Edit tour

Windows Analysis Report
2751726_2359360_Confirmation_Letter.pdf

Overview

General Information

Sample name:	2751726_2359360_Confirmation_Letter.pdf
Analysis ID:	1432114
MD5:	052941218142e98f29f40b8f713df627
SHA1:	897fe6954b612f46dc4277cf77cbcd386f2d5ec3
SHA256:	665d45d4b4ac02dc33b7c98dd1a0b05a145b8bdc96c6e23996a2f19f9f3e58dc
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

IP address seen in connection with other malware

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w10x64

Acrobat.exe (PID: 4508 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\2751726_2359360_Confirmation_Letter.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 4292 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 4320 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1648,i,2299410425946571322,14647256495210331629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443

Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49711 -> 23.193.120.142:443
Source: global traffic	TCP traffic: 23.193.120.142:443 -> 192.168.2.5:49711
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49713 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49713
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 192.168.2.5:49714 -> 52.5.13.197:443
Source: global traffic	TCP traffic: 52.5.13.197:443 -> 192.168.2.5:49714
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 104.94.108.142:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 104.94.108.142:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 104.94.108.142:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 104.94.108.142:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 104.94.108.142:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 104.94.108.142:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 104.94.108.142:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 104.94.108.142:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 104.94.108.142:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 104.94.108.142:443 -> 192.168.2.5:49717
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443
Source: global traffic	TCP traffic: 192.168.2.5:49717 -> 104.94.108.142:443

Source: Joe Sandbox View	IP Address: 52.5.13.197 52.5.13.197
Source: Joe Sandbox View	IP Address: 104.94.108.142 104.94.108.142

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: geo2.adobe.comConnection: keep-aliveAccept: application/jsonAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-aliveAccept: /Access-Control-Request-Method: GETAccess-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-keyOrigin: https://rna-resource.acrobat.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Mode: corsSec-Fetch-Site: cross-siteSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 23.193.120.142
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 52.5.13.197
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142
Source: unknown	TCP traffic detected without corresponding DNS query: 104.94.108.142

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: geo2.adobe.comConnection: keep-aliveAccept: application/jsonAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1Host: p13n.adobe.ioConnection: keep-alivesec-ch-ua: "Chromium";v="105"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Accept: application/json, text/javascript, /; q=0.01x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811fx-adobe-uuid-type: visitorIdx-api-key: AdobeReader9sec-ch-ua-platform: "Windows"Origin: https://rna-resource.acrobat.comAccept-Language: en-US,en;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://rna-resource.acrobat.com/Accept-Encoding: gzip, deflate, br
Source: global traffic	HTTP traffic detected: GET /onboarding/smskillreader.txt HTTP/1.1Host: armmf.adobe.comConnection: keep-aliveAccept-Language: en-US,en;q=0.9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brIf-None-Match: "78-5faa31cce96da"If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713

Source: classification engine

Classification label: clean2.winPDF@15/50@0/3

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2788

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9185n31m_1uob9pl_25g.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\2751726_2359360_Confirmation_Letter.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1648,i,2299410425946571322,14647256495210331629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1648,i,2299410425946571322,14647256495210331629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 2751726_2359360_Confirmation_Letter.pdf	Initial sample: PDF keyword /JS count = 0
Source: 2751726_2359360_Confirmation_Letter.pdf	Initial sample: PDF keyword /JavaScript count = 0
Source: A9185n31m_1uob9pl_25g.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9185n31m_1uob9pl_25g.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0
Source: A9qh1rcy_1uob9ps_25g.tmp.0.dr	Initial sample: PDF keyword /JS count = 0
Source: A9qh1rcy_1uob9ps_25g.tmp.0.dr	Initial sample: PDF keyword /JavaScript count = 0

Source: 2751726_2359360_Confirmation_Letter.pdf

Initial sample: PDF keyword stream count = 51

Source: 2751726_2359360_Confirmation_Letter.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: 2751726_2359360_Confirmation_Letter.pdf

