Edit tour

Windows Analysis Report
ppop_verification_request.zip

Overview

General Information

Sample name:	ppop_verification_request.zip
Analysis ID:	1428769
MD5:	f2a28541d1b4cb1a6fb00495d78970c7
SHA1:	06380029fe042a4c9a29796d626edca04d25fbef
SHA256:	da951a118e08263357427047351f95c30ebb6b577e56fcd8a618e445c0373d09

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Snort IDS alert for network traffic

Classification

Process Tree

System is w10x64_ra

rundll32.exe (PID: 6568 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

Acrobat.exe (PID: 6568 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_ppop_verification_request.zip\LETTER OF AVAILABILITY OF PRODUCT_page-0001.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 6472 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 1304 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2156 --field-trial-handle=1596,i,6208737274966404848,17431096215579782997,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

ETPRO TROJAN Agent Tesla CnC Exfil Activity - Source IP: 192.168.2.5 - Destination IP: 135.181.124.14

Timestamp:	04/19/24-15:37:03.080820
SID:	2855542
Source Port:	49705
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Agent Tesla Exfil via SMTP - Source IP: 192.168.2.5 - Destination IP: 135.181.124.14

Timestamp:	04/19/24-15:37:03.080820
SID:	2855245
Source Port:	49705
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 - Source IP: 192.168.2.5 - Destination IP: 135.181.124.14

Timestamp:	04/19/24-15:37:03.080820
SID:	2840032
Source Port:	49705
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Win32/Agent Tesla SMTP Activity - Source IP: 192.168.2.5 - Destination IP: 135.181.124.14

Timestamp:	04/19/24-15:37:03.080820
SID:	2839723
Source Port:	49705
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN AgentTesla Exfil Via SMTP - Source IP: 192.168.2.5 - Destination IP: 135.181.124.14

Timestamp:	04/19/24-15:37:03.080820
SID:	2030171
Source Port:	49705
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN Agent Tesla Telegram Exfil - Source IP: 192.168.2.5 - Destination IP: 135.181.124.14

Timestamp:	04/19/24-15:37:03.080820
SID:	2851779
Source Port:	49705
Destination Port:	587
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2855542 ETPRO TROJAN Agent Tesla CnC Exfil Activity 192.168.2.5:49705 -> 135.181.124.14:587
Source: Traffic	Snort IDS: 2855245 ETPRO TROJAN Agent Tesla Exfil via SMTP 192.168.2.5:49705 -> 135.181.124.14:587
Source: Traffic	Snort IDS: 2851779 ETPRO TROJAN Agent Tesla Telegram Exfil 192.168.2.5:49705 -> 135.181.124.14:587
Source: Traffic	Snort IDS: 2840032 ETPRO TROJAN Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 192.168.2.5:49705 -> 135.181.124.14:587
Source: Traffic	Snort IDS: 2030171 ET TROJAN AgentTesla Exfil Via SMTP 192.168.2.5:49705 -> 135.181.124.14:587
Source: Traffic	Snort IDS: 2839723 ETPRO TROJAN Win32/Agent Tesla SMTP Activity 192.168.2.5:49705 -> 135.181.124.14:587

Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708

Source: classification engine

Classification label: mal48.winZIP@19/37@0/20

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4216

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-43-19-575.log

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\Temp1_ppop_verification_request.zip\LETTER OF AVAILABILITY OF PRODUCT_page-0001.pdf"
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2156 --field-trial-handle=1596,i,6208737274966404848,17431096215579782997,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 0CA561018861774839103ED9175540F1
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2156 --field-trial-handle=1596,i,6208737274966404848,17431096215579782997,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown

Source: ppop_verification_request.zip

Static file information: File size 1784469 > 1048576

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Rundll32	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Process Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
184.25.164.138	unknown	United States	9498	BBIL-APBHARTIAirtelLtdIN	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
52.202.204.11	unknown	United States	14618	AMAZON-AESUS	false
184.31.60.185	unknown	United States	16625	AKAMAI-ASUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428769
Start date and time:	2024-04-19 15:41:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	ppop_verification_request.zip
Detection:	MAL
Classification:	mal48.winZIP@19/37@0/20
Cookbook Comments:	Found application associated with file extension: .zip

