Edit tour

Windows Analysis Report
-Case-id-#w93g94yv.pdf

Overview

General Information

Sample name:	-Case-id-#w93g94yv.pdf
Analysis ID:	1428756
MD5:	54fd20605867341c1a6183ce4faeb9ee
SHA1:	10be5548a1cf5806813867f67154456db14c5d57
SHA256:	3506380ccce8d18245c05fd5070db2c22a78aa98e709cebf3971ae9a3eb4ffcc

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Phishing site or detected (based on various text indicators)

HTML page contains hidden URLs or javascript code

Stores files to the Windows start menu directory

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat

Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 7112 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\-Case-id-#w93g94yv.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 816 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6232 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1576,i,3508216747854268748,17776614856691840776,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 3588 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://public-usa.mkt.dynamics.com/api/orgs/1444fd8c-9cfc-ee11-9f85-6045bd059025/r/Gs3gXYd-uUyabg0OyhCkmAEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fassets-usa.mkt.dynamics.com%252F1444fd8c-9cfc-ee11-9f85-6045bd059025%252Fdigitalassets%252Fstandaloneforms%252Fef5ac49e-32fe-ee11-a1ff-000d3a3b0220%22%2C%22RedirectOptions%22%3A%7B%221%22%3Anull%7D%7D&digest=va3vEN3NXj3%2FeeUNdPknSittVr6IDfyhcynJuwaETsc%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1460 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1956,i,5394853999824645770,12359158032376638674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4112 --field-trial-handle=1956,i,5394853999824645770,12359158032376638674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 2.3

OCR Text: : Verifying... CLOUDFLARE Microsoft

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/d7jc9/0x4AAAAAAAXcPJib_gpDOvgv/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/d7jc9/0x4AAAAAAAXcPJib_gpDOvgv/auto/normal

Source: https://assets-usa.mkt.dynamics.com/1444fd8c-9cfc-ee11-9f85-6045bd059025/digitalassets/standaloneforms/ef5ac49e-32fe-ee11-a1ff-000d3a3b0220#msdynmkt_trackingcontext=5de0cd1a-7e87-4cb9-9a6e-0d0eca10a498	HTTP Parser: No favicon
Source: https://assets-usa.mkt.dynamics.com/1444fd8c-9cfc-ee11-9f85-6045bd059025/digitalassets/standaloneforms/ef5ac49e-32fe-ee11-a1ff-000d3a3b0220#msdynmkt_trackingcontext=5de0cd1a-7e87-4cb9-9a6e-0d0eca10a498	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/d7jc9/0x4AAAAAAAXcPJib_gpDOvgv/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/d7jc9/0x4AAAAAAAXcPJib_gpDOvgv/auto/normal	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 184.25.164.138
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30
Source: unknown	TCP traffic detected without corresponding DNS query: 52.146.76.30

Source: unknown

DNS traffic detected: queries for: assets-usa.mkt.dynamics.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: sus21.phis.winPDF@36/35@18/83

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-12-22-066.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\-Case-id-#w93g94yv.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1576,i,3508216747854268748,17776614856691840776,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 21B3E0BE25E700D0D11CF8FC86D276D2
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2244 --field-trial-handle=1576,i,3508216747854268748,17776614856691840776,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://public-usa.mkt.dynamics.com/api/orgs/1444fd8c-9cfc-ee11-9f85-6045bd059025/r/Gs3gXYd-uUyabg0OyhCkmAEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fassets-usa.mkt.dynamics.com%252F1444fd8c-9cfc-ee11-9f85-6045bd059025%252Fdigitalassets%252Fstandaloneforms%252Fef5ac49e-32fe-ee11-a1ff-000d3a3b0220%22%2C%22RedirectOptions%22%3A%7B%221%22%3Anull%7D%7D&digest=va3vEN3NXj3%2FeeUNdPknSittVr6IDfyhcynJuwaETsc%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1956,i,5394853999824645770,12359158032376638674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://public-usa.mkt.dynamics.com/api/orgs/1444fd8c-9cfc-ee11-9f85-6045bd059025/r/Gs3gXYd-uUyabg0OyhCkmAEAAAA?target=%7B%22TargetUrl%22%3A%22https%253A%252F%252Fassets-usa.mkt.dynamics.com%252F1444fd8c-9cfc-ee11-9f85-6045bd059025%252Fdigitalassets%252Fstandaloneforms%252Fef5ac49e-32fe-ee11-a1ff-000d3a3b0220%22%2C%22RedirectOptions%22%3A%7B%221%22%3Anull%7D%7D&digest=va3vEN3NXj3%2FeeUNdPknSittVr6IDfyhcynJuwaETsc%3D&secretVersion=a587597bbd2d4ba3bb4334f6d8be15ee
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1956,i,5394853999824645770,12359158032376638674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4112 --field-trial-handle=1956,i,5394853999824645770,12359158032376638674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4112 --field-trial-handle=1956,i,5394853999824645770,12359158032376638674,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Name	IP	Active	Malicious	Reputation
part-0013.t-0009.t-msedge.net	13.107.246.41	true	false	unknown
code.jquery.com	151.101.130.137	true	false	high
challenges.cloudflare.com	104.17.3.184	true	false	high
www.google.com	74.125.136.104	true	false	high
standardplurnbing.com	172.67.217.64	true	false	unknown
assets-usa.mkt.dynamics.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://assets-usa.mkt.dynamics.com/1444fd8c-9cfc-ee11-9f85-6045bd059025/digitalassets/standaloneforms/ef5ac49e-32fe-ee11-a1ff-000d3a3b0220#msdynmkt_trackingcontext=5de0cd1a-7e87-4cb9-9a6e-0d0eca10a498	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/d7jc9/0x4AAAAAAAXcPJib_gpDOvgv/auto/normal	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
184.25.164.138	unknown	United States	9498	BBIL-APBHARTIAirtelLtdIN	false
13.107.246.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.136.94	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
74.125.136.104	www.google.com	United States	15169	GOOGLEUS	false
52.146.76.30	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.105.100	unknown	United States	15169	GOOGLEUS	false
104.123.200.169	unknown	United States	16625	AKAMAI-ASUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
104.17.3.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
162.159.61.3	unknown	United States	13335	CLOUDFLARENETUS	false
54.144.73.197	unknown	United States	14618	AMAZON-AESUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.217.64	standardplurnbing.com	United States	13335	CLOUDFLARENETUS	false
104.17.2.184	unknown	United States	13335	CLOUDFLARENETUS	false
172.217.215.84	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1428756
Start date and time:	2024-04-19 15:11:47 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	-Case-id-#w93g94yv.pdf
Detection:	SUS
Classification:	sus21.phis.winPDF@36/35@18/83
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 104.123.200.169, 54.144.73.197, 107.22.247.231, 18.207.85.246, 34.193.227.236, 162.159.61.3, 172.64.41.3, 23.34.82.6, 23.34.82.7
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, slscr.update.microsoft.com, ssl-delivery.adobe.com.edgekey.net, acroipm2.adobe.com.edgesuite.net, a122.dscd.akamai.net, p13n.adobe.io, geo2.adobe.com, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: -Case-id-#w93g94yv.pdf