Initial sample: PDF keyword obj count = 109

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Exploitation for Client Execution	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	12 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
2751726_2359360_Confirmation_Letter.pdf	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.5.13.197	unknown	United States	14618	AMAZON-AESUS	false
23.193.120.142	unknown	United States	16625	AKAMAI-ASUS	false
104.94.108.142	unknown	United States	16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432114
Start date and time:	2024-04-26 14:13:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowspdfcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	2751726_2359360_Confirmation_Letter.pdf
Detection:	CLEAN
Classification:	clean2.winPDF@15/50@0/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .pdf Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 162.159.61.3, 172.64.41.3, 23.219.155.148, 23.219.155.137, 23.219.155.165, 23.219.155.144
Excluded domains from analysis (whitelisted): chrome.cloudflare-dns.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, ctldl.windowsupdate.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
52.5.13.197	PO_983888123.xls	Get hash	malicious	Unknown	Browse
	https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJlc3VsdDMxNzdAZ21haWwuY29tIiwicmVxdWVzdElkIjoiZmE2MjkzNzktOGVlOS00ZDkxLTU2NGYtODZlN2Q1MjBhMTgxIiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NTIyMzBiMDgtOTVhMi00YWM0LWE1NzUtODJlOGU4OGQ0ZDQxIiwibGFiZWwiOiIxMSIsImxvY2FsZSI6ImVuX1VTIn0.6QK9gd12KmAWhogZmxgLuCkLGY2E_zrbMQmdhhDyRIOYPSXcqy0OWeli3WNWeGYHCbKTmQtprFT1CJf99ywr0g	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://hon6yh6idrd.jp.larksuite.com/file/HRUubUMKZoc3TLxj8cbjnZPfpbh	Get hash	malicious	Unknown	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:US:9e302e2f-d0ed-45a9-8388-cab11cb350ef	Get hash	malicious	HTMLPhisher	Browse
	https://acrobat.adobe.com/id/urn:aaid:sc:US:b1c915de-7158-4dd9-aa63-db461c226178	Get hash	malicious	HTMLPhisher	Browse
	BL.xls	Get hash	malicious	Unknown	Browse
	NorthStar Memorial Funding -Portfolio and Statement`.msg	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	ENQUIRY_No_67543.xla.xlsx	Get hash	malicious	Unknown	Browse
	https://indd.adobe.com/view/51d58930-d96e-48dc-a566-f8851e59953f	Get hash	malicious	HTMLPhisher	Browse
	https://kc9x74kj8sh.larksuite.com/file/RrqJb5F1ooBLNoxX9qyuac4Nsjh	Get hash	malicious	Unknown	Browse
104.94.108.142	RFd2zutX8H.exe	Get hash	malicious	Unknown	Browse
	Benefits Open Enrollment 2024 #U007e Closes on Friday For Carboline	Get hash	malicious	HTMLPhisher	Browse
	Invoices.xls	Get hash	malicious	Unknown	Browse
	Orden_T7405.xla.xlsx	Get hash	malicious	Unknown	Browse
	IF-07b_SIGS-EN-ICS-IC-002_SMC-SCU ICD_v31_19-03-2014.pdf.exe	Get hash	malicious	Unknown	Browse
	btui2YGkc5.exe	Get hash	malicious	NetSupport RAT	Browse
	btui2YGkc5.exe	Get hash	malicious	NetSupport RAT	Browse
	swift_copy.xls	Get hash	malicious	Unknown	Browse
	kSWf9QrxMR.exe	Get hash	malicious	ScreenConnect Tool	Browse
	Iu4a4i5N15.exe	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
AKAMAI-ASUS	file.exe	Get hash	malicious	Unknown	Browse	23.50.112.29
	file.exe	Get hash	malicious	Unknown	Browse	23.50.112.28
	factura - ztcpyqiqtfiewxjhesna.msi	Get hash	malicious	Unknown	Browse	23.44.94.139
	file.exe	Get hash	malicious	Vidar	Browse	23.194.234.100
	RemotePCHost.exe	Get hash	malicious	Unknown	Browse	184.31.62.93
	https://autode.sk/4bb5BeV	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.214.187.157
	aios3.exe	Get hash	malicious	Unknown	Browse	184.31.60.185
	http://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D	Get hash	malicious	HTMLPhisher	Browse	23.59.235.214
	dwn1cGHIbV.elf	Get hash	malicious	Mirai	Browse	104.73.199.214
	https://bushelman-my.sharepoint.com/:b:/p/lance/ESXtc6Laa05KpaC4W3rpMEMBfLSUU1GZhgfhBL8opRqFHg?e=Wrw3le	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.223.31.42
AKAMAI-ASUS	file.exe	Get hash	malicious	Unknown	Browse	23.50.112.29
	file.exe	Get hash	malicious	Unknown	Browse	23.50.112.28
	factura - ztcpyqiqtfiewxjhesna.msi	Get hash	malicious	Unknown	Browse	23.44.94.139
	file.exe	Get hash	malicious	Vidar	Browse	23.194.234.100
	RemotePCHost.exe	Get hash	malicious	Unknown	Browse	184.31.62.93
	https://autode.sk/4bb5BeV	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.214.187.157
	aios3.exe	Get hash	malicious	Unknown	Browse	184.31.60.185
	http://email.wantyourfeedback.com/ls/click?upn=u001.PD4nPnyJUo8oiEzSkSGLgaBNAMtLp9U5nstWElDmnpXtySPOXSs4GxXhEZNYegDWlOpy_1gt1aDjd5mPVItYgazWgABkVm-2FZUH6kt1lIvkdtkRWsfoyQV18ixDvOX-2B0tU4ZH6SMN7PC0YJjM3gcvFPvh6CbZuFXlOBXf3FWLiJkpKJ7Hjba3S4-2FzhpmkR8VdprfK8GO3qSu-2BzqpIaLLC-2Bva9kOn7HY5B7OIgz5EOl88o1lnRSRpayTzqRzTSFhtg2Bi-2BI4dAZ7qHRbJ3vb9lcrxBKqAk13I-2BCAvndhSK1Vi4ubCjlp2xQlrXIHfzqmLiSPjl7tEmTsLYr99h3esBOPv8ASLIpf873P512I7xYEOjogT1gQCerfZNqh6K2IdWU6lDJ2r3wpU6ug02vU9Zslw4DYpuNNZQNVtap5mqv9Xf8D1PYQxYI5BK4owXOV2wEXeRIjST24XAw6EO9D1tdiGoHDRaxW2QofayefCuiW9Z191aML90svJWojHiQp1Fq-2BXFLiyEx8V1eLa7dixfJ23RRWtHvg1jOrHp7lqvXRA7dobs-3D	Get hash	malicious	HTMLPhisher	Browse	23.59.235.214
	dwn1cGHIbV.elf	Get hash	malicious	Mirai	Browse	104.73.199.214
	https://bushelman-my.sharepoint.com/:b:/p/lance/ESXtc6Laa05KpaC4W3rpMEMBfLSUU1GZhgfhBL8opRqFHg?e=Wrw3le	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.223.31.42
AMAZON-AESUS	http://ww1.lourdoueisienne.website/	Get hash	malicious	Unknown	Browse	3.93.251.206
	https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:d35aec95-f365-414c-8371-68e6d7d2ec41	Get hash	malicious	Unknown	Browse	3.215.128.155
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	52.55.103.136
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	54.204.238.15
	http://cleverchoice.com.au	Get hash	malicious	Unknown	Browse	44.214.72.116
	https://shorturl.at/lMOT7	Get hash	malicious	Unknown	Browse	52.204.88.175
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MDg4MzE4LCJtZXNzYWdlX2lkIjoiMGd4dnAwdGZzeWpiNm4yamRiMDRuYWd5IzcyNWE1YTc5LTgxYzQtNGM0Yy1iNmI1LTdmMTY0MTM2ZTE2NCIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1NjI0MzE4LCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtLmJyYWRlbnRvbmNjLmluZm8vP2VvdmlldWJyJnFyYz1yZW5lZS5zY2h3YXJ0ekBxci5jb20uYXUiLCJpbmRpdmlkdWFsX2lkIjoiODdiZTY3MTdlZjJmMThjYzI3YmMyMWQ4OTJhY2Q2NzAifQ.iusDS7mld4iiq9DDY82R1MJ9ToHxmMDW3SMbDENZOZQ	Get hash	malicious	HTMLPhisher	Browse	3.94.175.225
	https://uporniacomnuvidx.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	54.197.93.113
	https://flicker-candle-sunspot.glitch.me/wond276816auing.html	Get hash	malicious	Unknown	Browse	18.235.65.101
	https://purexxfilmsjoybear.z13.web.core.windows.net/index.html	Get hash	malicious	TechSupportScam	Browse	54.161.134.69