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.31.60.185, 52.202.204.11, 23.22.254.206, 54.227.187.23, 52.5.13.197, 23.34.82.6, 23.34.82.7, 162.159.61.3, 172.64.41.3, 104.76.210.69, 104.76.210.84
Excluded domains from analysis (whitelisted): fs.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: ppop_verification_request.zip

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.2552532010176165
Encrypted:	false
SSDEEP:
MD5:	81B06E0226FE9982659FCC2ECE03ABE6
SHA1:	B69B7BD300D900A995A453757DBD4CE42ABA872D
SHA-256:	7511A42C7A2E1A8071AC296575B9382541B95AB465379970E8F823CA5580F5B2
SHA-512:	C34015B4C60AA0A9197C1CD1E01A8F66604DAB4613ED8ABC2561BA9BB1A5D15B611DBF51AE7F0F9D0AA9B88CD0769767E3642D69E17EFD7D1CF32B8586F108A6
Malicious:	false
Reputation:	unknown
Preview:	2024/04/19-15:43:17.521 690 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/19-15:43:17.522 690 Recovering log #3.2024/04/19-15:43:17.523 690 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	333
Entropy (8bit):	5.213937708028093
Encrypted:	false
SSDEEP:
MD5:	0B22483163EE0DA2D4BDB097D23A083B
SHA1:	8DE88B994CACBCC0CE966DFAECB94D49E2DEC486
SHA-256:	E2E31E3989154E2231054AE2F268FCE3B0EC1EC40A647329A5265F73C04E6131
SHA-512:	477690504BF28A7186E2FBB3334D9CCF09E9C8BE7D10366DD763D1130B10E065E2B00F91A5FCF848995875769BCC5AAB8761FD41B00833CD326D3687739411B8
Malicious:	false
Reputation:	unknown
Preview:	2024/04/19-15:43:17.399 dfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/19-15:43:17.404 dfc Recovering log #3.2024/04/19-15:43:17.406 dfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	7400
Entropy (8bit):	5.245582085035477
Encrypted:	false
SSDEEP:
MD5:	BA0027DB01469FC32B53B0B70E23AF91
SHA1:	1963D16DE703B6F20E0000C06F0BF53264F9AD40
SHA-256:	44A578D0D09F8DECC2CA47BC328D48425F75F2E00C71B651962875FE684BE58E
SHA-512:	6FC809AD67988D3FF9FCCB202AB666B3438BA24BE2D7B3DFBB522FC547852D77101411B3A3E72E63A25CDDE4F30CA16DA660EB945224D487F03D6FEFA5F82BA1
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-...o................next-map-id.1.Pnamespace-5767294d_7b9a_47c6_b1e0_955ef27d1acf-https://rna-resource.acrobat.com/.0=..Nr................next-map-id.2.Snamespace-0be79751_1d4a_40c3_9b57_40751dcd8802-https://rna-v2-resource.acrobat.com/.1....r................next-map-id.3.Snamespace-90f7539d_81d9_41c2_b2e3_1ee7ed96c7c7-https://rna-v2-resource.acrobat.com/.2S.<.o................next-map-id.4.Pnamespace-1700ec5e_d769_43b7_97b8_3e6ca674d396-https://rna-resource.acrobat.com/.3...^...............Pnamespace-5767294d_7b9a_47c6_b1e0_955ef27d1acf-https://rna-resource.acrobat.com/D..#^...............Pnamespace-1700ec5e_d769_43b7_97b8_3e6ca674d396-https://rna-resource.acrobat.com/....a...............Snamespace-0be79751_1d4a_40c3_9b57_40751dcd8802-https://rna-v2-resource.acrobat.com/B[_.a...............Snamespace-90f7539d_81d9_41c2_b2e3_1ee7ed96c7c7-https://rna-v2-resource.acrobat.com/.^..r................next-map-id.5.Snamespace-cc1e5959_9927_4cd0_b606_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.247253876005537
Encrypted:	false
SSDEEP:
MD5:	5EF6DDB74A929D55DC0847063B2F8786
SHA1:	8266CC28B163B4954AE2D3FAE13C6C758B6F019D
SHA-256:	3226E2C06E8108DB00B7A4E83AF66FFE3275889D8030164D4A8DC5CCDF138614
SHA-512:	064F408BE08CEB59D15E69A80438E9C71374C8FEAB6FB4C5731A7AAE0151A6B02DA6E8EAEE68A62BB41DDD40C3E64E265F3006785133AECB350B4917DE241747
Malicious:	false
Reputation:	unknown
Preview:	2024/04/19-15:43:17.627 dfc Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/19-15:43:17.629 dfc Recovering log #3.2024/04/19-15:43:17.630 dfc Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4, UTF-8, version-valid-for 15
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	4.445430684427128
Encrypted:	false
SSDEEP:
MD5:	D6BE99540F09983A6A6A483DF0A2625F
SHA1:	2CE5ADC35B21B4F6EF6CF0A735E0448D39EE18D6
SHA-256:	1E191C9DD7E7BFD931A7BBA24BA8A32E0F66FAEDCACD79965E90D8CA2BD4CD0C
SHA-512:	4A6A8C605B2A044E28F352E8BEBE117FB4CA38CE4186091485EA16EECE2D7972F5A3A29117A5A92C504E62A9C7E8E36A4106FE17C52613E47F49DC02B388AE95
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	3.7764861392137825
Encrypted:	false
SSDEEP:
MD5:	28469E1417120A36FF08D302D2563C42
SHA1:	5B35AF645EDE93568618A783D2A623DE21192262
SHA-256:	168A6C33EAE0265B8967C480C3E8DB7585711D20F9A8AD10815987B03AC247A6
SHA-512:	6CD412B7F16210A233E9AE38D8660D24BD44DD6F6F81DE84B3327DCB03F9E97E1C9D70F01A946E104E8FCA18E04A5930D220087E7BFF178F457AF70CE4081EF7
Malicious:	false
Reputation:	unknown
Preview:	.... .c......d.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................T...[...b...r...t...}.....L..............................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4216

