrobat.com/....a...............Snamespace-9efb0a2e_bf8a_4008_b12a_325311a763d0-https://rna-v2-resource.acrobat.com/.+;\|a...............Snamespace-493a2582_fd2f_403f_a0b6_bf623eaab337-https://rna-v2-resource.acrobat.com/....o................next-map-id.5.Pnamespace-10b75d2f_11e7_4fa3_ae23_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.200731505749558
Encrypted:	false
SSDEEP:	6:HW7H4q2PFi2nKuAl9OmbzNMxIFUt8MW0HJZmw+MWgDkwOFi2nKuAl9OmbzNMFLJ:2kvdZHAa8jFUt8z0p/+zO5wZHAa84J
MD5:	B9B500569888D3501A143A91FFD97BF4
SHA1:	CD0319E9DD049C74B0544AE890C2E9538D92387B
SHA-256:	CB8854BE4AA51EB1AF5D55077FEDA03C1C67459EE7C76C6774F48B8476FE7ED6
SHA-512:	975AC532ED4859D10DACAC3357BC8691F37E5876236BA73FC9144EDCAD3C1106945AE9562650256A462627F57DAF0A810F0BE0BB068BFB886D299EDF2E8F6809
Malicious:	false
Reputation:	low
Preview:	2024/10/07-18:13:23.263 1d04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-18:13:23.264 1d04 Recovering log #3.2024/10/07-18:13:23.266 1d04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.200731505749558
Encrypted:	false
SSDEEP:	6:HW7H4q2PFi2nKuAl9OmbzNMxIFUt8MW0HJZmw+MWgDkwOFi2nKuAl9OmbzNMFLJ:2kvdZHAa8jFUt8z0p/+zO5wZHAa84J
MD5:	B9B500569888D3501A143A91FFD97BF4
SHA1:	CD0319E9DD049C74B0544AE890C2E9538D92387B
SHA-256:	CB8854BE4AA51EB1AF5D55077FEDA03C1C67459EE7C76C6774F48B8476FE7ED6
SHA-512:	975AC532ED4859D10DACAC3357BC8691F37E5876236BA73FC9144EDCAD3C1106945AE9562650256A462627F57DAF0A810F0BE0BB068BFB886D299EDF2E8F6809
Malicious:	false
Reputation:	low
Preview:	2024/10/07-18:13:23.263 1d04 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/10/07-18:13:23.264 1d04 Recovering log #3.2024/10/07-18:13:23.266 1d04 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007221328Z-223.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.8248418584756152
Encrypted:	false
SSDEEP:	192:6wZYG272cbdrpnqYYU28Y8AVb1GarWhRn93dhOkAiRr5bolZKwE:JWKcprpvp2nVYar2bQ1sTT
MD5:	855B1B69058F487CCCFC29757ECF53C1
SHA1:	F212E8690D811C93492EB9F2EC2F979BA8AACA41
SHA-256:	751DD61E955D7F5EBB0500D3C7381AC645B6A10E80D138B4E8E04D7B7E9AEA23
SHA-512:	973454C8287FD5F9AE86B7DC16E4084D928AA7E48C4F4CBFEBC61FBADCA8FD8296AAC0BC8DF1FB7D1265B320D723D00DEA19C07F0BE111EF2477403841CEC2F0
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.438900913439243
Encrypted:	false
SSDEEP:	384:yejci5GAiBA7vEmzKNURFXoD1NC1SK0gkzPlrFzqFK/WY+lUTTcKqZ5bEmzVz:0surVgazUpUTTGt
MD5:	C6A936A445A2987130555CCB03E52E96
SHA1:	D8E5D11BA78BD735EAFAA858F5DFDA92B31327D6
SHA-256:	EDF3EE38F9A0FFAA38E7636E1728D7F5F71C526689CC715CB8BC4B81FAD49EB2
SHA-512:	2BF5A8665AAE85B6EA3EAC0DBE77A865AFE647D2F42368392AD04FF9856B69D15E65B76F73F6CE3BDA05125DE49A1F1162FCC1436519E511FC37E7A8891B9245
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.775632650147992
Encrypted:	false
SSDEEP:	48:7MBp/E2ioyVO7Rioy5oWoy1CUoy1d7aKOioy1noy1AYoy1Wioy1hioybioyn7OoG:7upjuQJfXKQ7lb9IVXEBodRBkr
MD5:	4BF3F4D290D304C5C42D9A16A1D7CD6B
SHA1:	AB8DF5FB0400050C7BEC453B6BB80B58BC172317
SHA-256:	ACEF77D0AC35EDF1F1DD2A254A0F922F06EC063AF0B33B8577F8C1189CF8687A
SHA-512:	131FB9BE524E3E473849E6E35A2D8DEF75769764F1E6F3506B26A27487A7E1C828E136B37D36C41BD6CA4A17624E91EC5D376543850011E55E2EA680ED1186D7
Malicious:	false
Preview:	.... .c.....M..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:	24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.7673182398396405
Encrypted:	false
SSDEEP:	3:kkFklfu3VvE/XfllXlE/HT8kzJXNNX8RolJuRdxLlGB9lQRYwpDdt:kK53Vv9T8INMa8RdWBwRd
MD5:	35892A06274941F443286CB950D26B24
SHA1:	96747A568BA4ED56B564F27CEC1A94C5E886DCA3
SHA-256:	86B7BB4DF6A3D1D4A6E3F2AA283D3162E72BC8176706F00FDEF4C1C1C101AA88