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.186468591019852
Encrypted:	false
SSDEEP:	6:sddLIq2P92nKuAl9OmbnIFUt858VXZmw+58VFkwO92nKuAl9OmbjLJ:sdKv4HAahFUt85A/+5o5LHAaSJ
MD5:	017B2FA478487E6929276FA4CBE863FB
SHA1:	D503E46D3876C6D3A7E7F33DF442A41F126A9F6E
SHA-256:	CEC8CC5AFFD3718B1AF279679246E5E6CA0FB7367A799FC9DAF1AC61E49D1DA8
SHA-512:	CDACF185145DD18C067467B55326408068427FE885986D2D5CBA87F1866B40B43BF839540A9DD4B39A77447D899D3C6E886DB0F033FAD4A5950A95E833A56BDD
Malicious:	false
Reputation:	low
Preview:	2024/04/26-14:14:21.847 17f0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-14:14:21.848 17f0 Recovering log #3.2024/04/26-14:14:21.848 17f0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.186468591019852
Encrypted:	false
SSDEEP:	6:sddLIq2P92nKuAl9OmbnIFUt858VXZmw+58VFkwO92nKuAl9OmbjLJ:sdKv4HAahFUt85A/+5o5LHAaSJ
MD5:	017B2FA478487E6929276FA4CBE863FB
SHA1:	D503E46D3876C6D3A7E7F33DF442A41F126A9F6E
SHA-256:	CEC8CC5AFFD3718B1AF279679246E5E6CA0FB7367A799FC9DAF1AC61E49D1DA8
SHA-512:	CDACF185145DD18C067467B55326408068427FE885986D2D5CBA87F1866B40B43BF839540A9DD4B39A77447D899D3C6E886DB0F033FAD4A5950A95E833A56BDD
Malicious:	false
Reputation:	low
Preview:	2024/04/26-14:14:21.847 17f0 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/26-14:14:21.848 17f0 Recovering log #3.2024/04/26-14:14:21.848 17f0 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.173267360785188
Encrypted:	false
SSDEEP:	6:scGN9+q2P92nKuAl9Ombzo2jMGIFUt85cAXJZmw+5cAX9VkwO92nKuAl9Ombzo23:scGOv4HAa8uFUt85c0/+5c05LHAa8RJ
MD5:	4F9B934F06E19C146BE07658E26FE263
SHA1:	1DDB65C3C98412FD529459B28129C11BBF87C767
SHA-256:	F203DA4C0CFA601CBC34643D7D0D7FE665EE1A0BC61986ECB8A33C839F6757AA
SHA-512:	CD53DAF33CA3D5EC30DB35628A191ACDC9AD14462832E14568AED3BD0E76A789CDB0CEEF8474CB42FA1BE0E4F0ED676FE79751B7AEDAD2C67427ACEEA817A128
Malicious:	false
Reputation:	low
Preview:	2024/04/26-14:14:21.914 1bd8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/26-14:14:21.916 1bd8 Recovering log #3.2024/04/26-14:14:21.916 1bd8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.173267360785188
Encrypted:	false
SSDEEP:	6:scGN9+q2P92nKuAl9Ombzo2jMGIFUt85cAXJZmw+5cAX9VkwO92nKuAl9Ombzo23:scGOv4HAa8uFUt85c0/+5c05LHAa8RJ
MD5:	4F9B934F06E19C146BE07658E26FE263
SHA1:	1DDB65C3C98412FD529459B28129C11BBF87C767
SHA-256:	F203DA4C0CFA601CBC34643D7D0D7FE665EE1A0BC61986ECB8A33C839F6757AA
SHA-512:	CD53DAF33CA3D5EC30DB35628A191ACDC9AD14462832E14568AED3BD0E76A789CDB0CEEF8474CB42FA1BE0E4F0ED676FE79751B7AEDAD2C67427ACEEA817A128
Malicious:	false
Reputation:	low
Preview:	2024/04/26-14:14:21.914 1bd8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/26-14:14:21.916 1bd8 Recovering log #3.2024/04/26-14:14:21.916 1bd8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\161501ca-6174-437f-aa92-2442bd5e8d47.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.047195090775108
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
MD5:	70321A46A77A3C2465E2F031754B3E06
SHA1:	5E7E713285D36F12ACFC68A34D8A34FD33C96B34
SHA-256:	344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
SHA-512:	E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.047195090775108
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
MD5:	70321A46A77A3C2465E2F031754B3E06
SHA1:	5E7E713285D36F12ACFC68A34D8A34FD33C96B34
SHA-256:	344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
SHA-512:	E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF650786.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	508
Entropy (8bit):	5.047195090775108
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqnT/sBdOg2HXcaq3QYiubxnP7E4TfF+:Y2sRdsgTAdMHW3QYhbxP7np+
MD5:	70321A46A77A3C2465E2F031754B3E06
SHA1:	5E7E713285D36F12ACFC68A34D8A34FD33C96B34
SHA-256:	344DA48DA0F9A5CC258E10D6C28086B7718CBE596CDC3D7A2A61C8F5FD781248
SHA-512:	E885342B270FE3D538F17F8F80B9ED061B30EE55624177BD81F5C65C033160D71559D60872BC0F99C0C93FAE29F9D09FD5042B68D83CD538154D1335BAC8205D
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13340988966329963","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144691},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d5e44509-81b5-4b1a-9ae9-e83beeb88fd5.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	508
Entropy (8bit):	5.052769235235677
Encrypted:	false
SSDEEP:	12:YH/um3RA8sqZEHksBdOg2HRcaq3QYiubxnP7E4TfF+:Y2sRdslHJdMHo3QYhbxP7np+
MD5:	C13F87092CDCC68B1C86C2155F160D20
SHA1:	0F7AA673E22FC0712E12A31513B43CD001159E46
SHA-256:	D4E0085228677133746DDD5AC793A560326242D0DE44E2F2D8495ED6461D9B23
SHA-512:	84FA28745CEA14C2B7E8F08802A724EE7B47721C59B025EC8B6C56F8F6021F02F34274116712EB28F135EA7D38B90ECBF964E2D78659B2008EABC321C9780F0C
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358693673658895","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":260337},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4730
Entropy (8bit):	5.229861050042531
Encrypted:	false
SSDEEP:	96:QqBpCqGp3Al+NehBmkID2w6bNMhugoKTNY+No/KTNcygLPGLLUEbVtoP0Vb5csPZ:rBpJGp3AoqBmki25ZEVoKTNY+NoCTNLL
MD5:	FF33B5278B1C4D3F2CA5F5372F13B332
SHA1:	9ED0F32DA467EE5D86965167D7CFE2774CA51435
SHA-256:	2C0757747628976F5A3F24806582E8ED1BB8BCB05DC9CBB5B96DA6294A18CFEE
SHA-512:	ABA0115E010D1BD21D9282F6036F4589EEFDF00F277252C1E004550A08824750F570618E9B876365E69ED1AA0DDA33EB3361041F601F6D1420DE0BBAC72A3BA2
Malicious:	false
Preview:	*...#................version.1..namespace-.1a.o................next-map-id.1.Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/.0.K..r................next-map-id.2.Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/.1.m.Fr................next-map-id.3.Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.2.8.o................next-map-id.4.Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/.3.A-N^...............Pnamespace-047a745d_5c98_4926_b446_942fb948d072-https://rna-resource.acrobat.com/-j..^...............Pnamespace-bc60f291_faa7_4492_8b22_e186b4ce62c1-https://rna-resource.acrobat.com/[.\|.a...............Snamespace-bdf2fbfe_e08b_407d_8a81_9a6094e373a0-https://rna-v2-resource.acrobat.com/....a...............Snamespace-24b9c7f4_3e31_4d11_a607_ac91d6485c9e-https://rna-v2-resource.acrobat.com/.W.@o................next-map-id.5.Pnamespace-8fb46ac3_c992_47ca_bb04_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.177174994927778
Encrypted:	false
SSDEEP:	6:skGrN9+q2P92nKuAl9OmbzNMxIFUt85kOJZmw+5kB9VkwO92nKuAl9OmbzNMFLJ:skaOv4HAa8jFUt85kI/+5kh5LHAa84J
MD5:	04703D957408A0F7A59EFEF3E54B2D44
SHA1:	D9B811B2039908B9FD508CDDE92422C1E8166D50
SHA-256:	8735158550644E7142AA15ABA29044E7CC94BFC988B761408D93B622572BB97D
SHA-512:	FA4E2265E250DFB14CCBAE2147066ED4FA3A0F407CEB7F9AD026805DB9DDA32CF048070F0CC5A19138F9F4506D73DBAB331A384C68E595F612F0D330FC0912E9
Malicious:	false
Preview:	2024/04/26-14:14:22.070 1bd8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/26-14:14:22.072 1bd8 Recovering log #3.2024/04/26-14:14:22.073 1bd8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.177174994927778
Encrypted:	false
SSDEEP:	6:skGrN9+q2P92nKuAl9OmbzNMxIFUt85kOJZmw+5kB9VkwO92nKuAl9OmbzNMFLJ:skaOv4HAa8jFUt85kI/+5kh5LHAa84J
MD5:	04703D957408A0F7A59EFEF3E54B2D44
SHA1:	D9B811B2039908B9FD508CDDE92422C1E8166D50
SHA-256:	8735158550644E7142AA15ABA29044E7CC94BFC988B761408D93B622572BB97D
SHA-512:	FA4E2265E250DFB14CCBAE2147066ED4FA3A0F407CEB7F9AD026805DB9DDA32CF048070F0CC5A19138F9F4506D73DBAB331A384C68E595F612F0D330FC0912E9
Malicious:	false
Preview:	2024/04/26-14:14:22.070 1bd8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/26-14:14:22.072 1bd8 Recovering log #3.2024/04/26-14:14:22.073 1bd8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	131072
Entropy (8bit):	0.013154474863312006
Encrypted:	false
SSDEEP:	3:ImtV9lyHPllllnUIghlPtCR/l2/l1u5oll/llAcnylsX+/l/Wwh/fX1:IiV9kvlll5ZgztCR68o/12sX+tuwh/
MD5:	B623A727CD94F2BB69F027CEC7746ABE
SHA1:	5DFE5B80B1C87F74CE3F16E1C2BCEB5D0F112029
SHA-256:	9ABFE0767F9AF078D11D27635673F1C5B939950AB450E6E73FEDB10782F9F309
SHA-512:	1F9CBBED18898002ABF5CDCAF8F6B35118D0ADEBD2B8A1F095675847F5F08D999F0C3E2FA379A2AE41251DAFC07015CC6F87D0EE003D1CFD1C07E097F4A7DB90
Malicious:	false
Preview:	VLnk.....?..........b2.A................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426121427Z-195.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
Category:	dropped
Size (bytes):	71190
Entropy (8bit):	1.2321090557341372
Encrypted:	false
SSDEEP:	768:buq0qh2sJK3FzXEUkBZxdq36NXzfJMxL2lca:bLd/5NH
MD5:	26649B3E8592530BCF3E948D52991652
SHA1:	89AB63A2BD6D36FBEA9DABCD4F18F3073BCA4D00
SHA-256:	9F1304D28FD185B720259CA950820E74B0EBDD8CEFE67B8EBE17507FEBC1C78A
SHA-512:	BA7C6D37FAA0A1255349596485CE09B0725CAB91F1D5281E815A14FC94AACEF746897446489EB9B102710D882C72CC62E58E8F6F47B516284EB491DC85C08473
Malicious:	false
Preview:	BM........6...(...u...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2788