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.17910432380147
Encrypted:	false
SSDEEP:
MD5:	8AE52F7C5B12381C37D3B0F077ED7DCB
SHA1:	BB69EC0AA30F12E10A62F08E136572E3EBE0CE67
SHA-256:	AA81260B8C8846C9ACE18698B0897CD9B0D2BABEF162E8E217AE244F326F73EB
SHA-512:	FF6BBDBDC9F4D08706ACD6C6E812F00E0AFF2E98FCF42D9408E2D8F3E0F2FD8C4C1E1A964801D6A4A8FA0A00AE83A086C78DE7FDA2D21B03F63FF6AECA804565
Malicious:	false
Reputation:	unknown
Preview:	2024/04/19-15:12:20.339 14c8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/04/19-15:12:20.341 14c8 Recovering log #3.2024/04/19-15:12:20.341 14c8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.110127883421141
Encrypted:	false
SSDEEP:
MD5:	42DA59604323B74A5788FF29FF89AF8B
SHA1:	55625B6B4A54FF34FE6E0EFE5F52B9DADDE820FD
SHA-256:	BC38C839E004D3874AEC08541BECE62FE0F6428862DE5F56917AD3D1CDB0E925
SHA-512:	7C81B85627322BFC81AE10350B92353E7C6BFDF8483489DE25E28BC9A5F1A89BF17F02A69F44C956E9D3850B68BC8107668DD2EAE73759078C09FECA95289B9D
Malicious:	false
Reputation:	unknown
Preview:	2024/04/19-15:12:20.230 112c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/04/19-15:12:20.233 112c Recovering log #3.2024/04/19-15:12:20.234 112c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\31c05d7a-1a9f-46c6-a559-8aa353036acf.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.990592350059628
Encrypted:	false
SSDEEP:
MD5:	5C661C78D1109081D290E4E488707FF4
SHA1:	37495E74E2DA921AA39C710B2A73DAF511FB82FA
SHA-256:	3084AD8F2712C9C11CA3CA3C9729AC4DEE2540F7F2214913ACCF46042D198F6A
SHA-512:	48ED0DFC6D5AED005AAF3DD45FB32E9D6CDEB85DFD06263D5D842D0352C6F380998DC9100DB4EFF35744E3B7B2A1CE8F4B1EB0F388C1F5522C90D7CA3DFE5F9F
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13358092351728491","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":106548},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF616096.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b2c6a69f-a41b-47bb-9372-6337a4ef0ae3.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	403
Entropy (8bit):	4.953858338552356
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.2265111230491685
Encrypted:	false
SSDEEP:
MD5:	76BB8FC572828AC007EF9498694CF721
SHA1:	BA21DF30842D751342FEAE692890B74D8819042D
SHA-256:	0606A1773E896328054FBD450C375080F394883CE06AE033BF4C1695AC2071F2
SHA-512:	C8E034425A552CB206F0FE933E0E46BA2F4D3FA8368A8C59B6E27F1BF16C485AE3C553CC1FAFC072D14C6DEE2D55E9226B6AFC632A690E79820F0193C523F3CF
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.170964216573438
Encrypted:	false
SSDEEP:
MD5:	E5C5C5D8CB05D5E17CE368DDF748ABB0
SHA1:	B70A62E5AED9E74060EFF4BA69905A56AAC8834E
SHA-256:	C6A808C631738A3F9069FE4DA94CAADF8E596D7E4F43B332FDB2F7F245349CC5
SHA-512:	5DFC3837FE40729391889EA48BF43C1B31208B5B53A933E47C2BAB15D60E7AD72CF29ABCA45E65016076A2B3ED8C7AD2D2C04AE442E65F300D3630B00DE379F2
Malicious:	false
Reputation:	unknown
Preview:	2024/04/19-15:12:20.382 112c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/04/19-15:12:20.384 112c Recovering log #3.2024/04/19-15:12:20.386 112c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419131223Z-162.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	1.1894594740460325
Encrypted:	false
SSDEEP:
MD5:	713C303310EAC3DF728A26EDF3146627
SHA1:	0EDCB682A6F9544C584210461E2D8F21060CAEFB
SHA-256:	403533F5CBB3BD3CBE29995AF01D38CD4569A17E1E97D5FBA84C20E623DF60F7
SHA-512:	07118CC929F01CE113B8575E6EC24C0FC0AA99B3B8D82428CE0AC8036005E7D5B2C0FD497F5375F2E65128E7B6AE7AF37126287635015D152B7D4A708F6D47CD
Malicious:	false
Reputation:	unknown
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.2151984951814694
Encrypted:	false
SSDEEP:
MD5:	47EE1058FF772E04DE118102739ADA18
SHA1:	6CD8168328489450FFAE01B17A7457D18F49782F
SHA-256:	3A4F6846C7B3D5D0B485D50FD22E9AA31D23E23E6BD8A3F3ECC87E56FAD80CF5
SHA-512:	A6C97E0211C0344A77C2EF335982590A0B48F5972567199B06A7FE42A08A1D8809901478AD8A8CA4FB56A29FC090CF5E94672B1D08D90E84D4BFFB8D32F3D66B
Malicious:	false
Reputation:	unknown
Preview:	.... .c.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.353287365390855
Encrypted:	false
SSDEEP:
MD5:	CAA1FF75165F06B3D5320681DA031EDC
SHA1:	413D2DF10D2CE151E1BE53ECFA361CE3DB8E21F9
SHA-256:	21EDE6AB904085D31F355050E3A792D0D246E84CD8BC55A8F6F5E37DA7688844
SHA-512:	79F8F77D2255EDB5635A136BB47CE7A999624F4754F1C8DE35849EE0B32C449FE32ABA87158CE0C5A6BA35E8FE31C743B01F672661FF0512E7E7ED392DEFAC3F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"51acfc1c-2595-4a06-945d-3ce378b6551c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713710620112,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.341314009537943
Encrypted:	false
SSDEEP:
MD5:	0F002C77BBE6FD400E12E71AFA002A1B
SHA1:	8863AFD0376D3C50759093384F3A96E4341F475D
SHA-256:	FEE3677D8354893A0536292057E8AE9A70ACC8F7B964DE08C3799B6F81301948
SHA-512:	AE0154490198DC3A67DA92C8D2C1A9F53F52E22BFFEF02D84B39E2DF46C023796759FF72DB2BD111409C61A486483EA9FA8A449C9BFEDDFA602AF53A1AD35002
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"51acfc1c-2595-4a06-945d-3ce378b6551c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713710620112,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.284205669648583
Encrypted:	false
SSDEEP:
MD5:	5A91A1B4E7D17146C30BD2E584B46D4F
SHA1:	7D884510D3B54078E0AE4A8853E8700B8C3AA660
SHA-256:	6ACE1998B8B56864276105B230F1A5ABF4ED307A0A1C9C08D479C2427F8FCF6C
SHA-512:	416E9D3F7B1CE2532F8DB7CE151F76DD2EC47E8480495963175D9020CD781E3AB2B54D905260C373D0FB4CA71416B5F1854E1AFE94030DFBBDD1927AAA09BFEB
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"51acfc1c-2595-4a06-945d-3ce378b6551c","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1713710620112,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2814
Entropy (8bit):	5.141264008839175
Encrypted:	false
SSDEEP:
MD5:	9EFFFE6793F0223631E7CCDC2DCB1317
SHA1:	281A0522584D715EA33EEACDCCAADA3E9C6D7601
SHA-256:	70FFCEC2E424A1F34772B0FCFC599DC953C69C94BD587BD8420BFEC5144A9F53
SHA-512:	B46AFB780C50C3A5A21494CD4C689845266E47065B8850733CC9FE5088CFE66A9A7564DBE4870390DCF477C70A2CE79A2C1C2903D59498C9974D5263BFB763CC
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"cf042c720e1f40929227827b48e5bc31","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":289,"ts":1713532344000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"fcc2841d83c6cd35e240192399e164e2","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1372,"ts":1713532344000},{"id":"Edit_InApp_Aug2020","info":{"dg":"681c4de3997cbf33786e43e45b990d89","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":1713532344000},{"id":"DC_Reader_RHP_Banner","info":{"dg":"33ad004b4efa2b28cf097fb7670607f0","sid":"DC_Reader_RHP_Banner"},"mimeType":"file","size":1395,"ts":1713532344000},{"id":"DC_Reader_Disc_LHP_Retention","info":{"dg":"fd864581d498aeacbb6f8fbd13407dcb","sid":"DC_Reader_Disc_LHP_Retention"},"mimeType":"file","size":292,"ts":1713532344000},{"id":"DC_Reader_More_LHP_Banner","info":{"dg":"5a7cfd4a57024794ee20438a670173d8","sid":"DC_Reader_More_LHP_Banner"},"mimeType":"file","size":289,"ts":1713532344000},