SHA-512:	025680BF34AF8EBD2303C9BAE029014F793FD9C4AB0A8BD5A2A5CEEC79AC6F1AA669012534A6CD6C351EDD6818BC7A7C58502B8C6915DF34DD778215DD95D236
Malicious:	false
Preview:	p...... .........K.$....(....................................................... ..........W....,J..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.245596380966818
Encrypted:	false
SSDEEP:	6:kKTFvi9UswD8HGsL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:LpdDImsLNkPlE99SNxAhUe/3
MD5:	2CD123F3D5EA1B8B8C13E366E5EE50E2
SHA1:	4FD857CDC87D62686B8790F635229EFD95389FE9
SHA-256:	F13165490B21B77E56D0F07C25D70C94E5E5687D460A015E4987D70854D5FEEE
SHA-512:	8209210C1A998DA250527F6AADD882307F7512F9405F5FB14539D3D1F4A6FEB83411657E7E655202CD203B169893385155804D8D744417A6BA52B7328E707227
Malicious:	false
Preview:	p...... ..........FH....(....................................................... ........G..@.......&......X........h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.317949032369587
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJM3g98kUwPeUkwRe9:YvXKXuSIEIepUTbdj9YOGMbLUkee9
MD5:	156756597EE819A908D04EC0EEDABF1E
SHA1:	EA31A5ADB81FD7D4165B69B016C5403AF899F16A
SHA-256:	FE0959DA193CBCFC0D9BB144FB448BACBB8B7C64CF284A2B5649C63EA3D250F2
SHA-512:	534C72E6F7CA268099B30C846B298D019E16B0689CFA9324E44C63ED1CF085175598878DC1971B11F35D955FF2B0B47148E2E3DFFD145F7C1C05308A2553C501
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.252767556203166
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfBoTfXpnrPeUkwRe9:YvXKXuSIEIepUTbdj9YOGWTfXcUkee9
MD5:	EC17936CB0E243AE7EC1F0995E0D936E
SHA1:	BE56C23035B1D8485E1386460725EA32590B6BD5
SHA-256:	A790E45CEF21EFF9B24A1547CF95C2E0A7A7A50D1A81D0282FF7F1D71B71A949
SHA-512:	2CD3F11441B26D41FAF9898DC3A375658F51E6AA86763BB4466C2864F2349BD7E48E2857C2551F3E6397BA47A2F9B70B663457FBEBADBFD13B7D78542A339D47
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.231762591598242
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfBD2G6UpnrPeUkwRe9:YvXKXuSIEIepUTbdj9YOGR22cUkee9
MD5:	94A9E4E3460576F457254D2CC5147324
SHA1:	6963E7208F7DF2DB70DB72B083248291E450C306
SHA-256:	E0A63B2DFE9D6EFD16A3BAFDF64F1483690EB0117B745EF2E71C9A59F8C4D0FB
SHA-512:	97DDDF568D4550FF8B70F6C04EBFB1907BA2D0FA82C16057E9220EF9C90EDCF4D59475B684BCCEA33B6D114E6038A0C3A9D381DE83A3E5E868ADF61B3853DDFD
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.290634256155101
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfPmwrPeUkwRe9:YvXKXuSIEIepUTbdj9YOGH56Ukee9
MD5:	FF8FD18F82EA32BF9C1B40C6678BD4A8
SHA1:	5956A8BBE5EE0B99522CB6162D0A099AF8FBB38F
SHA-256:	9CAB61D8F4873430A7493C61C67E0716EC5E3756A0B86EA94EA70A6E617F5898
SHA-512:	400513BFE9FE9C46A0733A28ADB4847C3941795FA30FA836D4AE46D2F5C2ECC8EACB442F111BC7910F0D32243F5772126778EEAFA6F24E0B52CF29010D013C5A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1091
Entropy (8bit):	5.674998432696746
Encrypted:	false
SSDEEP:	24:Yv6XsCpUXIpLgE7cgD6SOGtnnl0RCmK8czOCYvSFL:YvVCwIhgs6SraAh8cvYKFL
MD5:	CAF01D3FE4E950AC8697ED68B0C00F99
SHA1:	51AAD3C16DCEA60154D7A7B3C16E4B6C80D63E57
SHA-256:	8FB8302F44A4D3EBEABDC36924A8990FEA4B54AC925FF336F53D3AA8585E5A2A
SHA-512:	FD62F50DE6979D8DA38A34EC1BF7AB7D56C572B36CED5FA1037CD574161283A2ED2467464AFC6476FF6B7A4C29D846E783442DCF6E97B979F546544A476F5CB4
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_2","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"67a3a874-888f-4d96-9f3d-26e70c3e0be1","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgUERGIGZpbGVzIHRvIE1pY3Jvc29mdCBXb3JkIGFuZCBFeGNlbC4ifSwidGNhdElkIjoiUkdTMDM1MS1FTlUtQ2hhbGxlbmdlcjIifQ==","dataType":"ap