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:	1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	227002
Entropy (8bit):	3.392780893644728
Encrypted:	false
SSDEEP:	1536:WKPC4iyzDtrh1cK3XEivK7VK/3AYvYwgF/rRoL+sn:DPCaJ/3AYvYwglFoL+sn
MD5:	87EDBEE38F56C20298F25D5D3D4D1B5C
SHA1:	7F904E9615AC3186A87472EF366DD8202855B0B7
SHA-256:	A46B56D3ABCC137D1872DDF20EED4BCD7D04518282282ADB32DDCCF70D7FFBA6
SHA-512:	BBEBC1FCD5BC9AE042DD5782425BA8C47BF3EAC283B2487FC4E3FF6BF8101306DAB081E5135594165D4DC1AC120FF125AADBC5B3FFE7C646183C04DF77865E0D
Malicious:	false
Preview:	Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.324957016844078
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJM3g98kUwPeUkwRe9:YvXKX8T4uPNwUYpW70iGMbLUkee9
MD5:	A9BE9FFE814BC3E25567922B44A12EBB
SHA1:	A183B6735C2547ADC608F124D3413833989DAA1C
SHA-256:	B6AD62653562F8CA2F0F36F2C862E118F8EA7C014A106744A3444DEC5ABC9B80
SHA-512:	D6FFC0658CB1CE9725CCAD792DD914330C43621D7E5FD5CC660B4F78FBD8FE374EA5589010CBF0B7EF3B79AAE2525D30E4319755CA5901E382570BDAB61AAC0A
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.263569988252129
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfBoTfXpnrPeUkwRe9:YvXKX8T4uPNwUYpW70iGWTfXcUkee9
MD5:	974D18CB4DF41F9B5E8433E5A67034A7
SHA1:	E4A0D4006D1BF1333C742276926DCC1F4CE60232
SHA-256:	C0A762937E116F29DEC0F8778817ADC64484523502B4822D7AB3D2931922F3E9
SHA-512:	41D0F03161BEDF06C9E32FADD8047B815B71B1AA83FA8955ADA6CD86661359792A0E76FDE410B89D2A7ECFC42464F8EEBB6E050B3CDA0FFA1B979D715667A468
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2406914297947065
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfBD2G6UpnrPeUkwRe9:YvXKX8T4uPNwUYpW70iGR22cUkee9
MD5:	92D80BC5F97C8569F98904E1430A2F9F
SHA1:	C2474404B1510DBD6D111098BB3E82B6134AD23F
SHA-256:	480A17CC54640CF45CE951EF3D6BBCB9785FD87D2B90938DE6DFF8BCDE59A17E
SHA-512:	E55C63E789457B84FC60E3FCAA685D769B66E6C2AB27B1EE203117A58E2B949BFEA289AA5A41CAC00F5045C2FE17B2D8D930D70D6555375F7A0C9DFDF8EDEFA8
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.302502302586676
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfPmwrPeUkwRe9:YvXKX8T4uPNwUYpW70iGH56Ukee9
MD5:	F327FC7A962EC35B6D156027A5C1E6C9
SHA1:	9701E003C77064B6814A77CF15E3F3E8B363BF44
SHA-256:	9E4EF92E4757E6548441E2154D6F87EA6BC5B37352D2A5AAB1BE1EB6733CA128
SHA-512:	4275690218B91CDC9233FC3E7A7F5089CC4511DC36B4E2508345DD62BE9B093C64DB6D2F9F3F5E6DA40F9813FD9319BBF8F7B5C018B0C12E93BD23C19590DAA1
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.260795050823878
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfJWCtMdPeUkwRe9:YvXKX8T4uPNwUYpW70iGBS8Ukee9
MD5:	BFFF422EBA795ACFCAE7699B9302968F
SHA1:	2533A4BBBC8F9815BD593904CF99E0F2EB43E097
SHA-256:	7C2FF549AC980322D2B4AD8F705058E548BB1B12FFFDB641F6377A60D8B52007
SHA-512:	D96FC941D5B55AA0C1CD2B1F6763C67213CF213F1C243C1FE1F0313FC57A0A2561A487AFB04FDEE20CF9552B02057AE9524DDA616E8879D27B49465E1123CE22
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.244945242442691
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJf8dPeUkwRe9:YvXKX8T4uPNwUYpW70iGU8Ukee9
MD5:	3809AC7274E73D5BA136DFFEDB324176
SHA1:	FF8F8C659830EACBDB3D0B189AA4BF93F111CE3C
SHA-256:	85E631E18D6AB4318DB7999CEA9BC9602EB89811570D107A2F13B9768503B828
SHA-512:	460EE40597449E1B0A03EEA5CE3E6C37DA75FA17671F4587794348356F02D7C819CCB512F354D754864E3842AB46438397D80DB75CD741DDC76BEFAC5EDB510E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.246775072326782
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfQ1rPeUkwRe9:YvXKX8T4uPNwUYpW70iGY16Ukee9
MD5:	B254347E85EC659A2D06B9A024C6816E
SHA1:	830D88C264AD227C21290BD455684FB6FC938046
SHA-256:	5968085FCBCD9F5BD8DC9BFB4F6F8F3F95F44E4BD468064C162419B2CA432973
SHA-512:	2A400980837BA25E755ECCD102E5ADCBF885AB45B73502DC2D47FF082E2FEB82546A297710E0B7B94D5E871AB11C3A63D48C6BDC570D0A7B2F936076772EB648
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.265166124125819
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfFldPeUkwRe9:YvXKX8T4uPNwUYpW70iGz8Ukee9
MD5:	72DE126E6CF8C772409F993A7500E235
SHA1:	9553B0DB1303E68AC87ACCBE1B9BE7B4C08F7204
SHA-256:	482173C4F64A4FA20FB4D38DFC1724C227014ABA4AC9D0B0E4C9FD402B34D086
SHA-512:	F68175CC327C2228B9463BFAD245B2D3D97304C0956E705D480671E905D180E831DE5DC89A4957012DE2CA1CD6A3EDDCE9F14EB44374EB98F0D45E9DC88ADA2F
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.736977421536437
Encrypted:	false
SSDEEP:	24:Yv6X8siPKLgENRcbrZbq00iCCBrwJo++ns8ct4mFJNS:YvdTPEgigrNt0wSJn+ns8cvFJw
MD5:	E4DDF1B14A10BDA81DFEEAEAC9FEA184
SHA1:	178DBA3A07F5D1F1EAB03577A0A09BE4BC07D3B4
SHA-256:	183947623BC99B034408903EDA007946C66A9C02DEF3A2CADD91DD15DEFCB148
SHA-512:	2801C0F96C65DAF78C349088147D5F2ACD86B7A0243B1F1C0999326FB4A1C2BCD3CC96190429A3FFAABE4348A64B0DB3005CD62BCA89C18669723EA115B066ED
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.254466547713881
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfYdPeUkwRe9:YvXKX8T4uPNwUYpW70iGg8Ukee9
MD5:	196EEC89AD1A97850128C46502DDF1F2
SHA1:	12B8DB7F7CFA4EDA99458C0EC72DB6800FA05017
SHA-256:	0E0359D0D5FB0938FCF0312F69FF5BC6F38DEFA85CF36BF91CFE8911AFA63C62
SHA-512:	58D69CA697C8B9A76334E0EBF5F698F793036C99D28D8F46E929D39EB58791EDE1A7253DC9459B4B58159A06AAECAF579A668B0D96830A9A3E84AD2820F65A5E
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.773990988503545
Encrypted:	false
SSDEEP:	24:Yv6X8siSrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNa:YvdTSHgDv3W2aYQfgB5OUupHrQ9FJs
MD5:	2DD71592D1655588AEDF418F080C4263
SHA1:	440E082D83C09E615D315369C2FEF3224DD2F2C2
SHA-256:	348DECE90A2383041E09D4DEFB740842BD1983D7930C06746FAB5E6B6ABB3F0D
SHA-512:	B88AB86416F90CE73FE02D2984639A109F57AA305DEF1013FAFBA83E5AD1240E97391C8B77EAABEC48B86A5E7933BA916CA4FAC4A27099DA10AB54CC46BF8A10
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.238326590076996
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfbPtdPeUkwRe9:YvXKX8T4uPNwUYpW70iGDV8Ukee9
MD5:	CA2A8B404EEA0FD22021DAED71CDCB83
SHA1:	017DD038C650CE01BC09C7A58A497B1A4FDE8AB3
SHA-256:	E0B81359282EEB442EA82DB12381C2ECAE82E8FA06022F3DC2C953AF5A2C18A4
SHA-512:	2F40F1D9654910C36203A2A0C2C3FAF5CDA8A4D8C9732ABDA9B2AA2AA69CF107695A5A79FA66E6A5013AFC61CC62C0878C7A6BD736BD8B3D8D69514253E9CF90
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.239369558383394
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJf21rPeUkwRe9:YvXKX8T4uPNwUYpW70iG+16Ukee9
MD5:	3377409601B188DF40D0B7A9210D27FE
SHA1:	6FB7B98001AB0FA448CDA29F79F73A15AAAE783A
SHA-256:	1428CC9DE164EBC27A4C79167DA7B7364197FD4E8E4C66AB1D3F81ECE4A17BFE
SHA-512:	4F6242DED1439EF832443429817E351E71020EE3A57C059A0946799ABE18A2E150C3C6AF235A9F7DEC471AC106B0C6F3781F68DE8DD8C6D8BEBE0021D17761BF
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.261007858397807
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfbpatdPeUkwRe9:YvXKX8T4uPNwUYpW70iGVat8Ukee9
MD5:	6E0183AAD6679D5E5D4DD734EC704D01
SHA1:	5212B9AA0FB387E01C2C64F19DF225872D6E4865
SHA-256:	8CC464C006A3915EC518736588484E0442DC3165E9D22118615C6B09FCA7C6D9
SHA-512:	D1564D738DCA23B1222322E93745338D89ABC336AF0750D1E4870CE44999F456CBF8CA79EC5AA10070072F9B09BB09561369BF5B2733A9BE354AAB1BBCA8A976
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.211959794271132
Encrypted:	false
SSDEEP:	6:YEQXJ2HXeRTovuPKWwRnx+FIbRI6XVW7+0YvlDoAvJfshHHrPeUkwRe9:YvXKX8T4uPNwUYpW70iGUUUkee9
MD5:	D1D570577CA3B55EB9AF8AD6D8328D35
SHA1:	C554B683AEEEF584076D4B4AD2A7F847331F26A7
SHA-256:	055E551EC4F960C2943A401E719EE72599F0CF51BA299647122C94BC9FB42F94
SHA-512:	8FAA285078F59D4E465AA01771CED7848D4130205540B3071C49CE1D34F4F9F9024309AAFB10A86F4A8C6411502193AC4ACCCD31D2543837FDB4BF33D59B1A99
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.357550376825387
Encrypted:	false
SSDEEP:	12:YvXKX8T4uPNwUYpW70iGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhWO:Yv6X8si3168CgEXX5kcIfANhT
MD5:	FBD924F9660BD3F63A741455C17464A0
SHA1:	EA4E64A23230CA2AE6C9E1834B4C8BF57F4B4BD1
SHA-256:	A4EA6EB65270468BC887421259EC45E4F8572D4B1A87B4982D0D1A3375AA1D4E
SHA-512:	E76723EBD208E531B70C6F4C6527B62445644C2CC5D1AFB78EACB9EFECCE654E8A037B3BF51435BC657C2245AB53A8EDB4BE43C68CF51339FAA71037FEC3BA53
Malicious:	false
Preview:	{"analyticsData":{"responseGUID":"cdc382d6-0ac4-4fd5-8ec8-3dc83a384b74","sophiaUUID":"FC1B1BAD-CA24-4641-AA35-0D02D0C204D1"},"encodingScheme":true,"expirationDTS":1714310897487,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1714133672521}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:	3:e:e
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.133927205742704
Encrypted:	false
SSDEEP:	24:YqYEglNChAn4XclRVO7jm+aI1ayT7hEPiajG8j0S+j5GW+2AJg2LSotcd5Nh93sE:YPz0A4XclRAXv1UFBJJgeGdPh9ByY
MD5:	540C8D58351296ADC0EA92E726A16E00
SHA1:	244646CDF16DA670BFB14CC0B4C0F6DE186E71BB
SHA-256:	3F1B3EB3739FAA034417A192E916D3FD6BC2DE21259C81B3B367966FD578E842
SHA-512:	44A988666E59048E01C59B980B99C37CC44C2CD31D42936B6A7322F30F35431FED1E2A544AF128EC85B6084BCB5469C6DCDA80F71DFDE091535D71CEA40B2284
Malicious:	false
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"932ec9d19b7588c095a3ba33738d2087","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1714133672000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"507db30787647ee2398d09d3be5a7d1f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1714133672000},{"id":"Edit_InApp_Aug2020","info":{"dg":"383301e23932d76d3274c71e6e40743e","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1714133672000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"971b3a822056944a912ce74a28f5b7e6","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1714133672000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"0be8b40a2fc9c0aa6f8d724455aa540f","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1714133672000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"1c3c6c2b5894d5c7640392bc4b8d962f","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1714133672000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 20, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 20
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9874667463810732
Encrypted:	false
SSDEEP:	24:TLhx/XYKQvGJF7ursw1RZKHs/Ds/SpTvjLtzJwtNBwtNbRZmDv1i3vjLF:TFl2GL7msIgOVpTv9zutYtpmDv1i3vV
MD5:	708C5E962EF20C6467D3F4818F531033
SHA1:	9093DC21B9EBFC1B4DC1A9E14451977502CFA374
SHA-256:	97C3640D3FF1CF0178E2209C57A299395353ADFA37F9AEAA0EECE5B61232D3A1
SHA-512:	6C06B0C134D28C9D849BBAE4586A0C6BB415F719EA67508C32F89BD89C788419F4C2D892BADEBBBC60FCD2F965C1534D425D430DC7D4B4D7F3EA798D8340B70F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.342833057074372
Encrypted:	false
SSDEEP:	24:7+trmh1RZKHs/Ds/SpTvjL4zJwtNBwtNbRZ6bRZ4pvjLVqLHRx/XYKQvGJF7ursI:7M+gOVpTvIzutYtp6P8vlqVl2GL7msI
MD5:	E1DE830679793EDC68A757E5D5E94F9D
SHA1:	8E2E978430DBD1B1770EF4EC517F1F1DB0E64979
SHA-256:	19320867C552217817A27E738895457A31024C14AB884E6BF08316F7AF0248E0
SHA-512:	1EDB1548218DA0961C6F2AB116F0BF122144A407D2FDDD4075251124ECD3A4DC84170AB10073F90EAED8BECFF6C5C1743F793E63150F761C5DDCABA156813555
Malicious:	false
Preview:	.... .c.......N......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#...#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI4cd8a.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.511206980872271
Encrypted:	false
SSDEEP:	6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8mdWaRzflH:Qw946cPbiOxDlbYnuRKvDflH
MD5:	9A8541A1E3898CC781748956D907B1A1
SHA1:	4015AD14B24EA4A7BE24354A78359A3C38A6B26E
SHA-256:	AE7A7F46A30C9562057154E11CED7DCC28526CCD65539E583919944E8B65AA42
SHA-512:	75C8673B69C82FB0BC6AAD7AF13D4864BA624C4E6D601328970C21CF8FBF782A14EE94973075E7157E3F5E958FA5D277A299A17602BDAC50C983B5906D4E6ECD
Malicious:	false
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.6./.0.4./.2.0.2.4. . .1.4.:.1.4.:.3.2. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9185n31m_1uob9pl_25g.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.038773363193829
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROObZnUmzZnUmXCCSyAAO:IngVMre9T0HQIDmy9g06JXrZUmdUmXCR
MD5:	42F73129F749C43414F891E5D123BF27
SHA1:	5F20C5AF6D30AE1225F7F7BC1397205413CDDDDD
SHA-256:	AADA07B0153FCFE325BFC09DBC6A36130DDB4CD3CF2B832A4702EDB456AEC8C0
SHA-512:	AD224ED7A8AD920866B966101B0C29ACBD63105DAA1442D9B3C176C4B608F5543EB0378F1C65E62E84041379994792F5E8CA80C0413BE648A01F2DBC3126829E
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<D383C18E3E4B194F9D4E1937505408E2><D383C18E3E4B194F9D4E1937505408E2>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\A9qh1rcy_1uob9ps_25g.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PDF document, version 1.6, 0 pages
Category:	dropped
Size (bytes):	358
Entropy (8bit):	4.977997989441812
Encrypted:	false
SSDEEP:	6:IngVMrexJzJT0y9VEQIFVmb/eu2g/86S1kxROOW1J1ImCSyAAO:IngVMre9T0HQIDmy9g06JXmDmmlX
MD5:	60C1A38A0134C1205C9E977E2FDB205A
SHA1:	8CAB4EC43BB1F09FD335BCC93D9C00D32D9AE4DC
SHA-256:	93EE334326AACE55F6F393DA7114F308F5B5B53D83192684EECDE8DDD8D173E6
SHA-512:	52A9D9BC38378360CDBAD9DB0924AA631B2787BA1D4F5E40D0174A8ED109F8C71008C7B54A7FE47415676FDCC6E9F578E5B587E25AFAF17D27FEF261A1845943
Malicious:	false
Preview:	%PDF-1.6.%......1 0 obj.<</Pages 2 0 R/Type/Catalog>>.endobj.2 0 obj.<</Count 0/Kids[]/Type/Pages>>.endobj.3 0 obj.<<>>.endobj.xref..0 4..0000000000 65535 f..0000000016 00000 n..0000000061 00000 n..0000000107 00000 n..trailer..<</Size 4/Root 1 0 R/Info 3 0 R/ID[<910148AB1E190D45B475392031052F04><910148AB1E190D45B475392031052F04>]>>..startxref..127..%%EOF..

