Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
repo.noindex.zip

Overview

General Information

Sample name:repo.noindex.zip
Analysis ID:1501285
MD5:65766ecbf4e0757461f0ea20258d2789
SHA1:27e3289e2f366aa8e60dba0d4d40e72261ef3ac6
SHA256:205b46a7fb6036a4fea8de4124ddd9cae1bb5ecbeda81f1a4bd16dbe795bf6e9
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 5936 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • OpenWith.exe (PID: 5104 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
    • Acrobat.exe (PID: 7024 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\repo.noindex\repo.noindex\projectdata.rope" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 1668 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6428 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1600,i,3532387451054723791,1482370218202154262,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: classification engineClassification label: clean2.winZIP@18/36@1/1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7112Jump to behavior
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5104:120:WilError_03
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeFile created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-29 11-02-11-111.logJump to behavior
Source: C:\Windows\System32\OpenWith.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\repo.noindex\repo.noindex\projectdata.rope"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1600,i,3532387451054723791,1482370218202154262,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\repo.noindex\repo.noindex\projectdata.rope"Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1600,i,3532387451054723791,1482370218202154262,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exe TID: 1324Thread sleep count: 85 > 30Jump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\repo.noindex\repo.noindex\projectdata.rope"Jump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Rundll32		Security Account Manager11
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1501285 Sample: repo.noindex.zip Startdate: 29/08/2024 Architecture: WINDOWS Score: 2 21 chrome.cloudflare-dns.com 2->21 8 OpenWith.exe 27 9 2->8         started        10 rundll32.exe 2->10         started        process3 process4 12 Acrobat.exe 54 8->12         started        process5 14 AcroCEF.exe 100 12->14         started        process6 16 AcroCEF.exe 4 14->16         started        dnsIp7 19 chrome.cloudflare-dns.com 172.64.41.3, 443, 49722, 49723 CLOUDFLARENETUS United States 16->19

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
172.64.41.3
truefalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    172.64.41.3
    		chrome.cloudflare-dns.comUnited States
    		13335CLOUDFLARENETUSfalse

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1501285
    Start date and time:2024-08-29 17:01:11 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 2m 30s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:24
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:repo.noindex.zip
    Detection:CLEAN
    Classification:clean2.winZIP@18/36@1/1
    EGA Information:Failed
    HCA Information:
    • Successful, ratio: 100%
    • Number of executed functions: 0
    • Number of non-executed functions: 0
    Cookbook Comments:
    • Found application associated with file extension: .zip

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, backgroundTaskHost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 184.28.88.176, 107.22.247.231, 54.144.73.197, 18.207.85.246, 34.193.227.236
    • Excluded domains from analysis (whitelisted): www.bing.com, e4578.dscg.akamaiedge.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, p13n.adobe.io, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ssl-delivery.adobe.com.edgekey.net, evoke-windowsservices-tas.msedge.net, geo2.adobe.com
    • Report size getting too big, too many NtOpenKeyEx calls found.
    • Report size getting too big, too many NtProtectVirtualMemory calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • VT rate limit hit for: repo.noindex.zip

    Simulations

    Behavior and APIs

    TimeTypeDescription
    11:02:01API Interceptor1x Sleep call for process: OpenWith.exe modified

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    172.64.41.3file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  https://eu-files.jotform.com/jufs/Balciunas/form_files/mayeri.66cdabd2a5f975.43943309.pdf?md5=MSrOXntTEwGBrCuETzXGIw&expires=1724764002Get hashmaliciousUnknownBrowse
                    file.exeGet hashmaliciousUnknownBrowse
                      file.exeGet hashmaliciousUnknownBrowse

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                        • 172.64.41.3
                        file.exeGet hashmaliciousUnknownBrowse
                        • 172.64.41.3
                        file.exeGet hashmaliciousUnknownBrowse
                        • 172.64.41.3
                        file.exeGet hashmaliciousUnknownBrowse
                        • 162.159.61.3
                        file.exeGet hashmaliciousUnknownBrowse
                        • 162.159.61.3
                        file.exeGet hashmaliciousUnknownBrowse
                        • 162.159.61.3
                        file.exeGet hashmaliciousUnknownBrowse
                        • 172.64.41.3
                        file.exeGet hashmaliciousUnknownBrowse
                        • 172.64.41.3
                        file.exeGet hashmaliciousUnknownBrowse
                        • 172.64.41.3
                        file.exeGet hashmaliciousUnknownBrowse
                        • 162.159.61.3

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        CLOUDFLARENETUShttps://t4w86zlc.r.sa-east-1.awstrack.me/L0/https:%2F%2Fdeverechemicals3.s3.amazonaws.com%2FDeveres3project002files.htm/1/010301919a36c887-bd0fadb9-69a9-4c66-8a65-7770fcfd1a1e-000000/4liC3XgeimVwv5ob78Q6Bl4nESk=173Get hashmaliciousHTMLPhisherBrowse
                        • 104.17.25.14
                        http://econltractors.comGet hashmaliciousHTMLPhisherBrowse
                        • 172.67.209.24
                        https://rebrand.ly/340957Get hashmaliciousUnknownBrowse
                        • 1.1.1.1
                        0VCartoonizer_Trial.exeGet hashmaliciousLummaCBrowse
                        • 104.21.28.66
                        eSLlhErJ0q.exeGet hashmaliciousLummaC, Stealc, VidarBrowse
                        • 172.67.147.32
                        file.exeGet hashmaliciousUnknownBrowse
                        • 172.64.41.3
                        Page1.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                        • 104.26.13.205
                        https://elc-path.com/pdfglobal2/docs89q9eqwwe/login.php#wa=wsignin1.0&rpsnv=13&ct=1539585327&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3d715d44a2-2f11-4282-f625-a066679e96e2&id=292841&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015Get hashmaliciousHTMLPhisherBrowse
                        • 104.17.25.14
                        0Subtitle Edit.exeGet hashmaliciousLummaCBrowse
                        • 188.114.96.3
                        0Subtitle Edit.exeGet hashmaliciousLummaCBrowse
                        • 188.114.96.3