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.9869249983577126
Encrypted:	false
SSDEEP:
MD5:	5AA8D29F2DFEC466034FC43443F79EF3
SHA1:	2202B0892B0857E7BB720D17889A50AF4596EABB
SHA-256:	6ED1E27BDB86895AA43AEE5F2E969743E12BBE33FB1D1B0E491E942C88FCBF78
SHA-512:	37C67E3961CD951BC0E5960309ADA35344506EA64B328820A550BEA3C0459792B781CFABF71B3A2B3542E6ACDE108438608CB3C236C9B54D18C4FEA63CF32BD1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3418174111704977
Encrypted:	false
SSDEEP:
MD5:	5DF0466E0A27812CCB52A81AD52BACF9
SHA1:	38DDC76EC127FB36088E1B2CCC6FED3F3A02D004
SHA-256:	72455DC52A94315B48B0AD39BA58CADA69B4ECD4A71B8A17A358483EF057BC10
SHA-512:	D85A055CA60DF1853800D0E2EE64F80D4A90A768107F286AE4CDC63B9F38BAFD22BA837FCA9FE490017A9F28635A957F34BCE2CFDADCF32D9E46FC18674D77F7
Malicious:	false
Reputation:	unknown
Preview:	.... .c.......S.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSI54d3.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.512793808211959
Encrypted:	false
SSDEEP:
MD5:	AA8063990543364F47A281616656D595
SHA1:	C31C494C07BE2654B939F8EFDB67014A7BEF3EC4
SHA-256:	18C905ABE29100AAF635E6FE2E39CE12E688FF5D6187D494FFA68DCCFB1065CA
SHA-512:	CA9ED1FCAEAA854CA07AD046E64DDB335E845D8F399AA81EFBD1FA2740171338A8A35EC73EDBD7CC767907B33DD71FFEFFBD48E459E5C53715D703B6618F7BC4
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .1.9./.0.4./.2.0.2.4. . .1.5.:.1.2.:.2.7. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-12-22-066.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.417413227278021
Encrypted:	false
SSDEEP:
MD5:	3C5F462D08DD46A6D68374CF30AF95BB
SHA1:	213E6C2C417DE92C6961E8D6E3C247A547943F18
SHA-256:	496D4478E490536CE215FFE0064E872199A1569F6C41AF019B75389BE7AB103D
SHA-512:	6E9398CDDDA00C461620E8C8DA1A3294F09CC7E3B8C1671CC7491E4994A2F3A78A23C57E5471B0AA66399A12755493AA41DD271005893AEF72B9E4D6B1A860CA
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\7b3aad06-0ef0-4f44-9b55-9fc64b243b09.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	8BC29C14982269068B878ADC83B80D9A
SHA1:	15B999E02CD49ECD03A0C40BE3671920AF976A69
SHA-256:	EF8BD1D35C1DBF7F158675BA329FEA09259ABF204070603971BFBBE263EE58B7
SHA-512:	5A54F96EEA54534BA61055DB51BA29CA00F0BECB7311EADC4A761AF40AC7300736376F6A590386E129C18B955781D8832A11C44A6E771B01D1CB5C9226680D9B
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\89023863-4e44-4bed-9e27-01973633f2af.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	774036904FF86EB19FCE18B796528E1E
SHA1:	2BA0EBF3FC7BEF9EF5BFAD32070BD3C785904E16
SHA-256:	D2FC8EA3DDD3F095F7A469927179B408102471627C91275EDB4D7356F8E453AD
SHA-512:	9E9662EA15AE3345166C1E51235CDCE3123B27848E4A4651CC4D2173BDD973E4AD2F8994EFF34A221A9F07AA676F52BEB6D90FF374F6CCB0D06FA39C3EFE6B31
Malicious:	false
Reputation:	unknown
Preview:	...........[l\[.......p.a$..$.K...&%J.J...Wuo..dI.vk4.E..P.u..(.....1.I....A...............0.....$ctg.H.'....@.Zk...~.s.A]M.A..:g?.^{...cjL...X..#.Q{......z...m...K.U]-..^V.........@..P...U.R..z.......?......]nG..O{..n........y...v7...~C#..O.z...:...H&..6M;........c..#.y4u.~6.?...V?.%?SW.....K...[..`N.i.1..:..@?i.Q..O...`.....m.!y.{...?=.. .....Zk......%.6......o<.....yA}......no......u,.....U...a.......[S.n..`.....:...1......X..u.u...`..B=.&M.y..s.....}.i..l.'u]. ...6.s`....zdN.F.>;.d%D..}3..b..~..k.......,hl.j..._...F..p.z..o...C..,.Ss.u.Xd..a.Y.{.p...?.k..t,&..'...........^.f.hg....y..Y...i..m....<..^......yK.......;.5...E...K..Q.;k..\|;..B.{m..eS..>b..>...6...wmC.i.....wv..k..{..X...RB.P..?w......1l.H..{{.`g.P.8.Z..v_.G.....f.%+z.....p.P..u}.T.....~r]..W7..._..c.k.....@....y.K...uOSj........^....B..]..~{..;...c....r.J.m.S.}.....k....u*^...5./...{......3.I.p.t...V..........W-..\|.K.N.....n.........Bl...#)..;..4.x.....'....A....x..