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-26 14-14-24-867.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.376360055978702
Encrypted:	false
SSDEEP:	384:6b1sdmfenwop+WP21h2RPjRNg7JjO2on6oU6CyuJw1oaNIIu9EMuJuF6MKK9g9JQ:vIn
MD5:	1336667A75083BF81E2632FABAA88B67
SHA1:	46E40800B27D95DAED0DBB830E0D0BA85C031D40
SHA-256:	F81B7C83E0B979F04D3763B4F88CD05BC8FBB2F441EBFAB75826793B869F75D1
SHA-512:	D039D8650CF7B149799D42C7415CBF94D4A0A4BF389B615EF7D1B427BC51727D3441AA37D8C178E7E7E89D69C95666EB14C31B56CDFBD3937E4581A31A69081A
Malicious:	false
Preview:	SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:961+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=03c9683a-b9c7-43c5-80d5-ee4bbf74fb26.1696428955961 Timestamp=2023-10-04T16:15:55:962+0200 ThreadID=6596 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (392), with CRLF line terminators
Category:	dropped
Size (bytes):	16575
Entropy (8bit):	5.3819190981048335
Encrypted:	false
SSDEEP:	384:wQONWEHU/tblYiUbqOXDZyX7shThVJ7I7j5fz5clxsMqxK3PcXARKRQMu80Od15f:njx
MD5:	6299ADF61BE6AC163ED4D834D9301B53
SHA1:	B43563CDE564063CFB4BB1FF8EBF6B9A0A26018C
SHA-256:	B0AAF4BD246DD793247732486364B96FA3C7706A11DEA34FD4C4B21E650695BF
SHA-512:	D361515449A4935008DB07070D2AD557BD153FB97320CE61DB0BBEB4F029A4EF5CCEAA40C2522C40DED06CE98E7DFCB18EB4B609B233382B3BD6502D45E06F9F
Malicious:	false
Preview:	SessionID=9f511146-43bc-49d3-bdc8-44f2b78e5f66.1714133664876 Timestamp=2024-04-26T14:14:24:876+0200 ThreadID=7412 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=9f511146-43bc-49d3-bdc8-44f2b78e5f66.1714133664876 Timestamp=2024-04-26T14:14:24:877+0200 ThreadID=7412 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=9f511146-43bc-49d3-bdc8-44f2b78e5f66.1714133664876 Timestamp=2024-04-26T14:14:24:877+0200 ThreadID=7412 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=9f511146-43bc-49d3-bdc8-44f2b78e5f66.1714133664876 Timestamp=2024-04-26T14:14:24:877+0200 ThreadID=7412 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=9f511146-43bc-49d3-bdc8-44f2b78e5f66.1714133664876 Timestamp=2024-04-26T14:14:24:877+0200 ThreadID=7412 Component=ngl-lib_NglAppLib Description="SetConf