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):291
                        Entropy (8bit):5.1787191105724055
                        Encrypted:false
                        SSDEEP:6:N52Dq2PsHO2nKuAl9OmbnIFUt8857cHkZmw+857cHEkwOsHO2nKuAl9OmbjLJ:N0vkHVHAahFUt88h2k/+8h2E51HVHAae
                        MD5:C87599845D8F3B47BD3BEB4D7E66714A
                        SHA1:73EB692E97C613B0CFE95478B9B94C470FA36CDB
                        SHA-256:1C3888C4D5F1EFC8AC00D8A9DEDEF5346DB35AA1807BBA065FD794095CEC8517
                        SHA-512:414FE94B71E8247A0DCAFB466F617839514C89FC0682DF32FF89D20D2A2FB2A569E7EAD38B3FE3612601AB4A6C20D1A0B9FD7320872D7B25A1709460622F49D8
                        Malicious:false
                        Reputation:low
                        Preview:2024/08/29-11:02:11.768 b14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/29-11:02:11.771 b14 Recovering log #3.2024/08/29-11:02:11.771 b14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):291
                        Entropy (8bit):5.1787191105724055
                        Encrypted:false
                        SSDEEP:6:N52Dq2PsHO2nKuAl9OmbnIFUt8857cHkZmw+857cHEkwOsHO2nKuAl9OmbjLJ:N0vkHVHAahFUt88h2k/+8h2E51HVHAae
                        MD5:C87599845D8F3B47BD3BEB4D7E66714A
                        SHA1:73EB692E97C613B0CFE95478B9B94C470FA36CDB
                        SHA-256:1C3888C4D5F1EFC8AC00D8A9DEDEF5346DB35AA1807BBA065FD794095CEC8517
                        SHA-512:414FE94B71E8247A0DCAFB466F617839514C89FC0682DF32FF89D20D2A2FB2A569E7EAD38B3FE3612601AB4A6C20D1A0B9FD7320872D7B25A1709460622F49D8
                        Malicious:false
                        Reputation:low
                        Preview:2024/08/29-11:02:11.768 b14 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/08/29-11:02:11.771 b14 Recovering log #3.2024/08/29-11:02:11.771 b14 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):338
                        Entropy (8bit):5.162209439985261
                        Encrypted:false
                        SSDEEP:6:N5FFQyq2PsHO2nKuAl9Ombzo2jMGIFUt885F5G1Zmw+85FlnSQRkwOsHO2nKuAlx:NpQyvkHVHAa8uFUt88tg/+8xSQR51HVg
                        MD5:F12F62FC936B0B43C2380DEBE78CF694
                        SHA1:8EF7FD25CEE26BEE94B3C64B795EA13463B39BD0
                        SHA-256:2FFF88792361671E9A0DDFB4D4E3312955177D1D114FF54DB616A6DCC1710141
                        SHA-512:844DE6C57F34497F3535CABC7505B3C87338DCB2F58D7BF5D5F337FDA5CE1836EC68F7982F46772267DAF125E8E35806F0E6242FC390D0A6010EAD3F2718836E
                        Malicious:false
                        Reputation:low
                        Preview:2024/08/29-11:02:11.669 1690 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/29-11:02:11.672 1690 Recovering log #3.2024/08/29-11:02:11.673 1690 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):338
                        Entropy (8bit):5.162209439985261
                        Encrypted:false
                        SSDEEP:6:N5FFQyq2PsHO2nKuAl9Ombzo2jMGIFUt885F5G1Zmw+85FlnSQRkwOsHO2nKuAlx:NpQyvkHVHAa8uFUt88tg/+8xSQR51HVg
                        MD5:F12F62FC936B0B43C2380DEBE78CF694
                        SHA1:8EF7FD25CEE26BEE94B3C64B795EA13463B39BD0
                        SHA-256:2FFF88792361671E9A0DDFB4D4E3312955177D1D114FF54DB616A6DCC1710141
                        SHA-512:844DE6C57F34497F3535CABC7505B3C87338DCB2F58D7BF5D5F337FDA5CE1836EC68F7982F46772267DAF125E8E35806F0E6242FC390D0A6010EAD3F2718836E
                        Malicious:false
                        Reputation:low
                        Preview:2024/08/29-11:02:11.669 1690 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/08/29-11:02:11.672 1690 Recovering log #3.2024/08/29-11:02:11.673 1690 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\3d9a0d80-99f9-4f44-abc2-ea5de6f164ce.tmp