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.643576315509735
Encrypted:	false
SSDEEP:	24:Yv6XsCpUXaVLgEF0c7sbnl0RCmK8czOCYHflEpwiVoL:YvVCwaFg6sGAh8cvYHWpwFL
MD5:	FD97DFA7C6DF4F6A00F801BF5C3B5C96
SHA1:	7705DF989B630D42E8FBCB743BB23A251C737BA9
SHA-256:	8CCDE265FFE967126B351D6E1AB764F2A39D1499F78404DDE373C035A2F2ADC6
SHA-512:	1513DB3218056DD39C74628561A65FFE37F4F6A668112A63794B4751481D9BA64FF7F23B0E890F488BCC1F6B77126A42C561010DA9410C4EFB6F84259782F17E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.234987033794727
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfQ1rPeUkwRe9:YvXKXuSIEIepUTbdj9YOGY16Ukee9
MD5:	59A53DA2A8D16CF8C134521318E356AB
SHA1:	291C2DA0EA3BDAF873175BC33478DB5113CBDD19
SHA-256:	C957DE0A5F02F2382C4F99E19DA22D2EF995C58EC24E73886AE5AFC11F1F95C6
SHA-512:	344D53E54561798CF4D00187CEA203C69A9F59BB6AF3AEC9D06B7F40E5E32270090957A5E885CE42CEC6FAAD9D07738B1FBD0CF41CD6BF7F4B435963E5D67074
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1098
Entropy (8bit):	5.677353132947125
Encrypted:	false
SSDEEP:	24:Yv6XsCpUXH2LgEFcs2SOGt0nl0RCmK8czOCUaBtCrfSFL:YvVCwHogq2SrhAh8cvUgEmFL
MD5:	4D2855122F2DDBE8897898AB348C61D6
SHA1:	5CF093BE8122299A7145F9E90FE72FA890B4A4A2
SHA-256:	7D42758AC0B1FFA4AE1B36E90DD83D976C075AF583C21643AC6BB81C132091F9
SHA-512:	7D5E2E3E038D6FA9CA4A9A88262D1CA808EA63CDF7AFD4CD59D631647DBEF584C98C717679F84429AE75BB1277D9409ECEB764AFBA06AFA1346C86F290658A5F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_0","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"abdf1d9d-2114-4953-95a6-4eed783b9872","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlR1cm4gc2Nhbm5lZCBwYXBlciBkb2N1bWVudHNcbmludG8gaW5zdGFudGx5IGVkaXRhYmxlIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataTy