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29845
Entropy (8bit):	5.392494914451518
Encrypted:	false
SSDEEP:	768:GLxxlyVUFcAzWL8VWL1ANSFld5YjMWLvJ8Uy++NSXl3WLd5WLrbhhVClkVMwDGb8:4
MD5:	168993983CC4652F07B18BC686734969
SHA1:	79B1AFCE105F81FABC759E9949E0A642D6BF8C85
SHA-256:	841CBEF4257AA03C0D0A630D85BF516149D1756ADC10954238C254A5245F7FE6
SHA-512:	74A05DB942C3EC5822C7FE4C6271339E0DB6C3DDC77B409A1F970F368E4D0CA96D71A423EF46258F1F5181ACECD97987B8C5E487C4D8D636C2BEAD9CC2255661
Malicious:	false
Preview:	04-10-2023 02:39:31:.---2---..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : *************************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : ***********************************..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Starting NGL..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..04-10-2023 02:39:31:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..04-10-2023 02:39:31:.Closing File..04-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\092b3f67-cb41-4316-a2eb-d35f01679286.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:	6144:8OSTJJJJEQ6T9UkRm1lBgI81ReWQ53+sQ36X/FLYVbxrr/IxktOQZ1mau4yBwsOo:sTJJJJv+9UZX+Tegs661ybxrr/IxkB1m
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\0952751e-ed85-4308-aeb6-728d3fc5b57f.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:	12288:ONh3P65+Tegs6121YSWBlkipdjuv1ybxrr/IxkB1mabFhOXZ/fEa+vTJJJJv+9U0:O3Pjegf121YS8lkipdjMMNB1DofjgJJg
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\81edaf18-333f-4542-aa8b-6d5a32d7e4ff.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:	24576:/x2cGZf/wYIGNPzWl7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:J2cGZHwZG5W+B3mlind9i4ufFXpAXkru
MD5:	28445BE71675F3B540A8E21F22E376FC
SHA1:	BDD3CEAFC77B125C552D323ED0A8D6C61960E949
SHA-256:	ABF98267BA151CB28C87623E2B0F833476618181DC4838512C8E6C11B44CA539
SHA-512:	E2DF6E08082E21F2264D43D30756B09F2F3EFBC221D0E94A93D8243150959F0A90CDBAC08D984648F99B3D7DE6DCF63CFE6976371F148EC8CA0321E78801F086
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\a30c297e-e81b-4d1e-9b6f-2a8adffd402d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:	24576:/xA7o5dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07/WLaGZDwYIGNPJe:JVB3mlind9i4ufFXpAXkrfUs0jWLaGZo
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\a508d8b7-91a6-428e-8b92-ba2465eed1aa.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1439367
Entropy (8bit):	7.97609170196247
Encrypted:	false
SSDEEP:	24576:/xA7owWLaGZDwYIGNPJ2dpy6mlind9j2kvhsfFXpAXDgrFBU2/R07D:JVwWLaGZDwZGK3mlind9i4ufFXpAXkru
MD5:	6AF7FC589063937DE2978CF360E97841
SHA1:	37527C18159D15807FEAF40F00A285198FBF37DE
SHA-256:	A376AFEE5B3CDC4FA6CFA9D7DD79283874B01CE7259E3229E169E5748C15BD28
SHA-512:	4B862943F92A707A0D48CF3C05F1A5C3F2B3DEFA26A31BB87C9F352228E82845343898B944D691422A18E72310784EB5EB3F51D79A8C2875B5D9B11B00795087
Malicious:	false
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\JSCache\GlobSettings