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:modified
                        Size (bytes):266
                        Entropy (8bit):4.8399217827843
                        Encrypted:false
                        SSDEEP:6:YHpoueHOJ3/QBRXH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/um3a2caq3QH7E4T3y
                        MD5:189D1E7452200FB5F191CA4C9612EEA9
                        SHA1:946C6758AFEC0895387158C16B7DBC0CAEDC6ABE
                        SHA-256:1BCC5FA9D73827B9F71217A320DA24E399596699AD273F6B2D5C430058E75B74
                        SHA-512:7F325B33BAEC7001241643BED036D81D4A15280A646E4D76598FF67E210A401943967C3EBC60183A483E52DC020995E3059AF09DEE2EE5505CAAE52F1756F8E7
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):266
                        Entropy (8bit):4.8399217827843
                        Encrypted:false
                        SSDEEP:6:YHpoueHOJ3/QBRXH2a9a1o3/QBR70S7PMVKJTnMRK3VY:YH/um3a2caq3QH7E4T3y
                        MD5:189D1E7452200FB5F191CA4C9612EEA9
                        SHA1:946C6758AFEC0895387158C16B7DBC0CAEDC6ABE
                        SHA-256:1BCC5FA9D73827B9F71217A320DA24E399596699AD273F6B2D5C430058E75B74
                        SHA-512:7F325B33BAEC7001241643BED036D81D4A15280A646E4D76598FF67E210A401943967C3EBC60183A483E52DC020995E3059AF09DEE2EE5505CAAE52F1756F8E7
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://armmf.adobe.com","supports_spdy":true},{"isolation":[],"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):6678
                        Entropy (8bit):5.240062840240158
                        Encrypted:false
                        SSDEEP:192:TUi8h+F8Aj8DRCGwtqzmsLnNreR2ZpjRe4I8qr9jnNI92D3jC+3ETKEAE8C5sSMm:jX8eQRUm
                        MD5:C8FC7EEAC3648BE8F476E51FC3A137AA
                        SHA1:95E8B52D04442CA6B58802B723D18092187C40C3
                        SHA-256:948340AC1FB6D54E09C00DBC35C28D16E981922F96B9EF9059F7078286068F74
                        SHA-512:F46F0DFE10BA62829DC785E597E07F509B2773222883E3ACE584BED054AFB9688C2FA2BFE22A703C1610C1A1B34F1566E466916BA649CD96F4EE69FB9111A65D
                        Malicious:false
                        Preview:*...#................version.1..namespace-....o................next-map-id.1.Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/.0F...r................next-map-id.2.Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/.1.p..r................next-map-id.3.Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/.2....o................next-map-id.4.Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.3..).^...............Pnamespace-42000ee3_e7f8_4e1a_acf9_c35e414a379e-https://rna-resource.acrobat.com/...^...............Pnamespace-ce27b6a8_7896_4616_ab45_36a5ede234ad-https://rna-resource.acrobat.com/.{VUa...............Snamespace-c3e8f6d4_f714_436a_92db_f0a4810aae6e-https://rna-v2-resource.acrobat.com/....a...............Snamespace-d0743b68_de08_4f3c_b7bc_aca178ee7ff1-https://rna-v2-resource.acrobat.com/yATuo................next-map-id.5.Pnamespace-eb3aef6d_d129_430c_a353_

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):326
                        Entropy (8bit):5.130124038745389
                        Encrypted:false
                        SSDEEP:6:N5L4YQyq2PsHO2nKuAl9OmbzNMxIFUt885LNASG1Zmw+85L5tYQRkwOsHO2nKuAo:Nd7QyvkHVHAa8jFUt88dNTg/+8d5SQR9
                        MD5:491628E15DA6CCCB6EE72D81E075E096
                        SHA1:BE413430703F406BB0B21AF682E48ACB1D790F04
                        SHA-256:0D8BF86F7CA0E10A61291EEE0F5A617A0EBB8D189296CAD367A63AE9FAFC505D
                        SHA-512:AEE008ABC09D9ADBB6D5E1D810BE3B9FD28C758F33BDF73B9E42828250FDD941751810169445C0332CB58C9682F153E10FA90CBE20594400F268AD5211207A58
                        Malicious:false
                        Preview:2024/08/29-11:02:11.801 1690 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/29-11:02:11.803 1690 Recovering log #3.2024/08/29-11:02:11.806 1690 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):326
                        Entropy (8bit):5.130124038745389
                        Encrypted:false
                        SSDEEP:6:N5L4YQyq2PsHO2nKuAl9OmbzNMxIFUt885LNASG1Zmw+85L5tYQRkwOsHO2nKuAo:Nd7QyvkHVHAa8jFUt88dNTg/+8d5SQR9
                        MD5:491628E15DA6CCCB6EE72D81E075E096
                        SHA1:BE413430703F406BB0B21AF682E48ACB1D790F04
                        SHA-256:0D8BF86F7CA0E10A61291EEE0F5A617A0EBB8D189296CAD367A63AE9FAFC505D
                        SHA-512:AEE008ABC09D9ADBB6D5E1D810BE3B9FD28C758F33BDF73B9E42828250FDD941751810169445C0332CB58C9682F153E10FA90CBE20594400F268AD5211207A58
                        Malicious:false
                        Preview:2024/08/29-11:02:11.801 1690 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/08/29-11:02:11.803 1690 Recovering log #3.2024/08/29-11:02:11.806 1690 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7112

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PostScript document text
                        Category:dropped
                        Size (bytes):185099
                        Entropy (8bit):5.182478651346149
                        Encrypted:false
                        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                        MD5:94185C5850C26B3C6FC24ABC385CDA58
                        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                        Malicious:false
                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:PostScript document text
                        Category:dropped
                        Size (bytes):185099
                        Entropy (8bit):5.182478651346149
                        Encrypted:false
                        SSDEEP:1536:JsVoWFMWQNk1KUQII5J5lZRT95tFiQibVJDS+Stu/3IVQBrp3Mv9df0CXLhNHqTM:bViyFXE07ZmandGCyN2mM7IgOP0gC
                        MD5:94185C5850C26B3C6FC24ABC385CDA58
                        SHA1:42F042285037B0C35BC4226D387F88C770AB5CAA
                        SHA-256:1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
                        SHA-512:652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
                        Malicious:false
                        Preview:%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\IconCacheAcro65536.dat

