IOC Report
https://u43957641.ct.sendgrid.net/ls/click?upn=u001.0Q2k6Tkbkoom04JcBCS1bm-2FvOge1W36GwvuSdih0P4JugvzV4-2FrWyPqZWCP-2FjIBNLIQsDH-2BiJ-2FwtGIsQEo-2F1lg-3D-3DD4vy_FXZTG-2Bj8dxNvEuxDJrPqKA8uB9LHQ48OflWnDl8SlkMIeqE5kJRv-2BwjlJ-2BTz9LaXXbddhQoxXZFjW61L1BulkplVPhKO5ARKFw4WBNXwUjDYnN9WjvMC1qZal-2BSbiVhkNDX

Files

File Path

Type

Category

Malicious

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.2156

PostScript document text

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

PostScript document text

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

SQLite 3.x database, last written using SQLite version 3040000, file counter 23, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 23

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

SQLite Rollback Journal

dropped

C:\Users\user\AppData\Local\Temp\MSI27751.LOG

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-04-24 13-01-06-381.log

ASCII text, with very long lines (393)

dropped

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:59:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:59:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:59:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:59:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 09:59:42 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide

dropped

Chrome Cache Entry: 165

XML 1.0 document, ASCII text, with no line terminators

downloaded

Chrome Cache Entry: 166

XML 1.0 document, ASCII text, with no line terminators

downloaded

There are 24 hidden files, click here to show them.

Domains

Name

IP

Malicious

www.google.com

142.250.141.103

u43957641.ct.sendgrid.net

167.89.123.147

Details

Name:	u43957641.ct.sendgrid.net
IP:	167.89.123.147
TargetID:	1
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Active:	true
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Spawns processes	System Summary	Process Injection

091.it-mil-1.linodeobjects.com

unknown

IPs

IP

Domain

Country

Malicious

167.89.123.147

u43957641.ct.sendgrid.net

United States

1.1.1.1

unknown

Australia

192.168.2.17

unknown

unknown

142.251.2.84

unknown

United States

192.168.2.4

unknown

unknown

142.251.2.138

unknown

United States

239.255.255.250

unknown

Reserved

142.251.2.139

unknown

United States

142.250.101.94

unknown

United States

34.193.227.236

unknown

United States

142.250.141.103

www.google.com

United States

172.232.192.101

unknown

United States

74.125.137.94

unknown

United States

172.64.41.3

unknown

United States

23.206.4.165

unknown

United States

There are 5 hidden IPs, click here to show them.