Windows Analysis Report
35

Overview

General Information

Sample Name:	35
Analysis ID:	682137
MD5:	aeada84492f8313f44aae7c56d5d3f8f
SHA1:	a24677f6a7549cba7301d32a0132e153be989544
SHA256:	e94b94022adbee8686effd8c966a5380989bf8a8241c3fddd29a11de332afb6a
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

JA3 SSL client fingerprint seen in connection with other malware

Queries the volume information (name, serial number etc) of a device

Creates a process in suspended mode (likely to inject code)

IP address seen in connection with other malware

Classification

Signatures

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.3:56422 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.3:56421 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 5MB later: 28MB

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 93.184.216.34 93.184.216.34
Source: Joe Sandbox View	IP Address: 93.184.216.34 93.184.216.34

Source: unknown

DNS traffic detected: queries for: accounts.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 56421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 62273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56421
Source: unknown	Network traffic detected: HTTP traffic on port 56424 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63659 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60753
Source: unknown	Network traffic detected: HTTP traffic on port 56422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 62273
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56423
Source: unknown	Network traffic detected: HTTP traffic on port 63811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56425
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63659
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51086
Source: unknown	Network traffic detected: HTTP traffic on port 60942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56425 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 56423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60753 -> 443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=92.0.4515.107&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-92.0.4515.107Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /url?q=%68%74%74%70%73%3A%2F%2F%74%6F%2D%63%6C%69%63%6B%2E%66%75%6E%2F%65%72%69%58%46%76%4B%56%48%63%36%23%79%65%78%6F%72%79%76%6A%78%6A&sa=D&sntz=1&usg=AOvVaw2t3jeNlZEFZI-xvhukbEyl HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9X-Client-Data: CKqPywE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620
Source: global traffic	HTTP traffic detected: GET /eriXFvKVHc6 HTTP/1.1Host: to-click.funConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?utm_source=g3Ase2bbTdNbHV HTTP/1.1Host: sweetiestouch2u.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"sec-ch-ua-mobile: ?0Referer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/montserrat/v25/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"Origin: https://sweetiestouch2u.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.googleapis.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media.ext HTTP/1.1Host: example.orgConnection: keep-alivesec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"Accept-Encoding: identity;q=1, ;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept: /*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://sweetiestouch2u.com/Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global traffic	HTTP traffic detected: GET /lstatic/ae9d6c4c108a7ee9923f82e2306bcb9c/images/icon-heart-red.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: sweetiestouch2u.com
Source: global traffic	HTTP traffic detected: GET /lstatic/ae9d6c4c108a7ee9923f82e2306bcb9c/images/icon-heart.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: sweetiestouch2u.com
Source: global traffic	HTTP traffic detected: GET /lstatic/ae9d6c4c108a7ee9923f82e2306bcb9c/images/icon-times-blue.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: sweetiestouch2u.com
Source: global traffic	HTTP traffic detected: GET /lstatic/ae9d6c4c108a7ee9923f82e2306bcb9c/images/m1.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: sweetiestouch2u.com
Source: global traffic	HTTP traffic detected: GET /lstatic/ae9d6c4c108a7ee9923f82e2306bcb9c/images/icon-times.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: sweetiestouch2u.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundAccept-Ranges: bytesAge: 221725Cache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Thu, 11 Aug 2022 03:08:18 GMTExpires: Thu, 18 Aug 2022 03:08:18 GMTLast-Modified: Mon, 08 Aug 2022 13:32:53 GMTServer: ECS (bsa/EB1A)Vary: Accept-EncodingX-Cache: 404-HITContent-Length: 1256Connection: close

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.3:56422 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.3:56421 version: TLS 1.2