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):259864
                        Entropy (8bit):3.202660492858591
                        Encrypted:false
                        SSDEEP:1536:WpKP7iyzDtrh1cK3XEiv07VC/3AYvYwgn7rRo7+sn:AKP5T/3AYvYwg7Fo7+sn
                        MD5:BE9BCC8BB2DB177C5D0157BDE4A1D3FE
                        SHA1:31836566F2EBE2EB88519AA3771D24DB439D9457
                        SHA-256:19D825CC20881511801CAA8DD9107805442C3B7685AF39FF16944287482659AD
                        SHA-512:6BB9C6B2AD532D72F5B5D687B8D9F04CFBB4DFC62294283DCE484928F20BCAFD21E61798F303FA3CF7288B10CF0F4A6AC2B83E17C55BE9E819A9960ABF61BDCE
                        Malicious:false
                        Preview:Adobe Acrobat Reader (64-bit) 23.6.20320....?A12_AV2_Search_18px.............................................................................................................KKK KKK.KKK.KKK.KKK.KKK.KKK@........................................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.............................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.........................KKK.KKK.KKK.KKK0....................KKK.KKK.KKK.KKK`....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK.KKK.....................................KKK.KKK.....................KKK.KKK.KKK0................................KKK.KKK.....................KKK`KKK.KKK.............................KKK@KKK.KKK.....................KKK.KKK.KKK.KKK@....................KKK.KKK.KKK.KKK`........................KKKPKKK.KKK.KKK.KKK.........KKKPKKK.KKK.KKK.KKK.............................KKK`KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK.KKK