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.689466715913107
Encrypted:	false
SSDEEP:	24:Yv6XsCpUXrKLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5oL:YvVCwrEgqprtrS5OZjSlwTmAfSKWL
MD5:	171DDEC955620A8F8BF3A8BCF0D8D92B
SHA1:	1FCC0B471DDF34FF61662DA8A7E2DDFB0BA6B9D5
SHA-256:	DA5C91A751232AB0B3C874DFA5EE9045E19DEDB4CC36582D16A2BC6803AF62DD
SHA-512:	629C7FD37130F16F6560209C9730F49B064E2070375D1B024A771A79DB24981682421F2CD22789456F324798921B77E314E2725B79DED741BADFD390F3B8BB5F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.237214500764636
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfYdPeUkwRe9:YvXKXuSIEIepUTbdj9YOGg8Ukee9
MD5:	2A994D7229D0F13D5776B446CF206D4B
SHA1:	CD20023C92461E1045075252746F38547C7D33A8
SHA-256:	9DFC7A689B5E17BAC0DCF03304469399CCF020EA5ADE678838C7FEA750550421
SHA-512:	0DDA6755F656E1D055A92B860D4043792E375B3FA1604653837A61DEBAA5829CA3D2834018719ADF2A41DA03B7F9EFD9DA38FF15A823639F1CAB6D5E4B2433B7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.771725491813282
Encrypted:	false
SSDEEP:	24:Yv6XsCpUXWrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNwL:YvVCwWHgDv3W2aYQfgB5OUupHrQ9FJWL
MD5:	2D98D3E335E1085BD4697969886E6E8E
SHA1:	D1C80B2D1E75A205BC3E70D810AFB33339CD68D0
SHA-256:	392611AE8303B8E052340BDD635BD7A9DEF6F793C1E26D760D5ADE50CCCD2503
SHA-512:	43D31A3D2706DE8AD55ADDA46FD42E3059B28841772B7D6D2C88F823E8C8054C15CD4ABA6A378EA7BEF19D295E538F2A06324E0D56C89319BD885EEA333C6280
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.221193113897162
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfbPtdPeUkwRe9:YvXKXuSIEIepUTbdj9YOGDV8Ukee9
MD5:	53536CD94078586F676423BC2FE9F6EB
SHA1:	43C5C215CF3E0D3B369F779CB13487C09AA552B9
SHA-256:	2F686A740799A70A40AF6D3AF3BEA3337D76DD158DED8959F6F1A0A260043212
SHA-512:	26342A923037495943BC3F6E6BDA62DE05BB5B0C03E5B9E695D3E5F57CB6B7675D9EED0A8C3633168CD251E685656A315FC11889168BA976BEA68C4B88AFF836
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.224545357228008
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJf21rPeUkwRe9:YvXKXuSIEIepUTbdj9YOG+16Ukee9
MD5:	9C1A99EF9CD767E9755020E05707B99E
SHA1:	D108DCA59DE65DD1B0C3311A1304719A38EF7CCC
SHA-256:	F5FF9B487305D6D7A4892BBF1FA2B86F269619D6E0611E9A42A5EBBB25D9D5D4
SHA-512:	B803EF03A232267A50F49D0CFE4D4CDEB34593B462C65556F68C8A39FC2DC64CDC0B63AF8A91C288A13D84A67A2B8C48CA14890D3AD81572119CF25E7D41748C
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1054
Entropy (8bit):	5.658106577867569
Encrypted:	false
SSDEEP:	24:Yv6XsCpUX8amXayLgE6cTg4QSOGtNaqnl0RCmK8czOC/CrfSFL:YvVCwaBgSXQSrOAh8cv6mFL
MD5:	A6DF71FE9FE1791BEA87074025440CA9
SHA1:	F3030E7BEA79D2B25BA8D986F298BC873E17E4A4
SHA-256:	398C028A08F17CCEEA8B19EDC73B4EEB5720B218833C92359B9733386435223E
SHA-512:	1F0DEA3062DCCEE895AB73C4DC39FDF86CF299C827B67BF64ED18BBC3FAF3498BF307D9358D34E0273D046DB1A6FCD8C034683F3A2C1D7EC316F8C959408CA4F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"89628_281075ActionBlock_1","campaignId":89628,"containerId":"1","controlGroupId":"","treatmentId":"7fe39695-394c-4706-9b50-651e7499d428","variationId":"281075"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVhc2lseSBmaWxsIGFuZCBzaWduIFBERnMuIn0sInRjYXRJZCI6IlJHUzAzNTEtRU5VLUNoYWxsZW5nZXIyIn0=","dataType":"application\/json","encodingScheme":tru