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9rscy23_i5v9my_174.tmp

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: classification engine

Classification label: clean2.win@31/65@9/10

Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: unknown	Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\35
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.com/url?q=%68%74%74%70%73%3A%2F%2F%74%6F%2D%63%6C%69%63%6B%2E%66%75%6E%2F%65%72%69%58%46%76%4B%56%48%63%36%23%79%65%78%6F%72%79%76%6A%78%6A&sa=D&sntz=1&usg=AOvVaw2t3jeNlZEFZI-xvhukbEyl
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,12796533771390455494,5363625801302401924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:8
Source: C:\Windows\System32\OpenWith.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\35	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.google.com/url?q=%68%74%74%70%73%3A%2F%2F%74%6F%2D%63%6C%69%63%6B%2E%66%75%6E%2F%65%72%69%58%46%76%4B%56%48%63%36%23%79%65%78%6F%72%79%76%6A%78%6A&sa=D&sntz=1&usg=AOvVaw2t3jeNlZEFZI-xvhukbEyl	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1752,12796533771390455494,5363625801302401924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\OpenWith.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2972:120:WilError_02

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.1552

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

File opened: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\crash_reporter.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\System32\OpenWith.exe

Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\35

Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\OpenWith.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.67	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false
93.184.216.34	example.org	European Union	15133	EDGECASTUS	false
172.217.16.205	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.185.132	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	sweetiestouch2u.com	European Union	13335	CLOUDFLARENETUS	false
142.250.185.142	clients.l.google.com	United States	15169	GOOGLEUS	false
5.161.54.249	to-click.fun	Germany	24940	HETZNER-ASDE	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
gstaticadssl.l.google.com	142.250.186.67	true
example.org	93.184.216.34	true
accounts.google.com	172.217.16.205	true
to-click.fun	5.161.54.249	true
www.google.com	142.250.185.132	true
clients.l.google.com	142.250.185.142	true
sweetiestouch2u.com	188.114.97.3	true
clients2.google.com	unknown	unknown
code.jquery.com	unknown	unknown
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://to-click.fun/eriXFvKVHc6	false	Avira URL Cloud: safe	unknown
https://sweetiestouch2u.com/lstatic/ae9d6c4c108a7ee9923f82e2306bcb9c/images/icon-heart-red.svg	false	Avira URL Cloud: safe	unknown
https://www.google.com/url?q=%68%74%74%70%73%3A%2F%2F%74%6F%2D%63%6C%69%63%6B%2E%66%75%6E%2F%65%72%69%58%46%76%4B%56%48%63%36%23%79%65%78%6F%72%79%76%6A%78%6A&sa=D&sntz=1&usg=AOvVaw2t3jeNlZEFZI-xvhukbEyl	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=92.0.4515.107&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://sweetiestouch2u.com/?utm_source=g3Ase2bbTdNbHV	false	Avira URL Cloud: safe	unknown
https://www.google.com/url?q=%68%74%74%70%73%3A%2F%2F%74%6F%2D%63%6C%69%63%6B%2E%66%75%6E%2F%65%72%69%58%46%76%4B%56%48%63%36%23%79%65%78%6F%72%79%76%6A%78%6A&sa=D&sntz=1&usg=AOvVaw2t3jeNlZEFZI-xvhukbEyl	false		high
https://sweetiestouch2u.com/lstatic/ae9d6c4c108a7ee9923f82e2306bcb9c/images/icon-times.svg	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://sweetiestouch2u.com/lstatic/ae9d6c4c108a7ee9923f82e2306bcb9c/images/icon-heart.svg	false	Avira URL Cloud: safe	unknown
https://sweetiestouch2u.com/lstatic/ae9d6c4c108a7ee9923f82e2306bcb9c/images/icon-times-blue.svg	false	Avira URL Cloud: safe	unknown
https://sweetiestouch2u.com/?a=1868012&cr=57748&lid=19953&mh=TWpVZHNsdmF5SEF4eWJmcm9BaGdMV1Z6cEVXeE54YXRRUndzRU8tMzU4NzU%3D&mmid=2760&p=0&rf=uu&rn=zc4ZodGUys4WmdeVEhG&t=notrack	false		unknown
https://sweetiestouch2u.com/lstatic/ae9d6c4c108a7ee9923f82e2306bcb9c/images/m1.jpg	false	Avira URL Cloud: safe	unknown
https://example.org/media.ext	false		high