C:\Users\user\AppData\Local\Temp\acrocef_low\e16e919e-f355-44cc-bd26-ede9972a2f5a.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	A0CFC77914D9BFBDD8BC1B1154A7B364
SHA1:	54962BFDF3797C95DC2A4C8B29E873743811AD30
SHA-256:	81E45F94FE27B1D7D61DBC0DAFC005A1816D238D594B443BF4F0EE3241FB9685
SHA-512:	74A8F6D96E004B8AFB4B635C0150355CEF5D7127972EA90683900B60560AA9C7F8DE780D1D5A4A944AF92B63C69F80DCDE09249AB99696932F1955F9EED443BE
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\f432ecc0-bdff-4699-b19f-76a03e990977.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	732C4E8507E4D875CFE981D71D21E2DD
SHA1:	E7D7F6AD262BD324742DC268F3A5B500AB2EA283
SHA-256:	7D24D933CAD1A56D78F9CA6AB4F0CE2481BE9AFA663B64EE177BF6E2E1B18715
SHA-512:	C51FCF5C69D56F6555CFFE1D13946B379D06E5C6DA721A5764DAD63E6215C9C3B868CC20D328A1C1B691661AFC27509C0D6C90F36F05885EBC1C48F648E509E8
Malicious:	false
Reputation:	unknown
Preview:	...........].s..R/c..D@..\......3Z.....E.,...d{.k.~..H3....-......A...<>n.......X..Dp..d......f.{...9&F..........R.UW-..^..zC.kjOUUMm...nW...Z.7.J.R.....=.R........4..(WCMQ..u]]R...R......5...N)].....!.-.d]M....7.......i..rmP...6A.Z .=..~..$C-..}..Mo.T......:._'.S....r.9....6.....r....#...<U@.Iiu..X].T x.j....x...:q.....j]P3......[.5]\|..7;.5....^..7(.E..@..s...2..}..j.......t.5J...6Rf..%P{2T^$Y.V.O9.W...4...\ .5............Q.&j....h.+.u......W...4f]..s..(...:....`.<W_...zBs\|tF5 NI4.zD..5...u...!........M.0.K%F....,.c.....>R6..i..Am.y.~5..S....M...^......F.&..V...Z.......i....b....V..,.UH"...W...5}A.....KUT..=6jZ.....B...Z...Y(..u...=....x,2..."._Cf.....b...z7..... r..#.r..L9....2...R,..J?&..p..~.....3.=z...w..m..U..%._#<....r.....B.z..G..D.:4m.Z.&.N......</..Dz+.......vn.....;Qhk....!dw...A......3..a..K...).Q.`t[..)].6.%@....v.g.%E>;Z...uz.L..6Ct..O.Eo.O.e..........J.J$...:....K..)......F.....ZWE...z..5..g.io...l2[.,m9X..f......5\|:bj[.._R{gi...^