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.200136948038281
Encrypted:	false
SSDEEP:	6:YEQXJ2HXuSIEWAW/WpUXjb24kF0YGBNXXNYxoAvJfshHHrPeUkwRe9:YvXKXuSIEIepUTbdj9YOGUUUkee9
MD5:	8E76CE042801F3267DF238E0738A3AD9
SHA1:	F70D6F5C0F69D367326E22C2A52590A760019AAA
SHA-256:	9563D31F9CA2DEE1E87E864A57F01FF0ECC44592820F0F210C29A75C17E02741
SHA-512:	2C279194D531BF76A8AA05E48EBEC5C11C922785C041BFC27642D024E91E9A4B519BD5D96797A5F2EB170E7EC55736EAF6ABE0A89F088BCA1AC4CC75ABD450B7
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.354287238470352
Encrypted:	false
SSDEEP:	12:YvXKXuSIEIepUTbdj9YOGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWo:Yv6XsCpUXj168CgEXX5kcIfANhFL
MD5:	2C3818484D85A366BF49281A6DEDB213
SHA1:	8431C1F1F4AD694F9DC339A5362F35914EE9187A
SHA-256:	AC0C02A89F67EC5D6FD4A146BD6CA08E13943CE0AA2A03A9C71C59A47F1A0B05
SHA-512:	403868F9FB398DAEC6663B9176306F6C1959D60E9AC13486BE2F31F06E44F5D7AE01FB1FCDD4E8A465A65EF88BB03C07D33C60A672F8EF8C8A1904CD94373789
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"baf7d1a2-a2c6-445a-a1e6-25f64488bef8","sophiaUUID":"6124E582-3DD2-4C2A-B4CB-31313081B829"},"encodingScheme":true,"expirationDTS":1728512822361,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1728339212391}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.124011933876252
Encrypted:	false
SSDEEP:	48:Yc8LroqywrNpHY2B4zyllRT460s9A+qrc+RvcAcdr9Yb8rvhb:p8L0qywR+2ByyllRT502A+ENRvcAUY4d
MD5:	D43932329D6148121412CE08EB7503B6
SHA1:	B38D9199CB97DC8D2B81D43A262F4BB88B11DE3D
SHA-256:	7CC5CA7D0ED25B2C3AFFE94CD7E6303A2BCF595460C65E61C6B4C1C70F1A2F19
SHA-512:	E2D27CC65FE708526CF6EE93B44510C94A7D404DEEC8F4D5537E40CD8C190164D3B9C0907E3A4FE47A7E9E490941D2C1505B31C26FA1C7959CE9A8513418B7A4
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"8c66828915cfffa1f647ff011b5ceb44","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1728339212000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"a6e759dd31f14282aae38848e8e8e10e","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1728339211000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"57046ab444c678e5082e2934df8d4cd4","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1054,"ts":1728339211000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"32b80dae8ed3b7ee992b708bbd2092ff","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1091,"ts":1728339211000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"98469fcd424af7f0a03f4c7af945b771","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1098,"ts":1728339211000},{"id":"Edit_InApp_Aug2020","info":{"dg":"9d06e589c75f46c906ccc7f9639b3291","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.319942879490517
Encrypted:	false
SSDEEP:	24:TLKufx/XYKQvGJF7urs9O3KaiZ3FL63FLesb+sZobF16R6FdpqpQ6YmOVw+EXSqF:TGufl2GL7msUKB0M0+Tb608YxVFr5VM
MD5:	504AF27AD6A00A968347263517FF4078
SHA1:	80368CFF1F861712B7A23F03489ECF2C214552C6
SHA-256:	A356BA88FAC78CFA8167A7EBF39A04636E96999311DD0BC4798921C1CBC9C3A1
SHA-512:	33900205633DD1DFD64E878EB38B121406D7E24FF8377A42A3EB1BCC4E51BEE54225F65FECCFD351409162DB6C20F1F3DA7BDE0AE9727BF88056534EEB78F663
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.7810568365070925
Encrypted:	false
SSDEEP:	24:7+tPl3KaiZ3FL63FLesb+sZobF16R6FdpqpQ6YmOVw/EXSqXlyGKaiKqLhx/XYKl:7MhKB0M0+Tb608YxVIrGKWqFl2GL7mst
MD5:	7C0DCD686082D40F96AD791C459C3180
SHA1:	DAF02ADF4671940036EC055C577424A8CF117750
SHA-256:	21958440408B99F7BEBF27514013599CE564592815B1C5B5E7192B5A353D5EC9
SHA-512:	F9D48A890770A576A428E5BAD30D76F4DF660F449291E11D03E585C4722D2F08D3EA4068BD96AA9E51153F4B1CEE43D73CFC88C74735AED73864D54F33580AA2
Malicious:	false
Preview:	.... .c.....)]Q...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^.p.p.p.p.p.p.p.p.p.p..........................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI3dda8.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5162684137903053
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8yQRqFGlVwlYH:Qw946cPbiOxDlbYnuRKTAAlYH
MD5:	317E55C0C297CBE85DF1BB18435FF635
SHA1:	11E2AF2E2B319AE8726343C862E5E3B3D42AE0F6
SHA-256:	695D15086D462EEAED0ADB1419FE6810F1ABB084AA62F0DB8D214BEFF72B0A50