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	185099
Entropy (8bit):	5.182478651346149
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PostScript document text
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	94185C5850C26B3C6FC24ABC385CDA58
SHA1:	42F042285037B0C35BC4226D387F88C770AB5CAA
SHA-256:	1D9979A98F7C4B3073BC03EE9D974CCE9FE265A1E2F8E9EE26A4A5528419E808
SHA-512:	652657C00DD6AED1A132E1DFD0B97B8DF233CDC257DA8F75AC9F2428F2F7715186EA8B3B24F8350D409CC3D49AFDD36E904B077E28B4AD3E4D08B4DBD5714344
Malicious:	false
Reputation:	unknown
Preview:	%!Adobe-FontList 1.23.%Locale:0x809..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Reg.FamilyName:Agency FB.StyleName:Regular.MenuName:Agency FB.StyleBits:0.WeightClass:400.WidthClass:3.AngleClass:0.FullName:Agency FB.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB.FileLength:58920.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:AgencyFB-Bold.FamilyName:Agency FB.StyleName:Bold.MenuName:Agency FB.StyleBits:2.WeightClass:700.WidthClass:3.AngleClass:0.FullName:Agency FB Bold.WritingScript:Roman.hasSVG:no.hasCOLR:no.VariableFontType:NonVariableFont.WinName:Agency FB Bold.FileLength:60656.NameArray:0,Win,1,Agency FB.NameArray:0,Mac,4,Agency FB Bold.NameArray:0,Win,1,Agency FB.%EndFont..%BeginFont.Handler:WinTTHandler.FontType:TrueType.FontName:Algerian.FamilyName:Algerian.StyleName:Regular.MenuName:Algerian.StyleBits:0.We