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):295
                        Entropy (8bit):5.371184861871753
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJM3g98kUwPeUkwRe9:YvXKXqLmJtO/jx6mfnGMbLUkee9
                        MD5:BFA1AEFB1B7B671FDADF8B0CADD27E73
                        SHA1:31B05F174893B120B90ADE36ED7CD49FC439E73E
                        SHA-256:2F2E6EE5BAB85A184733AEE67E497D6F6F3BD580F6D950843E27E46E4009CC28
                        SHA-512:975BC5CE8F43CBBFCF82BFF3F5ECE3C9DE90BD8AEC4A0960EA604E57274990AB19CF3AE423CE6D106DC093190B2A61461C33A6317429F7F2F16A9E42D5102043
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.316137287339679
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfBoTfXpnrPeUkwRe9:YvXKXqLmJtO/jx6mfnGWTfXcUkee9
                        MD5:71F6457E355265C9452C98C9DE3F14BB
                        SHA1:E19867BF9E36CE5533D226A5D44BBB3C9AD5F43C
                        SHA-256:664C27F9A60AC891A65A297703765EECEAC15DE7016FA428547FEF901C3DAADB
                        SHA-512:E654B997A91686034EB134ADFDEE60306528E666207DB807467A68D941C6667D317C49ECE4142835CF513965078C551C45BFF06A69E358C1BBE57DDEDAD1ABC9
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):294
                        Entropy (8bit):5.294685603865684
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfBD2G6UpnrPeUkwRe9:YvXKXqLmJtO/jx6mfnGR22cUkee9
                        MD5:4764B94F823961DF7402BA92C974D3C9
                        SHA1:4AEDE0088128BE110623F9DB63909018B095FF9D
                        SHA-256:05A21B0CD21C3E1B2598D3B8EE3700E810DD6BD9994F7C79D9A804B8E612F49E
                        SHA-512:F5EB0033CE40EC42C4A8EC5B31D87FC63C8B5DF72E3F74737BE17DCC6A09A2004D0711D5E9AA516C647B2AC363C9EB4BF4E9BFFC1257F715F89146CC66175F51
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):285
                        Entropy (8bit):5.357555783374013
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfPmwrPeUkwRe9:YvXKXqLmJtO/jx6mfnGH56Ukee9
                        MD5:FCB12767A807B8474BE9555B1A9B4D45
                        SHA1:B6DE687A6718297ABD58ACD69DBAE747847F1D0C
                        SHA-256:CC1152984F427CC1C9D5F2041E794913BDAFE588DCCF5BE71A4A1C7FD4270CFF
                        SHA-512:3AAAF94523E8E667DE3F543810589545B0E78ACF9BD39826A88919666C8EA38957AC327F4E32F3554EC38065F317E5D2B0B2F3E5D013092D1B2513DC961B13AF
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1063
                        Entropy (8bit):5.671316553318692
                        Encrypted:false
                        SSDEEP:24:Yv6XqLmJtO/d60spLgEFqciGennl0RCmK8czOCY4w2a:Yv1KQ8NhgLtaAh8cvYvV
                        MD5:611674CC914583EA889353E31D5A5C9F
                        SHA1:5702CB9A4374E82AAADE1F75643D1048E2C3B435
                        SHA-256:CE46DDEFD1DEF1A1617F3C0CFDD1116D4476CF8ABE38742134FA3B60B84EDD7F
                        SHA-512:7BF41580A7BFCDD26F758037F1CF89D1220451F68FCF98EE127A147E4ACD7029A5803CD97E9F30A02F2E5CB913809277B9CA502C4C6D53A30F36477189CD24AD
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1050
                        Entropy (8bit):5.6595018532375265
                        Encrypted:false
                        SSDEEP:24:Yv6XqLmJtO/d60GVLgEF0c7sbnl0RCmK8czOCYHflEpwiVa:Yv1KQ8RFg6sGAh8cvYHWpw/
                        MD5:26CCA7147502AB7BCB3524546E84520B
                        SHA1:53236488DD46EF3AA62980A9D623EC5DAEE6A9DA
                        SHA-256:BC7D023F495BE690C1494D3292C83F1EC8943BA2C8E5F460BC9C7265E244CBD2
                        SHA-512:23E4BA4962B69ECB62107DB652FC8FE971C8CC927836D888224E31F64B5A2EA7154EBB2DE6A973BE48C165283EB2183F8E0EFFEE558C4ABC24E22EEB48059CB1
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):292
                        Entropy (8bit):5.3073095748466095
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfQ1rPeUkwRe9:YvXKXqLmJtO/jx6mfnGY16Ukee9
                        MD5:91EF3C573535B330217247A78FF6E362
                        SHA1:9D077BDC293874781658D3E42268F9EF2C2067BD
                        SHA-256:D3684D9FCD6F4964A869E1ADB813422502F31254050E4BE455F2B52C2E00FAAC
                        SHA-512:FCB6A5C56348CD9DC0FA8365A33D402E802B2A04B921E24FF67AE0BC31D39F88F2E2DDCBF4DFE089E29E7FC3FA1EA5FBDC5A15C1A153759CD991D059F878FCD7
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1038
                        Entropy (8bit):5.652858086753852
                        Encrypted:false
                        SSDEEP:24:Yv6XqLmJtO/d60z2LgEF7cciAXs0nl0RCmK8czOCAPtciBa:Yv1KQ8Aogc8hAh8cvAs
                        MD5:8D942A9F06048F40A77FF5ECC43A0EDC
                        SHA1:2B4F15B9BE43D2D82772E0D383950ED8D93A90DB
                        SHA-256:C0BDBE05B73E4E8D706B69DCD9E749F60517086E64FA38D72711ACC3013EBC65
                        SHA-512:9508980FBC43C39EF6AAA9726ECD42E59FC6EF96E60C03B16718671953D4C2309E347DC05412B1B92554095A2CA01A47FD9C87236773C611F4BAE54BA85D7BAE
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1164
                        Entropy (8bit):5.70367371535181
                        Encrypted:false
                        SSDEEP:24:Yv6XqLmJtO/d60/KLgEfIcZVSkpsn264rS514ZjBrwloJTmcVIsrSK5a:Yv1KQ8IEgqprtrS5OZjSlwTmAfSKQ
                        MD5:3A936A9BD00C29D3329E8C6C8D948262
                        SHA1:AB158A86154F995094778485A7A4F4DA4FD81EF8
                        SHA-256:0CBC10AF57B0AF285B72396E58193A7840A0EE9DE158BC1F6443699D63E353B2
                        SHA-512:590A62088F20997250F50733742713D4FFA5AE3407ABE064722491433BD5EA3F5985F0F573F58684C179C4E6B4695A1BFB6D967735AC8AF4CBA998A3AC04DEDC
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):289
                        Entropy (8bit):5.313963521595309
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfYdPeUkwRe9:YvXKXqLmJtO/jx6mfnGg8Ukee9
                        MD5:E762777E39F995AAB8EF6A03B4367850
                        SHA1:6B8DC7886C96E4AC22332D287EEDD8CC271A9C17
                        SHA-256:2C36A29D29EF4BA7006927469A4A10C091E79C89A3E112B5A7A5745B1EC213F7
                        SHA-512:D40B33D90EFD4997D781B4DF3E5AA07E045E8755AF81438F2DA93A61C768957B06D014475826E53787ECA95518024548D75CF9E3978F0E1C09E7085158CBF2E2
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1395
                        Entropy (8bit):5.779279443199217
                        Encrypted:false
                        SSDEEP:24:Yv6XqLmJtO/d60CrLgEGOc93W2JeFmaR7CQzttgBcu141CjrWpHfRzVCV9FJNqS:Yv1KQ8nHgDv3W2aYQfgB5OUupHrQ9FJj
                        MD5:CE68EDB05563CD69FBA6FB154C0E8615
                        SHA1:524F6301BFE96A8960C490B01DFCAD348DAF49F6
                        SHA-256:83EA1228893EA710F77EB648E1F25E43BEF0A8B639987651991EF96D353607E2
                        SHA-512:8EB89B97BAAFD803D69E59AEAC6D3C418AF66C02AADF705CF4C4C6E9258E9AC6B9371ECF5D19C878310DB7727F5E5A0A8464E109F6D4A14BFAF2466CD0950293
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):291
                        Entropy (8bit):5.2974146500485855
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfbPtdPeUkwRe9:YvXKXqLmJtO/jx6mfnGDV8Ukee9
                        MD5:ABD29FE755FD288D411B062E80923421
                        SHA1:5FA7F08DDE98340C559DBB7CC00756BCF4202F58
                        SHA-256:B7A6ACA57797E1AD3D253B344130969D8FB4B804E1F45A7F2E093FF76B1EB120
                        SHA-512:94977D4072267DB55D19777A9D6940931211E1D1C6586BB7E6A241ED38FD435F60651CBF9494B790F982684DEEBBB0CC6052C73F76485087DF80C99E54B348EE
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):287
                        Entropy (8bit):5.298631395232863
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJf21rPeUkwRe9:YvXKXqLmJtO/jx6mfnG+16Ukee9
                        MD5:62A38A2DFE2304C328AA86711EC293C8
                        SHA1:17F0FEE78EC37B806F11C85F11E4497CDF20BAB0
                        SHA-256:DB607DCB4EC5586DA46936E59120F44FF3C83D36DD7AB331A74F18AD7D922DFE
                        SHA-512:C92929A80F23E3FEBBF4137AFB629A9F4F845EC14FFCB6F47B8B7477F692E9C4184DD4D4A297F17A862C4D4D6153198D9654FB80EE35C3BA11A21F5CA9AC5B5D
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):1058
                        Entropy (8bit):5.661789928272587
                        Encrypted:false
                        SSDEEP:24:Yv6XqLmJtO/d60YamXayLgEFRcONaqnl0RCmK8czOC+w2E+tg8Ba:Yv1KQ8pBguOAh8cv+NKN
                        MD5:EDD07E56624054322264398C739F4E4C
                        SHA1:C683EF08704F9DA59EE821167CD00289C043B8F7
                        SHA-256:1A5AF96F32C25FBB9F2EA05B54718C05A52514A1525EB000C0642A74DA169E4D
                        SHA-512:8EEB067E8FA60B2C6BCF4D4B34ADAC85F7683DE2C393038F14A2C81D7EDAD8E4E150DC6F09785340B12251B550AE2B5271C7746C7B5A63D27FAFBED3EE1BBDED
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):286
                        Entropy (8bit):5.274116574082868
                        Encrypted:false
                        SSDEEP:6:YEQXJ2HXqLmRmMY2O/jx6mJ0YbUoAvJfshHHrPeUkwRe9:YvXKXqLmJtO/jx6mfnGUUUkee9
                        MD5:FD6549B8D3B55DC7808D344F1D7E61F5
                        SHA1:E1298277E44292ACEE190850D0BFC63413F6ABB0
                        SHA-256:CCCD584BFB9D0338D05723A9C934C576C7B38FF02111877121DA22D5ECF26D9F
                        SHA-512:2C2BCDAC9EAE7A589AC0A7702F67B46CA6CB67773E17BC5190F9B9A73EBF7350F099978CC93FADFE97C42A18A0FE3DDBDB49CF3DE5DED6314643381F4AD90C80
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):782
                        Entropy (8bit):5.374926476268232
                        Encrypted:false
                        SSDEEP:12:YvXKXqLmJtO/jx6mfnGTq16Ukee1+3CEJ1KXd15kcyKMQo7P70c0WM6ZB/uhW+:Yv6XqLmJtO/d60n168CgEXX5kcIfANh/
                        MD5:18942DD284EEBBEA028B65FCED1C582C
                        SHA1:CED963012066B0C711BC651B65505F6DF6188E90
                        SHA-256:4ABAEF88AD14F306BFDF2B5F674C3DFD450BB1F5BD7BC211305F063042EBF854
                        SHA-512:FBF2CD62A70E082A33B83236C9F8CA4D4E40128FF44D0865396B1E5A01C543FA6536242EE523A954976B2C4779187CBDF7EB7A082D3326B3E5DEF89F643F0A52
                        Malicious:false
                        Preview:{"analyticsData":{"responseGUID":"3f5f8ed8-42fe-4049-9c9c-511910bf5ddf","sophiaUUID":"94B2C178-E1F7-4D12-8BEA-76F4017C8DA0"},"encodingScheme":true,"expirationDTS":1725117046665,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1724943736692}}}}