SHA-512:	8DD8DC6607A0A5F1A963A05F3BD48E0005F009ADC61DEFDFE37DF454C5F7C7F1EA7DF05968F9D47C4F0199747874D6E6217145E9006A4B0F191A211830B0F1D6
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .0.7./.1.0./.2.0.2.4. . .1.8.:.1.3.:.3.0. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-07 18-13-25-021.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.361022727805069
Encrypted:	false
SSDEEP:	384:cBD67lQV4j1MOuD/btX+wknz+fzTqyorqz3tVFr84AbAYpfFWbWt+Fjwn0z5O+Wf:4M5
MD5:	70A2D078BEFD5E910EE035832171B399
SHA1:	1AB91914ECD7852E512C73437D30013594A16FB0
SHA-256:	2B55DE84E5446FD295128DAD5827122E98AC784F96A1F422B711B14E8F7DB1ED
SHA-512:	9FF36D4E320A8791AB0B87F24CAB4CBE777D9E8A3A64D26AF419132CDFDFCCD9A253EE9854032C4C87C546187951077F869CBCBDC9513278C557FC4895C7DBBC
Malicious:	false
Preview:	SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:158+0200 ThreadID=4884 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=1936179e-ff16-44f8-b471-8d99801d7fe3.1696501837158 Timestamp=2023-10-05T12:30:37:159+0200 ThreadID=4884 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15114
Entropy (8bit):	5.345334089544964
Encrypted:	false
SSDEEP:	384:v3FuNjgb749PoNBViE6/LhQBVe/fjPL1Ebi8+fpqP0XMOOdp5yraH8HOvi8kjowW:bfp
MD5:	9E12C7F77CCFD791905AC6E9E8E7C837
SHA1:	CBBE29D7D45AE632D181CB9D22697D3B9AC209B2
SHA-256:	32ED598EB32319BAE2DDE6BBCDF0C360D39536456C58A2F5D0D2F284FB0C3ABE
SHA-512:	C674C93EADC9A0B2E3D238C380A78AB84F37EF1C6CCB994CA724598C535F87D967034787B32573D5D51FCD9191B9C5DEAD129B961D8781648581BAFB2AE93531
Malicious:	false
Preview:	SessionID=f1440b7c-1158-482c-9cc1-7bcca2a8d455.1728339205030 Timestamp=2024-10-07T18:13:25:030-0400 ThreadID=7988 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=f1440b7c-1158-482c-9cc1-7bcca2a8d455.1728339205030 Timestamp=2024-10-07T18:13:25:031-0400 ThreadID=7988 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=f1440b7c-1158-482c-9cc1-7bcca2a8d455.1728339205030 Timestamp=2024-10-07T18:13:25:031-0400 ThreadID=7988 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=f1440b7c-1158-482c-9cc1-7bcca2a8d455.1728339205030 Timestamp=2024-10-07T18:13:25:031-0400 ThreadID=7988 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=f1440b7c-1158-482c-9cc1-7bcca2a8d455.1728339205030 Timestamp=2024-10-07T18:13:25:031-0400 ThreadID=7988 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.405339044911054
Encrypted:	false
SSDEEP:	192:zcbaIGkcbIcbiIICcbBOQQ0fQNCHPaPOhWPOA3mbSAcbsGC9GZPOdIzZMJzV3Zmk:EGvIcNYd8Cz
MD5:	223CB09DC09B3FD5F25E4A6E7CBD3903
SHA1:	CBC57DDFE6679B73D7BF7ED0E65779B3BA605414
SHA-256:	2577E004F9822918797ECDE62AD1234746858569823DAD3519499B523DF3B184
SHA-512:	84BEF5AF6EA1C3023BA3F9B279B50EFC5997792F471E8AB16FA6112DD293971D2DD710D417608C3170FAD0C0F568410E8C81003A06E677353287FF299898B4B7
Malicious:	false
Preview:	05-10-2023 11:50:33:.---2---..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : *************************************..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : ***********************************..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : Starting NGL..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..05-10-2023 11:50:33:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..05-10-2023 11:50:33:.Closing File..05-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\1d145690-a831-4b1f-a5ef-d6f9bc9ae44c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\9b8b9ac1-6cb4-4809-9e06-0042473971f4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\be5a755f-f2f1-4e9d-a393-c17a010194c2.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/pwYIGNPQ9WL07oXGZfPdpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:xwZG29WLxXGZn3mlind9i4ufFXpAXkru
MD5:	17A4D09E4373155D739D65D37FDD108E
SHA1:	88ABEDA0447CCB031DD1D459657336A3FC50E486
SHA-256:	36FC00DA4B14D66BF783B992AC62C7590237C315B55D28A07A1B2E8678F918E3
SHA-512:	B95D3AB00F85EE3C41F813755485CF6B5C7A57F3DE9ACEF2DD2B0BDB3644580D36B43E5F44F5D9120FAD2AE128E7D69EFF2A9C58690B7162C20C497A24C88498
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\c37667de-4f2f-46be-9f79-947b19ebcf9f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