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.3548564108595444
Encrypted:	false
SSDEEP:
MD5:	D7B2FAE2FC820DB2314C686D288E5E31
SHA1:	ABA814AB1BB4061EC6E82E7E0FDE4E45CC5957AA
SHA-256:	DEA73ED8CAB414ACBA22548C327C6E0DD19741BC822C6C5CD7BA4D4994BEAEDD
SHA-512:	6472B3DC19D85024B3AEC7063B833F8893E1AD38C42E9C51D489FEAF9807CD08B5AFA84F15B9EAC90FD83570B74EC528583BBAC1D56E964D4806CB2BEBE58E96
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.301726390203789
Encrypted:	false
SSDEEP:
MD5:	429E80FD99C60BA0EBDAB7CF6CF8B1AA
SHA1:	463C6F6FF7348F0C86C25DE11081A0B51F2A294C
SHA-256:	EE851391660934D39253C53A7392301A7EB9607916522C6E7F54BEDC177B1AED
SHA-512:	815D8820F8778175F6C21453DC246424E8CD0959E69B699BA6F416A084E42AE0D1A3D3DF16648369589A9213AE421D486A7D7A329DDDC1669C5701C5CDAEBEBE
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.280274706729793
Encrypted:	false
SSDEEP:
MD5:	392EE7A52A8CB8852FCD07D67F51E632
SHA1:	B44A61305DD3F432B10C3F8E2D2400572F8B8124
SHA-256:	64339B757CAA48906201B7604D4306CD526FD7644076A02876925686A1A0F222
SHA-512:	8B0D97ABDF93585F3E9443D8EA39028C9742E0ACCF7BD999EBB378EA594CF7BDD027C0DECDC880B14A1BC89D1FDD407FA5CDD688E20E72345C6A1A8055F750C4
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.3449475784105225
Encrypted:	false
SSDEEP:
MD5:	2729081693814931F5B87A5E94847F07
SHA1:	2C2A07420F748C0C2207C2E17026541A30E762A2
SHA-256:	D1D9CAA59596D1824195083ED8C17F7A789C8731FD67EF5D32EA5DBD2C3B0795
SHA-512:	1F2AEC6134C2855DC09E7EB470D19A76647E5CC63053ABCC0D498235F3424BCC96DFFAC55BEE70CAEA22B51F30C68E0067885ECA2D5D150F0B6F0791C8ECE1F8
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.302807182885516
Encrypted:	false
SSDEEP:
MD5:	105DE1298F711138553D9919A7A3609E
SHA1:	A8BCF80C6C9DA552932B6AA4CC644368EF7EAB94
SHA-256:	4EF4A50DA7B382CFD1A3AA5F3AFBF85F2688A9B70730C9E04FFEB4BD7B5BF371
SHA-512:	3CD8B13DC3BEBB8EDF1A91BBBFA4A6B424439456E62FA39564A19BFBC60D5A7EF9B0B4F1AE6153506E2212FFB3C6C93E50AF21BB0C9B6860811AD2F58A2AC414
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.288437486619419
Encrypted:	false
SSDEEP:
MD5:	D6C158CBD6A3F83BDC21BA35D230086E
SHA1:	C8814B2534C7367F9501D1DEC034BD2EB69EDF5D
SHA-256:	65FCC9724084A336EFA37FF5B723C94342C48E4A3BE7CD59E9BAB5CC4B0CE7B8
SHA-512:	E30A53AA3F199F34ED0050C88E6E8CC55DBB45FDC57807CE7EEB6ABCA5D1E02E2F0FA8BD6EC6239BE14CD5D97323F0DAE6D1348EFBE0E4012D8F7DEE07B5D5AA
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.291773957831946
Encrypted:	false
SSDEEP:
MD5:	FA1CAC3DEAB836465F11C36F4C26AFD7
SHA1:	22FE93F1C547ADD1BD0F4B48C364361B897EF22F
SHA-256:	F403EC072127E5C9F8D7C5D5F2EE653E89B7928D1B9374851BE285DF61296A62
SHA-512:	7C8318FA7C9695BA9348A0EA9F0749DCA6EC0593DC29EB52C689171BA372FB8535E6FA4ABED07E81598C0A309768A9AB6D884D2D65956933A026C311D98649E4
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.294123333453242
Encrypted:	false
SSDEEP:
MD5:	8A6E57CEE2BB020119BB396C5D361762
SHA1:	F7C84C83F73704DD1D37DF120BF2C17D6EC66556
SHA-256:	AF5A941F90C6662E2701585FA8A1A82BA5B0CF91956C0854F584B2AD6EAB1065
SHA-512:	D6F3279CC7BE9102E2862D9B5CB86F038ECD00024792AD28E8802E16D6CCA68F16430AB86DCD6113D7C69DF9F3A293CDBBD4259C5B8ADFE48102A0B8361BC9BA
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	5.741087460316653
Encrypted:	false
SSDEEP:
MD5:	50763BBD181FE57DCA9D113B0C7D4017
SHA1:	EC1B0A5346F7353A4A0066CCBE397795315DEEC1
SHA-256:	0846347692CB130D3CF9D4483FFF190D890C493AECEACB2A2D1D2F4372FE9963
SHA-512:	93C7149987355C15A4DE25C070B8C2028C0BF2E0250288F5ECF670B30C210E23ED3E7D8429457B8C9A4CE1570C1F8B63456EA69A4AE1956038A42B109121FA1F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"79887_247329ActionBlock_0","campaignId":79887,"containerId":"1","controlGroupId":"","treatmentId":"acc56846-d570-4500-a26e-7f8cf2b4acad","variationId":"247329"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJUcnkgQWNyb2JhdCBQcm8ifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNSIsImZvbnRfc3R5bGUiOiIwIn0sImRlc2NyaXB0aW9uX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTMiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIDctZGF5IHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0byBwcmVtaXVtIFBERiBhbmQgZS1zaWduaW5nIHRvb2xzLiIsImJ