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	3202
Entropy (8bit):	4.236796532981122
Encrypted:	false
SSDEEP:
MD5:	7D2B8F25545A2894E2721E9FE528E34C
SHA1:	D0DAE76F4BF5C04ACD5FCDF1BCB12908099E328C
SHA-256:	797BDA35D13E5130FE5A14E0069C31B46EC1AF6EA47F2D300309803BB4D2608C
SHA-512:	FE1F84AF0BA1100B2A90EE6FBFBD3763EF34D1A3BF045345538302ECE7D37EAADC9A9CD0E09C2030E62B13A55E118A2417B27F14336C271758BFB3E256906385
Malicious:	false
Reputation:	unknown
URL:	https://standardplurnbing.com/captcha/logo.svg
Preview:	<svg id="MSLogo" width="99" height="22" xmlns="http://www.w3.org/2000/svg">..<g fill="none" fill-rule="evenodd">..<path fill="#737474"..d="m34.64 12.07-.58 1.65h-.04c-.1-.39-.28-.93-.56-1.63l-3.14-7.9h-3.08v12.56h2.03V9.03l-.03-1.7c-.01-.34-.05-.6-.06-.81h.05c.1.47.2.83.28 1.07l3.78 9.16h1.42l3.75-9.24c.08-.21.17-.62.25-1h.05c-.05.92-.1 1.76-.1 2.26v7.98h2.17V4.2h-2.96l-3.23 7.88z"../>..<path d="M0 20.96h98.15V0H0z" />..<path fill="#737474"..d="M42.87 16.75h2.11v-9h-2.11zm1.08-12.82c-.35 0-.66.12-.9.35a1.17 1.17 0 0 0-.38.88c0 .35.12.64.37.87.25.23.55.34.9.34s.67-.11.92-.34c.25-.23.38-.52.38-.86 0-.34-.13-.64-.37-.88a1.26 1.26 0 0 0-.92-.36m8.53 3.73a5.9 5.9 0 0 0-1.19-.12c-.97 0-1.83.2-2.57.62-.74.4-1.3 1-1.7 1.74a5.57 5.57 0 0 0-.01 4.9c.37.7.9 1.23 1.58 1.6.67.38 1.45.57 2.31.57 1.01 0 1.87-.2 2.56-.6l.03-.02v-1.94l-.1.07c-.3.23-.65.4-1.03.54a3.12 3.12 0 0 1-1.01.2c-.83 0-1.5-.26-1.98-.78a3 3 0 0 1-.73-2.14c0-.9.25-1.65.76-2.2a2.6 2.6 0 0 1 1.98-.81c.7 0 1.38.23 2.02.7l.09.06V8.01L5

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	548
Entropy (8bit):	4.688532577858027
Encrypted:	false
SSDEEP:
MD5:	370E16C3B7DBA286CFF055F93B9A94D8
SHA1:	65F3537C3C798F7DA146C55AEF536F7B5D0CB943
SHA-256:	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
SHA-512:	75CD6A0AC7D6081D35140ABBEA018D1A2608DD936E2E21F61BF69E063F6FA16DD31C62392F5703D7A7C828EE3D4ECC838E73BFF029A98CED8986ACB5C8364966
Malicious:	false
Reputation:	unknown
URL:	https://assets-usa.mkt.dynamics.com/favicon.ico
Preview:	<html>..<head><title>404 Not Found</title></head>..<body>..<center><h1>404 Not Found</h1></center>..<hr><center>nginx</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..