Static File Info

General

File type:	PDF document, version 1.7
Entropy (8bit):	7.987974165761141
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Usc credit Union Bank Letter- copy.pdf
File size:	416'762 bytes
MD5:	b0c27a59f6b7246a6ccd99bd675d66f6
SHA1:	478c5f6502d7e529e13a5a6c902eb00765dd594a
SHA256:	93235fca9fbe77a4dc06e55dbc89b657a852a19045d1c04b7d7df7f09c6adb36
SHA512:	640a28944b65183f9018ff703f2d5f9f615af4b96846b5c5210afd1a184f1305710eba2f52a1797c711e9fe455e373ec655303cef2b5d8a3a5efd422ed04a44f
SSDEEP:	12288:iOZjFngPuDIdCHsRWBVoaG+EBS6bo1BSXBSeYpOFyDkiH:bnMuDIdCHsRWBV3G+uIN/DhH
TLSH:	83941243DA5689DFD84197B0BE091B9BCBCCDB650A4031FB143D1BAB3698E204E5A4FD
File Content Preview:	%PDF-1.7.%.....2 0 obj.<<./Pages 4 0 R./Type /Catalog./AcroForm 5 0 R.>>.endobj.8 0 obj.<<./Filter /FlateDecode./Length 10.>>.stream..x.+......\|..endstream.endobj.9 0 obj.<<./Filter /FlateDecode./Length 10.>>.stream..x.+......\|..endstream.endobj.10 0 obj.

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.987974
Total Bytes:	416762
Stream Entropy:	7.991167
Stream Bytes:	407325
Entropy outside Streams:	4.886480
Bytes outside Streams:	9437
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	107
endobj	107
stream	104
endstream	104
xref	0
trailer	0
startxref	1
/Page	0
/Encrypt	0
/ObjStm	2
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
87	1240732b6b560040	a69d0532bc2c05c78b5a907d596f2413
88	da1a783c8591b455	067b5c17fe3011308ed150711a0eb128
89	0034f8ccca9a9000	c961636c7d02846f250bc2b4cbdc0c3e
153	0000000000000000	dc27b7d5aa6ff1e9defa5414c01c8366
155	0000000000000000	4747d3ac4b98c57c7d68249f67758a9c