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):4
                        Entropy (8bit):0.8112781244591328
                        Encrypted:false
                        SSDEEP:3:e:e
                        MD5:DC84B0D741E5BEAE8070013ADDCC8C28
                        SHA1:802F4A6A20CBF157AAF6C4E07E4301578D5936A2
                        SHA-256:81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
                        SHA-512:65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
                        Malicious:false
                        Preview:....

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:JSON data
                        Category:dropped
                        Size (bytes):2818
                        Entropy (8bit):5.148859962195208
                        Encrypted:false
                        SSDEEP:24:YlYKajO13ay2A49oLlNCYQwB1cVq/XEYf1auYrjhzG3j0S56AB2ki2LSbmK5Y/9f:YwO1VvQQcOXf1XchyzvuJmKS/9Xv
                        MD5:F7A2C8E423D738E19F4F4137651C0994
                        SHA1:AA4A9F694F3C77D45DC934DF1D76C3599B352548
                        SHA-256:BADB99D1A5FF202AB83AFB011FD189D8BA255383AEBE9F9D6889439F0ADE5362
                        SHA-512:9B0398582B6926D645269A6BD57105D80C74800CBBCA5C7704A265331BB946A8720720AB5F70F720E7B4E7ACC9388EF2D0B34E1771663B42395DDD7A04A25AB9
                        Malicious:false
                        Preview:{"all":[{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"151fcd1b81e8c332e98208da5654d90f","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1724943736000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"3f0cc9ce2468d66bec8892dca8dfb49e","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1724943736000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"fd9256a6b643b0b4b311088b57b34b70","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1724943736000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"9e9b468ec2280c736a2d13d7748ce7b6","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1724943736000},{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"4addeb6f8709bf74eac62321f078fb91","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1724943736000},{"id":"Edit_InApp_Aug2020","info":{"dg":"f859994d1d08ccb5fe2e24b9c63bf8f5","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23
                        Category:dropped
                        Size (bytes):12288
                        Entropy (8bit):1.3574318660069264
                        Encrypted:false
                        SSDEEP:48:TVl2GL7msncRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22Lct15BvP8tJ:vVmssZnrFpPtIJ
                        MD5:76F39A42C8A606E93F16A0037AC232C9
                        SHA1:1A066A60D7FD99D85DE7B4E6BA06D76011191D72
                        SHA-256:EA5C1F043C59CF8FFF50F5CB3DE0BBD5FB731C2BFB5B665E15A58B9D8A0FBC62
                        SHA-512:78DE7ADD5A8BCA0AAF21DC770E5747D7EFB2B2BCF636BE5D2A70A007A0E2A93D9D44324F604BE7F2248FD1CD5A5B2D34596D84784C17ED6BBFD2661459BBF3BB
                        Malicious:false
                        Preview:SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:SQLite Rollback Journal
                        Category:dropped
                        Size (bytes):8720
                        Entropy (8bit):1.831629651807497
                        Encrypted:false
                        SSDEEP:48:7M8WcRVbjVpOV6cV6+VZeVZvVZCVZW/Vk/Vhjv2ubCs22Lct8BvPxcjqll2GL7mw:7BZnrFp8teqVmsN
                        MD5:642F4777A24A6EE28890CDC0AEE2D234
                        SHA1:7B23D073F03C531E81FEB110BE80FB2241ED755A
                        SHA-256:51FEFEC0BA29007D9251C07891E6C914D455F1B90293A6979E78E8CFA568AC52
                        SHA-512:931FD3518516266AA80DAA5CA89980039C983C8344AE60669DB870CDAB77A4C6F44FC2EF1C94B9904CB8C4737AA39A43520CA289EB3E421B64F2AC0B390643A5
                        Malicious:false
                        Preview:.... .c......p<.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v.../.././././.-.-.-.-.-.-.-.-.-.-.-.-.-.-........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                        C:\Users\user\AppData\Local\Temp\MSId55d7.LOG