ID:	682137
Product:	CloudBasic
Start time:	05:06:22
Start date:	11.08.2022
Sample:	35
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:
Architecture:	WINDOWS
MD5:	aeada84492f8313f44aae7c56d5d3f8f
SHA1:	a24677f6a7549cba7301d32a0132e153be989544
SHA256:	e94b94022adbee8686effd8c966a5380989bf8a8241c3fddd29a11de332afb6a

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0	data	0FC1648A0D19CDD69F1792624A33FE7C	EFF08B65B1FF7183FA66F11175A9DA4C75BF9AC3	10DAD571F7116A7D9ED43F2AB3C4831BC012D9FF5C86C76D55A693151885DBB8
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0	data	E372CA140FC18C013D32E8B8C61D0820	147AABD6A034E0B20288647E42B5718CAC474582	E57DC27FCA6646F3C4168C48097451514721A08FB633F2F6A670472B03E7B647
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0	data	08BBA5D6FA3685E725A8A85A791942E0	3901CE7FD8E97E6A09F2BBD65D03D67005BB9E44	AA72B6018B7ADC65960FD071A184431D6C95A734991C84EE200196851B39E2C4
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0	data	FEAC663BC48FEFD5D95C21F063B18B4B	35A2583B0822F2F27C5F635B52764F28E48C2779	951B8829C7C98B44DCDE6F1ABDB71C5E16A4F59DD049CF8B369A9DC402B82B4C
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0	data	279185060F98815F1EF432CEF7EE7268	32B5A27781F7DFF1B492D37352055394591830D3	5BB2E85F7CABF8F1CEB77DB6007CD773117DD242C6CB39CBEA4242FEFA50FCB2
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0	data	17123792B5E686EE68BAD37FCE5F60E3	EE4C9255DBD6EFF2E25E1EFD4F6A73DAF83712C4	E1B0E5F3FA9365FC605A8B6DDDFD42CF02309E4685371E5DC1F064A207BBCD00
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0	data	93FF0FFE0D609077BE05E1C5D1366EA0	FB92DBD0936A856DC290466BDF6E92DB8FC6E31C	E321FF3BD29429BFD218F9B9E5B978168CA002D5289CBF23AC0AA392C9B0669F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0	data	CF63BD82677A14078BB3EAF9BD25534C	FB0A00B86C2984A3127DDABD6C92185B9D6B1724	6DDE2AF6768EEF51A4F0F91E2CA498AC328F89722FB618D55FC1D187C510E767
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0	data	050A3FF476D0CFD850A1B1EB965545BF	FBC39A1E39BF83F66DCE4D94F63E71001CD0ED6D	6626DC26B1A21F35CF8C6B16A0CD8A6560AFC5ED4479C68BFBF1A4DBCD453FC0
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4ca3cb58378aaa3f_0	data	6D57656762F19871944A8E3EFFD5E92E	558B692C025BF35B43AEEF8C797AA8540A528185	59F7810B9BBF423402D7EA87E7A7504F360941AF713C60A02DB08867DE453439
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0	data	53FFAFEE67839E964C651E060E4170D0	B7BEAA5D18AE683DC27D71C8CBEDCF712B627954	DD5B0B4084D0B046C545238A4DD4906A53BA7DADD52FCD64AF3D1EB10242B2B8
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0	data	56E7594227269EB5F9575AF4737BDF03	A3DE4E98100B1AD294899562F451051F0E320054	632F17675075BB32DB5AD941403464B63A9A2CE34D4AF332787E34BB0F7BA895
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\64766d63a539c3ca_0	data	6B67AA9A50531FE12101D86D84F5E0DB	D1091EA58694809521AEF3E87486441EB969F6F3	9B969760ED0BF9A494EE2178D6487B825537F034FF4F366F38DCA412813E6272
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0	data	65DC11945D7836CAC42CFA8F256933A8	FE5A72CBDABED8766C8E0AC24E328E1019C52F3E	CD3971E75F8993C731C10C333BF6C7147E50B78A42764DE7390243E9CB8F47FE