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	24
Entropy (8bit):	3.66829583405449
Encrypted:	false
SSDEEP:	3:So6FwHn:So6FwHn
MD5:	DD4A3BD8B9FF61628346391EA9987E1D
SHA1:	474076C122CACAAF112469FC62976BB69187AA2B
SHA-256:	7C22C759CA704106556BBC4FC10B7F53404CA1F8B40F01038D3F7C4B8183F486
SHA-512:	FDAF3D9F8072ED7DE9B2528376C10E3C3FDBEA74347710A4795BECF23C6577B3582B2E89D3C04EF0523C98FE0A46F2AF3629490701A20B848C63BA7B26579491
Malicious:	false
Preview:	<</Settings [/c <<>>].>>

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	36
Entropy (8bit):	4.294653473544341
Encrypted:	false
SSDEEP:	3:8QvCyKGziFLpn:8QayKGyLpn
MD5:	5C6B932A79952B4B27833691305E61DB
SHA1:	09804DB0986A989C2C49CDCEA563567FB4C7B1A0
SHA-256:	DEE5A5925227B125F4AC6D9B70A277E6EC8494FFC73D1CCE9E08CC7A78D6208A
SHA-512:	4FAA9585BB10156D5DEA3B62D3A3A1BFA92430BA6E1E3381FC4C76C3071C85E53D5CBCE0016DBA1D1F9EA1B7AF37B4A4EFBAF4F3106B7D958B6E2E90AA0DF059
Malicious:	false
Preview:	%PDFTrustManagerDocsData 1.0........

C:\Users\user\AppData\Roaming\Adobe\Acrobat\DC\TMGrpPrm.sav

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	54
Entropy (8bit):	3.7119196645733785
Encrypted:	false
SSDEEP:	3:8QvCxXLV1AiLKltVln:8QaRhJ2ltPn
MD5:	6A614A7743B0C781AAECA60448E861D6
SHA1:	67B7DF5EBEB4527E4C31F3F9B7E52A0581DC4B6D
SHA-256:	9703120DC62C2C3F843BAD5B1E77594682CA7820F0345AE0BBD73021C1427146
SHA-512:	3A45B27ED6F3AAA8C2113FBB21637675CC91D1239754447A7032D1A86CB1E7381575B28F992E5FFC9986354C2B9C173C614F1F703CA4C2BEE63AB3BC6ED909A6
Malicious:	false
Preview:	%PDFTrustManagerGroupPerms 1.0........................

Static File Info

General

File type:	PDF document, version 1.7, 2 pages (zip deflate encoded)
Entropy (8bit):	7.904810502196162
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	2751726_2359360_Confirmation_Letter.pdf
File size:	225'016 bytes
MD5:	052941218142e98f29f40b8f713df627
SHA1:	897fe6954b612f46dc4277cf77cbcd386f2d5ec3
SHA256:	665d45d4b4ac02dc33b7c98dd1a0b05a145b8bdc96c6e23996a2f19f9f3e58dc
SHA512:	498360601ab59b4dbb178968d05534d629e2c049b5e6bb240e704cc1813c934d67509505378bbc0580a678617817bd6b227d01e3d6316df76f88f7de2415e2e8
SSDEEP:	6144:6U/iG5kFlRifOTXminx0KG0pVRLNI7S7kbZU0:6nllRiWBnxG0/YA8+0
TLSH:	B124CF13DD0D8D8EE4504678BD272E6C764DBA1EACC234FF09680EC67E616108D6E5B7
File Content Preview:	%PDF-1.7.%.....6 0 obj.<</Filter/FlateDecode/Length 1879>>stream.H..Wmo.6..._q..!.EI.d.(..i.!ESD.P....%.fK.-......)....K.."....w..z..*..'..{.;...d1.....k....(..H.^..!...Hx.(M(I.\...W....~......2.....b\.eA.._./....^..$(.;" _..?...E^.Q.r:.f.8>u./.(.....yt..

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.7
Total Entropy:	7.904811
Total Bytes:	225016
Stream Entropy:	7.932585
Stream Bytes:	204034
Entropy outside Streams:	5.306460
Bytes outside Streams:	20982
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	109
endobj	109
stream	51
endstream	51
xref	1
trailer	1
startxref	1
/Page	2
/Encrypt	0
/ObjStm	0
/URI	0
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	1
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5
28	0000000000000000	aa699269738c346d79722b3ec3b7a9e9
29	001440568aaa2409	8d26f43730f57833aa61b9ce10acec60
30	0000000000000000	bffc0a0c141c7c4aedd4a73586b6918c
31	0000000000000000	06236fab80f06a27ca95cb93856a025e
32	0000000000000000	a3f2a932355e11ad008d8c3f798a8712

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 14:14:28.764532089 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:28.764565945 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:28.764651060 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:28.764902115 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:28.764911890 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:29.156534910 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:29.246332884 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:30.289803982 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:30.289824963 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:30.291064978 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:30.291076899 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:30.291151047 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:30.696588993 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:30.696752071 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:30.744762897 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:30.744775057 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:30.805548906 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:30.848145008 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:30.933490038 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:30.933873892 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:30.933934927 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:31.093837023 CEST	49711	443	192.168.2.5	23.193.120.142
Apr 26, 2024 14:14:31.093856096 CEST	443	49711	23.193.120.142	192.168.2.5
Apr 26, 2024 14:14:31.291939974 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.292023897 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.292124033 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.292294979 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.292331934 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.608465910 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.608839035 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.608872890 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.609874010 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.609937906 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.609957933 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.610006094 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.612332106 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.612406015 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.612970114 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.612998009 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.670062065 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.909728050 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.909799099 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.909862041 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.912947893 CEST	49713	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.912987947 CEST	443	49713	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.915563107 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.915597916 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:31.915673018 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.915874004 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:31.915891886 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.236453056 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.236943960 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:32.236967087 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.237994909 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.238059044 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:32.238070011 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.238118887 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:32.238712072 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:32.238779068 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.239006042 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:32.239022970 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.424900055 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:32.609872103 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.609893084 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.609934092 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:32.609952927 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.609966993 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:32.610018969 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:32.617769003 CEST	49714	443	192.168.2.5	52.5.13.197
Apr 26, 2024 14:14:32.617784977 CEST	443	49714	52.5.13.197	192.168.2.5
Apr 26, 2024 14:14:34.070436001 CEST	49717	443	192.168.2.5	104.94.108.142
Apr 26, 2024 14:14:34.070472956 CEST	443	49717	104.94.108.142	192.168.2.5
Apr 26, 2024 14:14:34.070547104 CEST	49717	443	192.168.2.5	104.94.108.142
Apr 26, 2024 14:14:34.070766926 CEST	49717	443	192.168.2.5	104.94.108.142
Apr 26, 2024 14:14:34.070784092 CEST	443	49717	104.94.108.142	192.168.2.5
Apr 26, 2024 14:14:34.470920086 CEST	443	49717	104.94.108.142	192.168.2.5
Apr 26, 2024 14:14:34.471249104 CEST	49717	443	192.168.2.5	104.94.108.142
Apr 26, 2024 14:14:34.471283913 CEST	443	49717	104.94.108.142	192.168.2.5
Apr 26, 2024 14:14:34.472776890 CEST	443	49717	104.94.108.142	192.168.2.5
Apr 26, 2024 14:14:34.472893953 CEST	49717	443	192.168.2.5	104.94.108.142
Apr 26, 2024 14:14:34.479032993 CEST	49717	443	192.168.2.5	104.94.108.142
Apr 26, 2024 14:14:34.479129076 CEST	443	49717	104.94.108.142	192.168.2.5
Apr 26, 2024 14:14:34.479301929 CEST	49717	443	192.168.2.5	104.94.108.142
Apr 26, 2024 14:14:34.479310989 CEST	443	49717	104.94.108.142	192.168.2.5
Apr 26, 2024 14:14:34.533966064 CEST	49717	443	192.168.2.5	104.94.108.142
Apr 26, 2024 14:14:34.606453896 CEST	443	49717	104.94.108.142	192.168.2.5
Apr 26, 2024 14:14:34.606538057 CEST	443	49717	104.94.108.142	192.168.2.5
Apr 26, 2024 14:14:34.609747887 CEST	49717	443	192.168.2.5	104.94.108.142
Apr 26, 2024 14:14:34.609782934 CEST	443	49717	104.94.108.142	192.168.2.5
Apr 26, 2024 14:14:34.609817982 CEST	49717	443	192.168.2.5	104.94.108.142
Apr 26, 2024 14:14:34.609884977 CEST	49717	443	192.168.2.5	104.94.108.142