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.29590962213099
Encrypted:	false
SSDEEP:
MD5:	079DEF7FEF9D2D7BA1756BAAF3B0642E
SHA1:	789E04B525C75C7B47FD18E6A06A095A35E3D4F3
SHA-256:	B8E3C566DF51C7FA47F86533580222C34D824A627DD7BB8596C694D601A76908
SHA-512:	65880726669DEF33E4D2140048C2F54FC9A2205133656EBF17DE1CBC00AD75E31DDC475185D98DDF0011C88FE4300BED34F9E2D33C90A911957F51B9453B21B5
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.778464635713786
Encrypted:	false
SSDEEP:
MD5:	1B34095340C7B76D184A80A2ECFB9181
SHA1:	94037516A580EFE5183259A6E29A62B05C3A2AC8
SHA-256:	56FD71220FF30D570B39202182F3E5FD97FA14842B278F4B8EE74A4450874270
SHA-512:	8D95E97320C9A5DE25F73E7D84278BEC8E4D5EF065232ACACD4EA7F6144B688FDCBAAC629464680D6D413106689E6BA35DEBA5A645196043E597C1A9F49482BC
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.279484832367528
Encrypted:	false
SSDEEP:
MD5:	484FF75A3065E0DB6911B762663187F5
SHA1:	A14A3B5E4F06DC8D1478AFC8170534DE20B54A67
SHA-256:	87AD5A2120797B18ED2C481384628A78CCFB1CD32D21FAB2ADD5A8811005E5AF
SHA-512:	9DCF5DDFDCE9EAD75296D82F48E4A3116560CC0504ED13F0A4C9919B3CCB054ADA951C96213EF9F4389D8F527479272EC2896C13FC73A9BF2C4E299D06B48C57
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.283384812496383
Encrypted:	false
SSDEEP:
MD5:	E558B9E77E0285DF524E36EC0B5ECA88
SHA1:	38FBC79EA21B142B83D4F137BCF8EF210EFD866D
SHA-256:	4DAC3BA4D361862714FD82BC31CC66A417958905AB61C40C498C87A6599481E1
SHA-512:	6AFCC78F9BA946D82AE958CD5E7C26EC83ECE1AC0F84AD69ADD2587157E705D609A39F4A96F47FD140F45B71E1DC50D91987BE1A26C99F5D2904C0F7406D5D0C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.302744750889139
Encrypted:	false
SSDEEP:
MD5:	0687EFDF3DB2C47702DB9697BE278384
SHA1:	8EAE5EE3734EE47185EE65EF526EE60DD3A3CFBE
SHA-256:	29871498D5C1DA67705EF81F2D40FC94E95527BD2DEB17E573225C4080DB2CAD
SHA-512:	B1E86CB04DA7DEF5CE6CF0777A88F007FF60D13ECE39A55D4BEB1070A1B26EECDAAB3B3CAFD14417F4C561F552709DDD458046DCEF087BF2162B77AE3667C065
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.257587371462186
Encrypted:	false
SSDEEP:
MD5:	A599D1B41AB32DA106C8EE6597D1E228
SHA1:	5F7756730AECA1AB6D1E943A97A9570B0A26ED7D
SHA-256:	075B4D5DE7FF44E611433884262C453565F38EFFD502BF80F4FD332C24AC31AE
SHA-512:	C80004AFDC9F89485C98AE8694A0457FF6D30DA87B08FEBB215CE93077CC4CD9F76A96A0E1007C069CE40925D80847297D845B30592564BA67EC4E73EBE3CF6F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.371950987392021
Encrypted:	false
SSDEEP:
MD5:	6CA6C838985F488B496DE0AD653AC9E4
SHA1:	D5BB58E2426A7A3EA1FFC22EA0058D26110E5155
SHA-256:	5E2C3A4F04123389168678F7F213CE4FE5462030D61F536F91FCEA07A8E76266
SHA-512:	8D2A0964E9AF73366EA8B7294DEB8AEAEB3C6AF1ABEF0E5A68A58FD57EE22EABDF507F563D05CEB2A78DBB5085F8FA20C14DE030AF75D3610F516104A6BD08AC
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"74501dde-6f9d-45ac-a889-e12aa6f366c0","sophiaUUID":"6E6CF47D-878E-41D8-BE92-CB1D7BE5FFE6"},"encodingScheme":true,"expirationDTS":1713708082138,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1713534202174}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.138525941866267
Encrypted:	false
SSDEEP:
MD5:	B7FF2D2CBDDFBAE71D06ED4C946B3509
SHA1:	661F4A305FA6AABE87E3E11C4F3FA67CE5023EB4
SHA-256:	B25CB7164F311055BA5B256C9281A92709567A165B4603EB6B17DAC4C8FBF7F5
SHA-512:	EB939CAE13870DF103D95487A2C47F926DAEA9BBBA66F4E1F0557F1B93E3DEDC2B61B058EA51473C09B57ACCEC3DAC61C7DDA553E43ED5AC56EE6A0DC11780F4
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"ac6bada985122905cc0e0e6353c85d47","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713534201000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"951e8734c7841f6a4cac3cba89a37618","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713534201000},{"id":"Edit_InApp_Aug2020","info":{"dg":"861b9df5f868d66c35657fb8e1bbd763","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713534201000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"1445bd46c609af6f57b248c88b8c8695","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713534201000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"3a8cb8376c65a6180dee33213255e203","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713534201000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"b5fb3b60f0fe67c0ab20d612dce772e9","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713534201000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 28, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 28