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):246
                        Entropy (8bit):3.5178552411299933
                        Encrypted:false
                        SSDEEP:6:Qgl946caEbiQLxuZUQu+lEbYnuoblv2K8xIAdlxYle:Qw946cPbiOxDlbYnuRK4ew
                        MD5:46C9F7C4F15E370F173C4CFEBCDE2C2E
                        SHA1:8A6371B8D87BFDD199660539C056C45EFDF7750C
                        SHA-256:FF313F73CE935C413FA314ED11F33F1A154D01B1AA9D4CE3BF7E706F26EBCE66
                        SHA-512:10739A4072B1488C4409DD3733330163FB7CCD9E65521E40082C74A9631A645C4806EA747A8BC194F668665ECE0F49CA17DC410E7CFC8EE5D554FC8C93E76B21
                        Malicious:false
                        Preview:..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.9./.0.8./.2.0.2.4. . .1.1.:.0.2.:.1.6. .=.=.=.....

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-08-29 11-02-11-111.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393)
                        Category:dropped
                        Size (bytes):16525
                        Entropy (8bit):5.359827924713262
                        Encrypted:false
                        SSDEEP:384:yNDmLJAZYTtvEcrd/GVMimVRMTzpCeb9sJVPbvHktuFKr4Bnk2DfNSNq8iwyhZ9u:bAPaRH9E3/
                        MD5:06DEAEDB81D09FD8FB5FF668D8E09CB2
                        SHA1:28A02BCBD5975117B97A08AFB049F2C94F334726
                        SHA-256:D98DE785425112A2D7A41B16073812FA4FA4955F2D5139AE87C9A5FBC4717D64
                        SHA-512:948E3B56E5A8D818A5FE9D74B82A898F7264909ADF2C49E5D096CB90F4D28ED95990545A4857933F0E06D493AA0F6D41F6109C74B44BC0E4B84346B519681936
                        Malicious:false
                        Preview:SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:755+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=c98ebd97-9477-4d7e-bd0c-12efa5f01bab.1696586972755 Timestamp=2023-10-06T12:09:32:756+0200 ThreadID=6536 Component=ngl-lib_NglAppLib Description="SetConfig:

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with very long lines (393), with CRLF line terminators
                        Category:dropped
                        Size (bytes):16601
                        Entropy (8bit):5.331721039934923
                        Encrypted:false
                        SSDEEP:384:A6mDRN4+McLb0PiLhuQDw2fii5uWlEYD5WoceieD2R0nprPhfBykE1Els/RUaDzG:cwD6
                        MD5:A4896676354044C67E4A7149E8C80FF0
                        SHA1:B63208F9B8965FE34EF149261A8227F5F900C1B8
                        SHA-256:827D90D7D302DDBC4D08C79E0CDC87D8A1EC21796D545743B1F541A026EB0349
                        SHA-512:C29D58538DF79180C2E1CD7ABAA962FC9A449C89ED0DB7AEA2940605589C758E700417EFE7029EE96A61D7B090F8C6D4E47ECED4551367F67F7C35A625038812
                        Malicious:false
                        Preview:SessionID=2c5e094a-0aa3-4851-bc3e-0c3df9a5d699.1724943731142 Timestamp=2024-08-29T11:02:11:143-0400 ThreadID=2304 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=2c5e094a-0aa3-4851-bc3e-0c3df9a5d699.1724943731142 Timestamp=2024-08-29T11:02:11:145-0400 ThreadID=2304 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=2c5e094a-0aa3-4851-bc3e-0c3df9a5d699.1724943731142 Timestamp=2024-08-29T11:02:11:145-0400 ThreadID=2304 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=2c5e094a-0aa3-4851-bc3e-0c3df9a5d699.1724943731142 Timestamp=2024-08-29T11:02:11:145-0400 ThreadID=2304 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=2c5e094a-0aa3-4851-bc3e-0c3df9a5d699.1724943731142 Timestamp=2024-08-29T11:02:11:146-0400 ThreadID=2304 Component=ngl-lib_NglAppLib Description="SetConf

                        C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

                        Download File
                        Process:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):35814
                        Entropy (8bit):5.419588301101041
                        Encrypted:false
                        SSDEEP:192:fcbmI6ccb9cb+IqccbdcbIIl3cbXcbWIS+cb4cbIIJzcb6HPcboI/5cb6:g6sqGlVS/JVHS/T
                        MD5:B8D38E259C616D52164F8A08FF8422B5
                        SHA1:70599CEAFB939321E2DC41DCE6C5A1A2241C62ED
                        SHA-256:E33F20B426E4228D6A6134CB8026399FD80C8AF027C39157EACECFA764D41F9D
                        SHA-512:18FA833196BA64115303F297ED5CE76B33749EAD6D6FE948BD44C9ADFA244F5BE9C2BBC39102355CF7A146498E857C0332DF6FB72892C555C54660A1C6F84EA8
                        Malicious:false
                        Preview:06-10-2023 11:44:59:.---2---..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ***************************************..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : ******** Starting new session ********..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 11:44:59:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 11:44:59:.Closing File..06-10-