HTTP Request Dependency Graph

geo2.adobe.com

https:

p13n.adobe.io

armmf.adobe.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49711	23.193.120.142	443	4320	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:14:30 UTC	378	OUT	GET / HTTP/1.1 Host: geo2.adobe.com Connection: keep-alive Accept: application/json Accept-Language: en-US User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br
2024-04-26 12:14:30 UTC	219	IN	HTTP/1.1 200 OK Content-Length: 50 Date: Fri, 26 Apr 2024 12:14:30 GMT Connection: close Content-Type: application/json Throughput: vhigh Network-Type: Country: US Cross-Origin-Resource-Policy: cross-origin
2024-04-26 12:14:30 UTC	50	IN	Data Raw: 43 6f 75 6e 74 72 79 3a 20 22 55 53 22 20 73 74 61 74 65 3a 20 22 46 4c 22 20 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 22 65 6e 2d 55 53 22 Data Ascii: Country: "US" state: "FL" Accept-Language: "en-US"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49713	52.5.13.197	443	4320	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:14:31 UTC	1353	OUT	OPTIONS /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive Accept: / Access-Control-Request-Method: GET Access-Control-Request-Headers: x-adobe-uuid,x-adobe-uuid-type,x-api-key Origin: https://rna-resource.acrobat.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 12:14:31 UTC	508	IN	HTTP/1.1 204 No Content Server: openresty Date: Fri, 26 Apr 2024 12:14:31 GMT Content-Type: text/plain Content-Length: 0 Connection: close Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id X-Request-Id: 5up8Pt7iZZuaGVBfkTT0osgbUtXquJXZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49714	52.5.13.197	443	4320	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:14:32 UTC	1473	OUT	GET /psdk/v2/content?surfaceId=ACROBAT_READER_MASTER_SURFACEID&surfaceId=DC_READER_LAUNCH_CARD&surfaceId=DC_Reader_RHP_Banner&surfaceId=DC_Reader_RHP_Retention&surfaceId=Edit_InApp_Aug2020&surfaceId=DC_FirstMile_Right_Sec_Surface&surfaceId=DC_Reader_Upsell_Cards&surfaceId=DC_FirstMile_Home_View_Surface&surfaceId=DC_Reader_RHP_Intent_Banner&surfaceId=DC_Reader_Disc_LHP_Banner&surfaceId=DC_Reader_Edit_LHP_Banner&surfaceId=DC_Reader_Convert_LHP_Banner&surfaceId=DC_Reader_Sign_LHP_Banner&surfaceId=DC_Reader_More_LHP_Banner&surfaceId=DC_Reader_Disc_LHP_Retention&surfaceId=DC_Reader_Home_LHP_Trial_Banner&adcProductLanguage=en-us&adcVersion=23.6.20320&adcProductType=SingleClientMini&adcOSType=WIN&adcCountryCode=US&adcXAPIClientID=api_reader_desktop_win_23.6.20320&encodingScheme=BASE_64 HTTP/1.1 Host: p13n.adobe.io Connection: keep-alive sec-ch-ua: "Chromium";v="105" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Accept: application/json, text/javascript, /; q=0.01 x-adobe-uuid: 89d789c4-e7e5-4f75-95a4-57139ab6811f x-adobe-uuid-type: visitorId x-api-key: AdobeReader9 sec-ch-ua-platform: "Windows" Origin: https://rna-resource.acrobat.com Accept-Language: en-US,en;q=0.9 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://rna-resource.acrobat.com/ Accept-Encoding: gzip, deflate, br
2024-04-26 12:14:32 UTC	544	IN	HTTP/1.1 200 Server: openresty Date: Fri, 26 Apr 2024 12:14:32 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 3120 Connection: close x-request-id: NjMdUTCb5Ke0tyTkzdfXOzLKkR8JMjny vary: accept-encoding Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Authorization,Content-Type,X-Api-Key,cache-control,User-Agent,If-None-Match,x-adobe-uuid,x-adobe-uuid-type, X-Request-Id Access-Control-Allow-Credentials: true Access-Control-Expose-Headers: x-request-id
2024-04-26 12:14:32 UTC	3120	IN	Data Raw: 7b 22 73 75 72 66 61 63 65 73 22 3a 7b 22 44 43 5f 52 65 61 64 65 72 5f 52 48 50 5f 42 61 6e 6e 65 72 22 3a 7b 22 63 6f 6e 74 61 69 6e 65 72 73 22 3a 5b 7b 22 63 6f 6e 74 61 69 6e 65 72 49 64 22 3a 31 2c 22 63 6f 6e 74 61 69 6e 65 72 4c 61 62 65 6c 22 3a 22 4a 53 4f 4e 20 66 6f 72 20 52 65 61 64 65 72 20 44 43 20 52 48 50 20 42 61 6e 6e 65 72 22 2c 22 64 61 74 61 54 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 2c 22 64 61 74 61 22 3a 22 65 79 4a 6a 64 47 45 69 4f 6e 73 69 64 48 6c 77 5a 53 49 36 49 6d 4a 31 64 48 52 76 62 69 49 73 49 6e 52 6c 65 48 51 69 4f 69 4a 47 63 6d 56 6c 49 44 63 74 52 47 46 35 49 46 52 79 61 57 46 73 49 69 77 69 5a 32 39 66 64 58 4a 73 49 6a 6f 69 61 48 52 30 63 48 4d 36 4c 79 39 68 59 33 4a 76 59 6d 46 30 Data Ascii: {"surfaces":{"DC_Reader_RHP_Banner":{"containers":[{"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","dataType":"application/json","data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49717	104.94.108.142	443	4320	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 12:14:34 UTC	475	OUT	GET /onboarding/smskillreader.txt HTTP/1.1 Host: armmf.adobe.com Connection: keep-alive Accept-Language: en-US,en;q=0.9 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ReaderServices/23.6.20320 Chrome/105.0.0.0 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br If-None-Match: "78-5faa31cce96da" If-Modified-Since: Mon, 01 May 2023 15:02:33 GMT
2024-04-26 12:14:34 UTC	198	IN	HTTP/1.1 304 Not Modified Content-Type: text/plain; charset=UTF-8 Last-Modified: Mon, 01 May 2023 15:02:33 GMT ETag: "78-5faa31cce96da" Date: Fri, 26 Apr 2024 12:14:34 GMT Connection: close

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: Acrobat.exePID: 4508, Parent PID: 1028

General

Target ID:	0
Start time:	14:14:20
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\2751726_2359360_Confirmation_Letter.pdf"
Imagebase:	0x7ff686a00000
File size:	5'641'176 bytes
MD5 hash:	24EAD1C46A47022347DC0F05F6EFBB8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 4292, Parent PID: 4508

General

Target ID:	2
Start time:	14:14:21
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: AcroCEF.exePID: 4320, Parent PID: 4292

General

Target ID:	4
Start time:	14:14:21
Start date:	26/04/2024
Path:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2108 --field-trial-handle=1648,i,2299410425946571322,14647256495210331629,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Imagebase:	0x7ff6413e0000
File size:	3'581'912 bytes
MD5 hash:	9B38E8E8B6DD9622D24B53E095C5D9BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 2751726_2359360_Confirmation_Letter.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\161501ca-6174-437f-aa92-2442bd5e8d47.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF650786.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\d5e44509-81b5-4b1a-9ae9-e83beeb88fd5.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240426121427Z-195.bmp

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2788

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Windows Analysis Report
2751726_2359360_Confirmation_Letter.pdf