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.4578260695028895
Encrypted:	false
SSDEEP:
MD5:	03A5CB0D63467427293B1352E35590A9
SHA1:	4ACD06CF45FD7360C81751C6E296FC5F4ABF8D4E
SHA-256:	CA4DC1C8BFA40FDBE23A6D685DA40361D0A0BEFCAC1ACA66F26B178251A23CDB
SHA-512:	59E40F5C9E746ADAA0A2B5384B893488D4E40CF2E3561C94E78AB76C08392DF72A8B011356CD358107A5534D67BAE0B698491F440D3829C52D55865029B56884
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.9620893161973925
Encrypted:	false
SSDEEP:
MD5:	6DB68E76BE86AF192799CB32DF0F7A60
SHA1:	4E6600E3B9E063163E2B5219C5FAC892B5BD5B1A
SHA-256:	A8A4C71C20588C1CE96AED4C51F23BE846B383D9785B06729505E059381C96F0
SHA-512:	8E7474CB82F64C36F4A464BCD77D72D8FDD4FF327E12C71A64BEEBA3EBE3FD5DA19B9D1A58A64BFFB9942BAA250B7EE0782B8AA3F40B073D100C5ECBC2C5AEB7
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....SQ............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................^..^.^.^.^.^.^.^..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI26d32.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.5390718303530573
Encrypted:	false
SSDEEP:
MD5:	07E59B2673439F42B85EEB4C4876F330
SHA1:	F5EC2E1386783953F4127ECC48D760DCE69EA4B6
SHA-256:	987B1BDB5D684AE429BDA98C2E7BDD0A3D958E40B85049F8740BC9AE590609F5
SHA-512:	2D104E5D2A5FC42165E89A8AF251AB7D09B7F346CE5D87727D5C1FF5758C233941C7A7828E9CA9015C11D2DD2342AB4C002FFA933DDE45D2CFC771F3FF639143
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.0.4./.2.0.2.4. . .1.5.:.4.3.:.2.6. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-43-19-575.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.352085917943317
Encrypted:	false
SSDEEP:
MD5:	E89CDF7025B70E5A72FFC801BADFB345
SHA1:	2C55C26FD5231BEBD6531BDB7962D12BE288A1BB
SHA-256:	2A90DFB97133E5C0219784D1C4A94C0DC45AE4787C40CFE6894A59D94C4FB88C
SHA-512:	22621DFF9C688C4B0BB3237350959B4357C65D1796834FC23E6636B4975BE942A969F7DB05E8FC10102DEBF93ED662BE28FC649B2456EB4B659EC84BF8E93621
Malicious:	false
Reputation:	unknown
Preview:	SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=47371133-08fd-4d2c-bf7b-052dd86a3818.1696588820356 Timestamp=2023-10-06T12:40:20:356+0200 ThreadID=1312 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393), with CRLF line terminators
Category:	dropped
Size (bytes):	15092
Entropy (8bit):	5.377729601994892
Encrypted:	false
SSDEEP:
MD5:	B5AF9D5561901BC1D8DBC6FEB08E9AF4
SHA1:	25511DB8C3AC607148B6D7EF2D6648DC1E4B39E2
SHA-256:	CA15A13FB3830C66406EB99459040430AE34DF9E31F5AF9A1A908A55104BB5AC
SHA-512:	60CFEB3372D96503BE4747B16691A8F54FFEB8AEB4E686C739B27D11903C347FD114480E2F405AAD8E69020FB7929762CA36C49619F87AC939E782478BBE7D9A
Malicious:	false
Reputation:	unknown
Preview:	SessionID=921a2435-68ce-4023-b139-09fb6523b261.1713534199588 Timestamp=2024-04-19T15:43:19:588+0200 ThreadID=436 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------"..SessionID=921a2435-68ce-4023-b139-09fb6523b261.1713534199588 Timestamp=2024-04-19T15:43:19:590+0200 ThreadID=436 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found"..SessionID=921a2435-68ce-4023-b139-09fb6523b261.1713534199588 Timestamp=2024-04-19T15:43:19:590+0200 ThreadID=436 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!"..SessionID=921a2435-68ce-4023-b139-09fb6523b261.1713534199588 Timestamp=2024-04-19T15:43:19:590+0200 ThreadID=436 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1"..SessionID=921a2435-68ce-4023-b139-09fb6523b261.1713534199588 Timestamp=2024-04-19T15:43:19:590+0200 ThreadID=436 Component=ngl-lib_NglAppLib Description="SetConfig: N