Chrome Cache Entry: 167

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	1304
Entropy (8bit):	4.68425644587903
Encrypted:	false
SSDEEP:
MD5:	DBAC2EBFBE18E8C7CF3830AF4C420E77
SHA1:	78ADD1C663DD8B4AD6BBF89E48376015EA08A85A
SHA-256:	491377DB69C365D489C88BD4AC641D341B52E6A70B034390A5FC3D161268BCA5
SHA-512:	7DBFFD0FB6EC417AB7481919357D20D78224C9B97D180B603CFCD8F8808EA8FD54A4D15103178C15A985C563BE80CBBB6391E58D06C42F1062DF0948E79F7880
Malicious:	false
Reputation:	unknown
URL:	https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/public/locales/en-us/translation.json
Preview:	{.. "FormFailedToLoad": "Failed to load form",.. "FormFailedToLoadCors": "The form can not be loaded on a domain that hasn't been allowed for external form hosting or there is a network connectivity issue",.. "LearnMore": "Learn more",.. "FormSubmitted": "Form submitted",.. "FormSubmitError": "Error submitting the form",.. "Reload": "Reload",.. "LookupLoading": "loading...",.. "LookupGenericError": "There was a problem retrieving items. Try again later.",.. "ValidationRequiredField": "This field is required",.. "EventFailedToLoad": "Failed to load event.",.. "EventAtCapacity": "This event is no longer accepting registrations.",.. "EventNotLive": "We are still setting up this event. Please check again in some time or contact the event organizer ",.. "SubmissionErrorEventNotLive": "Registrations for this event have been closed. We look forward to seeing you at our next event.",.. "SubmissionErrorEventCapacityIsFull": "Registrations for this event have been closed. We.re a

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 96 x 47, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	61
Entropy (8bit):	4.035372245524404
Encrypted:	false
SSDEEP:
MD5:	2DB46576A59404664043E9D7D9AEA789
SHA1:	A49D9368F527BF059017091954C324DE46E11FEC
SHA-256:	769F4669D36640A58B70A4ABBBD691291C20C1EF3139DB7FA7F9796C7FF3B895
SHA-512:	2093D6061BF5E62E4DC9A8DBA56230E5DB418B061C7FE8435F71B06DCDEA463E51A558E8C40864BCDF57CAB4E53887D3DF3C517647D59E080ED7C579F17D426E
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/876d281d2ba8ad89/1713532457940/Af_Q-t59Plas7Ci
Preview:	.PNG........IHDR...`.../.......X.....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (1048)
Category:	dropped
Size (bytes):	29100
Entropy (8bit):	4.469283251983661
Encrypted:	false
SSDEEP:
MD5:	96B5C504F812F40F51F22C4D78745DC8
SHA1:	AFBE939550D2AFD2CDC4A804B399473C32E9C3B1
SHA-256:	2684AEC81583C47F2D5A0B1D8F808E53E08D014B0C7899CA4765BF6F3026001B
SHA-512:	738A261A79E482964CF5DD8ECB824AB0821E0B66934D948587F89E5EDF4A0218BB7B6D22D06E6CD534EBEA2049A3B3C58D631FE03460E6377C05A20C6B79D1C2
Malicious:	false
Reputation:	unknown
Preview:	<!DOCTYPE html><html><head>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Marketing Form</title>. <meta name="referrer" content="never">. <meta type="xrm/designer/setting" name="type" value="marketing-designer-content-editor-document">. <meta type="xrm/designer/setting" name="layout-editable" value="marketing-designer-layout-editable">. <style>. .editor-control-layout html {. box-sizing: border-box;. background-color: #fff;. }. .editor-control-layout ,. .editor-control-layout :before,. .editor-control-layout *:after {. box-sizing: inherit;. }.. .marketingForm h1 {. color: #000;. margin: 0px;. padding: 0px;. width: 100%;. font-family: "Segoe

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42414)
Category:	downloaded
Size (bytes):	42415
Entropy (8bit):	5.374174676958316
Encrypted:	false
SSDEEP:
MD5:	F94A2211CE789A95A7C67E8C660D63E8
SHA1:	F1FC19B6BCB96D0A905BF3192AAFF0885FF9F36F
SHA-256:	926DC3302F99EC05E4206E965DDEB7250F5910A8C38E82C7BEAFB724BBAAF37B
SHA-512:	EAC0FC89C2D6CCEB9F4C18DFC610DFF8BC194D3994F0C74B3D991F8423C6DADE11D805E76124596521C58AFA9939B45D2D3157F0A48626E12548020FC38364D3
Malicious:	false
Reputation:	unknown
URL:	https://challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?render=explicit
Preview:	"use strict";(function(){function bt(e,r,t,o,u,s,m){try{var b=e[s](m),h=b.value}catch(d){t(d);return}b.done?r(h):Promise.resolve(h).then(o,u)}function Et(e){return function(){var r=this,t=arguments;return new Promise(function(o,u){var s=e.apply(r,t);function m(h){bt(s,o,u,m,b,"next",h)}function b(h){bt(s,o,u,m,b,"throw",h)}m(void 0)})}}function M(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):M(e,r)}function Ie(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function Ve(e){for(var r=1;r<arguments.length;r++){var t=arguments[r]!=null?arguments[r]:{},o=Object.keys(t);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(t).filter(function(u){return Object.getOwnPropertyDescriptor(t,u).enumerable}))),o.forEach(function(u){Ie(e,u,t[u])})}return e}function fr(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Chrome Cache Entry: 173