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 00:13:31.002424955 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.002468109 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.002580881 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.002872944 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.002887011 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.544830084 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.545401096 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.545417070 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.546727896 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.546830893 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.546842098 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.546941996 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.549340963 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.549459934 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.549602032 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.595403910 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.600425005 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.600438118 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.647408962 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.699064970 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.699142933 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.699328899 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.701833963 CEST	49715	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.701854944 CEST	443	49715	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.704221964 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.704278946 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:31.704355955 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.704644918 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:31.704660892 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.237495899 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.245929956 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:32.245944977 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.247200012 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.247276068 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:32.247287989 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.247328043 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:32.248188972 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:32.248421907 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.248464108 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:32.248470068 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.293263912 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:32.293294907 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.340142965 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:32.593569040 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.593599081 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.593605995 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.593688011 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:32.593729019 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:32.593770027 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:32.603733063 CEST	49718	443	192.168.2.10	23.22.254.206
Oct 8, 2024 00:13:32.603768110 CEST	443	49718	23.22.254.206	192.168.2.10
Oct 8, 2024 00:13:35.143085003 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.143126965 CEST	443	49722	23.217.172.185	192.168.2.10
Oct 8, 2024 00:13:35.143234015 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.143776894 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.143790960 CEST	443	49722	23.217.172.185	192.168.2.10
Oct 8, 2024 00:13:35.708126068 CEST	443	49722	23.217.172.185	192.168.2.10
Oct 8, 2024 00:13:35.711494923 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.711509943 CEST	443	49722	23.217.172.185	192.168.2.10
Oct 8, 2024 00:13:35.712634087 CEST	443	49722	23.217.172.185	192.168.2.10
Oct 8, 2024 00:13:35.712707043 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.765198946 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.765397072 CEST	443	49722	23.217.172.185	192.168.2.10
Oct 8, 2024 00:13:35.765466928 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.807401896 CEST	443	49722	23.217.172.185	192.168.2.10
Oct 8, 2024 00:13:35.809092999 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.809108019 CEST	443	49722	23.217.172.185	192.168.2.10
Oct 8, 2024 00:13:35.855951071 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.865446091 CEST	443	49722	23.217.172.185	192.168.2.10
Oct 8, 2024 00:13:35.865566015 CEST	443	49722	23.217.172.185	192.168.2.10
Oct 8, 2024 00:13:35.865658998 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.866332054 CEST	49722	443	192.168.2.10	23.217.172.185
Oct 8, 2024 00:13:35.866349936 CEST	443	49722	23.217.172.185	192.168.2.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 8, 2024 00:13:30.598617077 CEST	50218	53	192.168.2.10	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 8, 2024 00:13:30.598617077 CEST	192.168.2.10	1.1.1.1	0xc695	Standard query (0)	x1.i.lencr.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 8, 2024 00:13:30.607825994 CEST	1.1.1.1	192.168.2.10	0xc695	No error (0)	x1.i.lencr.org	crl.root-x1.letsencrypt.org.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 8, 2024 00:13:31.379192114 CEST	1.1.1.1	192.168.2.10	0xd1f7	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Oct 8, 2024 00:13:31.379192114 CEST	1.1.1.1	192.168.2.10	0xd1f7	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

https:

p13n.adobe.io

armmf.adobe.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49715	23.22.254.206	443	7304	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:13:31 UTC	1353	OUT	OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-key Origin: https://rna-resource.acrobat.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-07 22:13:31 UTC	572	IN	HTTP/1.1 204 No Content Server: openresty Date: Mon, 07 Oct 2024 22:13:31 GMT Content-Type: text/plain Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id X-Request-Id: kmt6Zocv2i1zHL2B1eEzWyFV4DAYXjx5 Strict-Transport-Security: max-age=15552000; includeSubDomains

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49718	23.22.254.206	443	7304	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:13:32 UTC	1473	OUT	GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive sec-ch-ua: "Chromium";v="105" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 x-adobe-uuid: 79164422-1e43-4f8b-9b29-d5ef60e753c7 x-adobe-uuid-type: visitorId x-api-key: AdobeReader9 sec-ch-ua-platform: "Windows" Origin: https://rna-resource.acrobat.com Accept-Language: en-US,en;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br
2024-10-07 22:13:32 UTC	608	IN	HTTP/1.1 200 Server: openresty Date: Mon, 07 Oct 2024 22:13:32 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 6385 Connection: close x-request-id: aEHcYdP7Kd8BgjiGbrkEsBdeEtOvjDlC vary: accept-encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id Strict-Transport-Security: max-age=15552000; includeSubDomains
2024-10-07 22:13:32 UTC	6385	IN	Data Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30 Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49722	23.217.172.185	443	7304	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-07 22:13:35 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-10-07 22:13:35 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Mon, 07 Oct 2024 22:13:35 GMT Connection: close

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 7772, Parent PID: 3968

General

Target ID:	0
Start time:	18:13:20
Start date:	07/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Usc credit Union Bank Letter- copy.pdf"
Imagebase:	0x7ff64eb90000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 8012, Parent PID: 7772

General

Target ID:	2
Start time:	18:13:22
Start date:	07/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff63ec50000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 7304, Parent PID: 8012

General

Target ID:	4
Start time:	18:13:22
Start date:	07/10/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2256 --field-trial-handle=1508,i,6368692328044894760,13148700040641484884,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff63ec50000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Usc credit Union Bank Letter- copy.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\03c8394f-7ae2-41e8-9590-95004dde780c.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241007221328Z-223.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Windows Analysis Report
Usc credit Union Bank Letter- copy.pdf