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35721
Entropy (8bit):	5.417302062160619
Encrypted:	false
SSDEEP:
MD5:	C4D4565274D0A2C7C949E32CD8358868
SHA1:	446E960F1589779C5C66391DF1D7ECD341FCFBC3
SHA-256:	BE680874346BA60F67FFE82B525078961C05002617B477EB3F823EE855E8D1E5
SHA-512:	469225E5800580E0B23DF0D6365F835A174833320B82A25A083AF0144BB48B83EA2AA4FB6B6D0BC328A1BA2C529A23B8EC52074986D829242586DA60E74AA574
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 12:14:34:.---2---..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 12:14:34:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 12:14:34:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\af9976f7-1c6a-404c-b147-9d8274c5503c.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	E787F9888A1628BE8234F19E8EE26D68
SHA1:	44D5180C06ADBBDAADDBCE350CE4DEC997CD83E5
SHA-256:	3A09F3799148DA49F039A35AEDD22F368FB35B8D6022C4691C10606F704DAF80
SHA-512:	EE9B602898706CC0F33AA570E29A79A58ED748E1B738D74DF0C8C8DF193E23421B47AC8C862623ED774289D94FA90662A4CC436B80479D6420433D81752E9CA9
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\c9ba430e-9297-4738-8289-4f83e36810f1.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	543911
Entropy (8bit):	7.977303608379539
Encrypted:	false
SSDEEP:
MD5:	956BEC2EB32005025184F904D9622D32
SHA1:	C6A9A8B3F7A7AB8122FB00457C0F83D4A77F21AF
SHA-256:	DEFD4ADB96BA87467278B6B06980FDAB1EE460D971B62ED05A89FF32983784EF
SHA-512:	3A32B169312E5886D8C3029BF15AD291C41AF9FB03AE7D9B1A3CAB74E95C7AAAF3E384F2432BDB8F815075B11F30D4FF083271802B41616C9060E268EB3B5D3D
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\d82781a8-e4ed-4267-bf5e-4e2a2e1f267d.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\e35b88b1-a2bd-4355-8d1a-4648fde66076.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Local\Temp\acrocef_low\eec11257-f98a-4ced-a9a5-9464d3a76930.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	408F8BA5ED5014C1E10FA19D75C944A6
SHA1:	87595F69D692B4D785AAFAD71394426879C7980F
SHA-256:	FFFE47EBC7E157F63F4BE40AC0B2DCD73A5DCDF57B9D03FEA3EB99212A7EC16F
SHA-512:	01B286CA276C6B4302AC6ABA30466CE2048F6AC7FA5ACD7DCA375541C91339CEE94377B783A3A7710D10C315CA062CAE79DD2A073406D1C3C76AC4787DA5A793
Malicious:	false
Reputation:	unknown
Preview:	...........}.s.H....W`E.........M9h...q..p......%..!q.p....~..2......DlWtW!)?_.\|....?..?.s.w1.i..G...h6.]..y...p..m.b..N..rr..F..Xc...l.4.."..Q.... hL.p......s...x6..:.....x.~.6.Q..~......~b7..k.l......Yc.G[....hY3...C..n..\|.'6......i4f...,.."...O.b...x..,..jgc..bTn....,u.F..0......V.K,u..p....X.wAap...+.G..v....i.z...E.Rj8.a.r..<@.q.'...!.4..]...\|..3...-.2...`...4..i...w......$0D.....i./a......Z.]..e.mj..c}.?.....o......c...W..+....c...W...?8...n.......U..7..O........@....'...^.z..=.m....o.o<..~....... ...C{......w.m.h.-Q...6.(..uk/w!...Z..n.....p.U........T^w..[....1l...../i......0..1U\|}../xS}.q..B\|.......h>....S....g...A.s6.=.&....~.\.......-N.p...._.xex.....}.r..q$..<.S;l=. ..P..55;....[.}.T......d.p..vd'vl.].DN..o...................D...].......I}.t...D`?..n.A.zT..:@.`S5.K..,R....h...XzT....F..Xt...R...+N.....ee...P...F+C.....dq...r..5..aP.zY....c.f/..Pn...:f.>.Z..s.+.......7...O.C.#..6.....=.K.5{.%6,..Z.....DqZ.4....g-%.p..n...\