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	61
Entropy (8bit):	3.990210155325004
Encrypted:	false
SSDEEP:
MD5:	9246CCA8FC3C00F50035F28E9F6B7F7D
SHA1:	3AA538440F70873B574F40CD793060F53EC17A5D
SHA-256:	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
SHA-512:	A2098304D541DF4C71CDE98E4C4A8FB1746D7EB9677CEBA4B19FF522EFDD981E484224479FD882809196B854DBC5B129962DBA76198D34AAECF7318BD3736C6B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............s....IDAT.....$.....IEND.B`.

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 387 x 130, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4178
Entropy (8bit):	7.927570165541991
Encrypted:	false
SSDEEP:
MD5:	84AACBF8A5D503DAE12271FE2FBDF48F
SHA1:	E3A530C470ECCBB04F62AD76B4071EF72A9CFB56
SHA-256:	437C8E4C210144757AA17FEE2DEFAD4B79805D53A29416928A9BDEF3850D9B65
SHA-512:	5306DB15C96B06AEA0A2843C309751F62B4E2FFE74AC1EFF68013218424E8CB4E746E8F8BE90D39B4F13623B7C65645095E36010FAC53230E823103DF8D64D1A
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............T1....PLTE....x........i..q..k..............u.........."""...)))>>>......JJJzzz...rrr.o......b..777...dddWWW....e......PPP...DDD......ZZZbbbmmm.........222...........W.......v.........7....I..]..\|...M\....JIDATx...[.:..K.(-e. ..n...8..W..-i.....o...i.h.$'{-......................./.....[t....J....b.ev'.c.R......}?...i........]/..#...g<t..A.h..y.2../.`.2../.`.2.....x....u..S.......~<?.,..........B..:...n.'....&.....y...+...Bz.r..t\~h.....{..._.....{$.b0\|H.}.....R....m.6~.t.K6...K..p.....9....8.XA....>.$..7....cJ.Wuu.b..`4..m...>.7}.T]._0....x....:.t........BH..J...........=.L...:.p.V.g.....{\|..8..9..3K...I.d0..\[``...V.yEP.J.b.R(w-%..z}..eN..O.I.`p......a.T...+...R.n..3.K.b.}Q....?d....-.7Q..:...a..,-.+-.,5.....v.yp..fv..?_....B....z._......b.^...k..1.5X......#.E..`...%,...cP.TJ....n..h..R...fx.-Fp.oV.,.wD..5u.W.C....a...PVmR...x+..O.5.`.........F:.P...L..>..@z.[e..x.-......w'...#.B.+...cf.^jB.[I_.)..~ao.Y^.

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 177

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	491
Entropy (8bit):	5.030568893952432
Encrypted:	false
SSDEEP:
MD5:	35C5FC587E7C0A24ABCE99861C219404
SHA1:	E08231DDAEC0DFD0A3F7C65195F8600B3E401E0C
SHA-256:	2AE6EAAE0202BC757CC21E60CE135103CE9F02982206B8BFB3EDE171A842ADC6
SHA-512:	EB76FA686BB00441A43BFC8A8987D5A86A824FDB2B0C4EC5882230D1AFF86DE6845B88665F125E1D1320185BE690F728979534064A6CD92A33E2605E15A0BF78
Malicious:	false
Reputation:	unknown
URL:	https://assets-usa.mkt.dynamics.com/1444fd8c-9cfc-ee11-9f85-6045bd059025/digitalassets/standaloneforms/ef5ac49e-32fe-ee11-a1ff-000d3a3b0220
Preview:	<div. data-form-id='ef5ac49e-32fe-ee11-a1ff-000d3a3b0220'. data-form-api-url='https://public-usa.mkt.dynamics.com/api/v1.0/orgs/1444fd8c-9cfc-ee11-9f85-6045bd059025/landingpageforms'. data-cached-form-url='https://assets-usa.mkt.dynamics.com/1444fd8c-9cfc-ee11-9f85-6045bd059025/digitalassets/forms/ef5ac49e-32fe-ee11-a1ff-000d3a3b0220' ></div>. <script src = 'https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js' ></script>