                        Static File Info

                        General

                        File type:Zip archive data, at least v2.0 to extract, compression method=store
                        Entropy (8bit):7.994672858687464
                        TrID:
                        • ZIP compressed archive (8000/1) 100.00%
                        File name:repo.noindex.zip
                        File size:304'182 bytes
                        MD5:65766ecbf4e0757461f0ea20258d2789
                        SHA1:27e3289e2f366aa8e60dba0d4d40e72261ef3ac6
                        SHA256:205b46a7fb6036a4fea8de4124ddd9cae1bb5ecbeda81f1a4bd16dbe795bf6e9
                        SHA512:fd41f9c8ee95ad14357f1f2e416b3f533c4c3941c8e1f8d9f8eac5926545bed2f793e86964cd2b810506e213c9832806146af583b506c88406f23bc001f95adb
                        SSDEEP:6144:hdyFRljrTetZRzwjMtGM6VHdRXIz1n6QEjxcWNjzvZBwufsCUtFU:hdylrTetZqj8GppdWq1lBwNdU
                        TLSH:FF5412006DDDAFC7D96B633601079C444B66AAFC91E6F23C9726BB18F096A904C1737B
                        File Content Preview:PK.........x.Y................repo.noindex/config[core]..bare = true..repositoryformatversion = 0..filemode = false..symlinks = false..ignorecase = true.PK....rrh...h...PK.........x.Y............ ...repo.noindex/hooks/README.sample#!/bin/sh.#.# Place appr

                        File Icon

                        Icon Hash:1c1c1e4e4ececedc

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 29, 2024 17:02:17.439496994 CEST49722443192.168.2.17172.64.41.3
                        Aug 29, 2024 17:02:17.439517975 CEST44349722172.64.41.3192.168.2.17
                        Aug 29, 2024 17:02:17.439590931 CEST49722443192.168.2.17172.64.41.3
                        Aug 29, 2024 17:02:17.439903975 CEST49722443192.168.2.17172.64.41.3
                        Aug 29, 2024 17:02:17.439913988 CEST44349722172.64.41.3192.168.2.17
                        Aug 29, 2024 17:02:17.440571070 CEST49723443192.168.2.17172.64.41.3
                        Aug 29, 2024 17:02:17.440602064 CEST44349723172.64.41.3192.168.2.17
                        Aug 29, 2024 17:02:17.440661907 CEST49723443192.168.2.17172.64.41.3
                        Aug 29, 2024 17:02:17.441355944 CEST49723443192.168.2.17172.64.41.3
                        Aug 29, 2024 17:02:17.441371918 CEST44349723172.64.41.3192.168.2.17
                        Aug 29, 2024 17:02:17.662174940 CEST49723443192.168.2.17172.64.41.3
                        Aug 29, 2024 17:02:17.670332909 CEST49722443192.168.2.17172.64.41.3
                        Aug 29, 2024 17:02:17.708492994 CEST44349723172.64.41.3192.168.2.17
                        Aug 29, 2024 17:02:17.716494083 CEST44349722172.64.41.3192.168.2.17
                        Aug 29, 2024 17:02:17.896123886 CEST44349723172.64.41.3192.168.2.17
                        Aug 29, 2024 17:02:17.896234035 CEST44349723172.64.41.3192.168.2.17
                        Aug 29, 2024 17:02:17.896281004 CEST49723443192.168.2.17172.64.41.3
                        Aug 29, 2024 17:02:17.896281004 CEST49723443192.168.2.17172.64.41.3
                        Aug 29, 2024 17:02:17.896949053 CEST44349722172.64.41.3192.168.2.17
                        Aug 29, 2024 17:02:17.897032022 CEST49722443192.168.2.17172.64.41.3

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Aug 29, 2024 17:02:17.431202888 CEST5324653192.168.2.171.1.1.1
                        Aug 29, 2024 17:02:17.438348055 CEST53532461.1.1.1192.168.2.17

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Aug 29, 2024 17:02:17.431202888 CEST192.168.2.171.1.1.10x86e6Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Aug 29, 2024 17:02:17.438348055 CEST1.1.1.1192.168.2.170x86e6No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                        Aug 29, 2024 17:02:17.438348055 CEST1.1.1.1192.168.2.170x86e6No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:11:01:40
                        Start date:29/08/2024
                        Path:C:\Windows\System32\rundll32.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        Imagebase:0x7ff7df260000
                        File size:71'680 bytes
                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:5
                        Start time:11:02:00
                        Start date:29/08/2024
                        Path:C:\Windows\System32\OpenWith.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                        Imagebase:0x7ff6d3610000
                        File size:123'984 bytes
                        MD5 hash:E4A834784FA08C17D47A1E72429C5109
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:19
                        Start time:11:02:07
                        Start date:29/08/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\repo.noindex\repo.noindex\projectdata.rope"
                        Imagebase:0x7ff7110c0000
                        File size:5'641'176 bytes
                        MD5 hash:24EAD1C46A47022347DC0F05F6EFBB8C
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:20
                        Start time:11:02:10
                        Start date:29/08/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
                        Imagebase:0x7ff7334f0000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        General

                        Target ID:21
                        Start time:11:02:11
                        Start date:29/08/2024
                        Path:C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2276 --field-trial-handle=1600,i,3532387451054723791,1482370218202154262,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
                        Imagebase:0x7ff7334f0000
                        File size:3'581'912 bytes
                        MD5 hash:9B38E8E8B6DD9622D24B53E095C5D9BE
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Disassembly

                        No disassembly