Static File Info

General

File type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Entropy (8bit):	7.998839597578062
TrID:	ZIP compressed archive (8000/1) 57.10% Google Earth saved working session (6004/1) 42.85% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.05%
File name:	ppop_verification_request.zip
File size:	1'784'469 bytes
MD5:	f2a28541d1b4cb1a6fb00495d78970c7
SHA1:	06380029fe042a4c9a29796d626edca04d25fbef
SHA256:	da951a118e08263357427047351f95c30ebb6b577e56fcd8a618e445c0373d09
SHA512:	f5f66ca3a52586a52eff631e8e616f5bcbffd18fb1820afd9b98f29fd741ee275bf757b4e50ae58dca41e81a2885cbdf6ff855d56046bad703dbd0219d82bfc5
SSDEEP:	49152:CpHw1OtTLSXDZGgDcGheK+l6bhWCrVYgW93IqtdbU:CpHwwt3sDZlDcGodgbhvrmV9zhU
TLSH:	A985335354077E08FEE0C4EAA5CCF736A8580763AA1E04C629C2B7EA7E876DB31055DD
File Content Preview:	PK...........X................PNHZ PRODUCT PASSPORT EN590.pdf..u\.[.?, ...0.t..5.twIH.04..C..!%..!...R.) HIwI......=z....~..........}]{......X.bP........bx...k\,n...ff..%"...t... ..=........@...&P..h..ud....pWs.6.......>...*.....%LD.x..j.@.]...@.(.b.A@..

File Icon


Icon Hash:	1c1c1e4e4ececedc

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ppop_verification_request.zip

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.4216

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI26d32.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-43-19-575.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\af9976f7-1c6a-404c-b147-9d8274c5503c.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\c9ba430e-9297-4738-8289-4f83e36810f1.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\d82781a8-e4ed-4267-bf5e-4e2a2e1f267d.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\e35b88b1-a2bd-4355-8d1a-4648fde66076.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\eec11257-f98a-4ced-a9a5-9464d3a76930.tmp

Static File Info

General

File Icon

Windows Analysis Report
ppop_verification_request.zip