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65461)
Category:	downloaded
Size (bytes):	711081
Entropy (8bit):	5.444336573525724
Encrypted:	false
SSDEEP:
MD5:	FDC2BE4EB54FF521EB5F6CA57AEDAE03
SHA1:	580FEFB1274BB5A21E34DC206D3F042512CA2EDC
SHA-256:	36C366BC39F4B2EB17CC2EAC87B9B94199CB4DFC0FF9F3D8A2F4C2EADE1BB9C3
SHA-512:	42939CBF474C6593774F5B5FF13A5E9FCDDE7CAAE05229CBE9804C1368337B892EB3ED96CA85133A34AC0551696B4995EA203773B474BF31E50780BF9BDD53C2
Malicious:	false
Reputation:	unknown
URL:	https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/usa/FormLoader/FormLoader.bundle.js
Preview:	/! For license information please see FormLoader.bundle.js.LICENSE.txt /.var d365mktforms;(()=>{var e,t,n={317:function(e,t){var n="undefined"!=typeof self?self:this,r=function(){function e(){this.fetch=!1,this.DOMException=n.DOMException}return e.prototype=n,new e}();!function(e){!function(t){var n="URLSearchParams"in e,r="Symbol"in e&&"iterator"in Symbol,i="FileReader"in e&&"Blob"in e&&function(){try{return new Blob,!0}catch(e){return!1}}(),a="FormData"in e,o="ArrayBuffer"in e;if(o)var s=["[object Int8Array]","[object Uint8Array]","[object Uint8ClampedArray]","[object Int16Array]","[object Uint16Array]","[object Int32Array]","[object Uint32Array]","[object Float32Array]","[object Float64Array]"],u=ArrayBuffer.isView\|\|function(e){return e&&s.indexOf(Object.prototype.toString.call(e))>-1};function c(e){if("string"!=typeof e&&(e=String(e)),/[^a-z0-9\-#$%&'*+.^_`\|~]/i.test(e))throw new TypeError("Invalid character in header field name");return e.toLowerCase()}function l(e){return"strin

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3379)
Category:	downloaded
Size (bytes):	4210
Entropy (8bit):	5.364580472613482
Encrypted:	false
SSDEEP:
MD5:	59087D72EEDCB7650C9D5D6088440DD3
SHA1:	97B607FCE11F640E5764699038E50A76EB98944B
SHA-256:	E0E3FB0FE5CA541950CF8DD213FBE9E8957A3DB0010B515AD01ADFF6CA908A3E
SHA-512:	4F213391C01CFB017AB290007F3C7E66DB9B2A7A1EA4B4843DD52B0D7E5B1A5C04896BF1856806964F5A49C38A66403A8CDFE2C8C3EAF82C8318012F444DCD3F
Malicious:	false
Reputation:	unknown
URL:	https://standardplurnbing.com/captcha/style.css
Preview:	@font-face{font-family:FabricMDL2Icons;src:url('//res.cdn.office.net/owamail/20240308003.09/resources/fonts/o365icons-mdl2.woff') format('woff');font-weight:400;font-style:normal}@font-face{font-family:office365icons;src:url('//res.cdn.office.net/owamail/20240308003.09/resources/fonts/office365icons.woff?') format('woff');font-weight:400;font-style:normal}#loadingScreen{position:fixed;top:0;bottom:0;left:0;right:0;background-color:#fff}#loadingLogo{position:fixed;top:calc(50vh - 90px);left:calc(50vw - 90px);width:180px;height:180px}#MSLogo{position:fixed;bottom:36px;left:calc(50vw - 50px)}.dark #loadingScreen{background-color:#333}.darkNew #loadingScreen{background-color:#1f1f1f}.:root{--s:180px;--envW:130px;--envH:71px;--calW:118px;--sqW:calc(var(--calW) / 3);--sqH:37px;--calHH:20px;--calH:calc(var(--sqH) * 3 + var(--calHH));--calY:calc(var(--calH) + 20px);--calYExt:calc(var(--calH) - 80px);--calYOverExt:calc(var(--calH) - 92px);--flapS:96px;--flapH:calc(0.55 * var(--envH));--flapScal

Static File Info

General

File type:
Entropy (8bit):	7.838394669364466
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	-Case-id-#w93g94yv.pdf
File size:	33'391 bytes
MD5:	54fd20605867341c1a6183ce4faeb9ee
SHA1:	10be5548a1cf5806813867f67154456db14c5d57
SHA256:	3506380ccce8d18245c05fd5070db2c22a78aa98e709cebf3971ae9a3eb4ffcc
SHA512:	451f0fe407d46a0ee1c4fac053d61c7ae45883feda0423eacebff147754ab159d3fc7c518f037c3093f3f96d441b102e3c687c68526bde11498866c6252381c6
SSDEEP:	768:cTuFGIPq93ysxsVNvz6WUgrArBiN6b4Gjatgc96WsoyOpFMbU:guFG/BKWWUgrA9iN6PaN96WsMpFsU
TLSH:	16E2BEB6E6590C9DFDC387D54964F94D46BCF20707DB60C538388212B969EE8AF202F9
File Content Preview:	%PDF-1.4.%.....1 0 obj.<<./Title ()./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .5...1.5...3)./CreationDate (D:20240419060110-07'00').>>.endobj.2 0 obj.<<./Type /Catalog./Pages 3 0 R.>>.endobj.4 0 obj.<<./Type /ExtGState./SA true.

File Icon


Icon Hash:	62cc8caeb29e8ae0

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report -Case-id-#w93g94yv.pdf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\31c05d7a-1a9f-46c6-a559-8aa353036acf.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF616096.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b2c6a69f-a41b-47bb-9372-6337a4ef0ae3.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240419131223Z-162.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSI54d3.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-19 15-12-22-066.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\7b3aad06-0ef0-4f44-9b55-9fc64b243b09.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\89023863-4e44-4bed-9e27-01973633f2af.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\e16e919e-f355-44cc-bd26-ede9972a2f5a.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\f432ecc0-bdff-4699-b19f-76a03e990977.tmp

Chrome Cache Entry: 161

Chrome Cache Entry: 166

Chrome Cache Entry: 167

Chrome Cache Entry: 168

Chrome Cache Entry: 170

Chrome Cache Entry: 172

Chrome Cache Entry: 173

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Windows Analysis Report
-Case-id-#w93g94yv.pdf