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0	data	B835E31DA7ADA47B408AB8DC3C558EC5	D4EC7607D4AB348C34C66572AD78B08CE282EB32	ABD7B44C81EDDCB7C1CAD12001D79F3056C1FB11EBF6BA87FC61CE8C12C27DC5
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0	data	1ED295D15027AE22D929F2780953AA93	A2962D40D3F0F5904723EEE7721D93975DC95972	23DC6307997EC1D2BB263E011144B54666F329B898D318E51B19910180AFC6AC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\72d9f526d2e2e7c8_0	data	706690C90B7750765E419D45A5A17983	B962353A69397EEFB55AE87CD04BFA7D2D21C6E4	B100CECBBBE9279E9EE179AAD4C27149DF38B30DA3A63F2A4804DF37661D7A66
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\78bff3512887b83d_0	data	BB35E5628B951A95D3672E1FB6D7CC77	C670F4637D2E256370CB7329F15F93867C433F38	0F3719B410E1C1609C207A8D571790F64ABDB558AA757F1137D4C907491FD263
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0	data	B4A156565B030FBF2E8CEAD01FF85510	34C13731E7D1FFB567ED44F50065CB3E89EC1886	7110640CFBFE8BA37A3B2EDBC2DED7409484F73EDE9EA6B08E1E43C1619ED1CF
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0	data	195E00579710CABF758B1F5A61F56E9B	A07C25C010AADC873D7261408B1ED5B57AE1A8E9	9D34D4D524997C3A484E665B521C0CB82EB4D4152456A8526E73743B4FBF81AC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0	data	390836E201CC7D88E0959FB5F9D9E6C9	DE99CCDDD4DF9083DAA866AED3F5C5AE7CF28102	F0CE44E8F13310C26DD19684C136B554DAC7771B7CB62E7BEEE08160500E9646
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0	data	30CA0345342B8B7BE39E192AF6D75702	614614917968FA857440D1DD39DC103DB1FB19B3	B6DA6D08EA5CA0D2761F2784D8CAABB5A3F2978FB335188B9FF45ECB9179BEC9
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0	data	8C7C1ED241A452EC5BD562069FEF991E	A63FDE23AD76E6E4C9A501E87F466524BE46300F	1F6DADE0FBCBC0D0D1D59FD23A85BE24D229271CDCB41A8D1153B24AB0772935
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0	data	8E794FCED23D980D64F125498EF93EC9	AD01B1A525B08B96318C7BEA6A2B3A21AC3A1463	A4F7EE6CB6E9FF011368CF8BD7A5AD57C2EF9F7F6BEA1E722D220295EB580A1A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0	data	6DC3621BD62F7709719BDA86EF57D533	302D67ADD60C75FC3D37965072A2B54B9CA57419	C3E0EBC75F0A8E55C98CB9084119D41A333BF23689EEC88FD69781165AB80CA6
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0	data	839649E9C0240218E5052D68033DD4A8	769996247EE753009AFA72C588C856CBE643FF9E	EBEB4DBA13AF9ADDA59717B6C2BBA40D962EA86942D0385CAF8EB6EFB42CEA89
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0	data	8C13744E08A423AA6DDBEC08730265C3	34A5A4D71D15FBEADAC7B0CF314030B08654CDB0	0E13EDD53705B1FBCADE5F89C2D88818006E87F2CB0E199A75F90319FC704CEC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0	data	7E9109EDB73E8CEAF50220E94F9F4F49	790D6935AF93D0D229476AE4428B4583267C3112	497BA6662D2780F261751DC5A6A6B179C6D8BBAA431C3D74C35588281A64C8C9
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0	data	C29F2044C1981D5381E6A8A9E823344A	569775C5CD26F9DE067EB4FBB646F639ACA9F7AE	47927D938543A71FA7B855A55AFB710BED3CDC403648227CB8401D3AED492CFC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0	data	E7D279DFA39305E28BDD93110806EF57	C91BA68F80EB14CE7918FA7AA7D1AFD77B0EB4F9	16F08A54EE9A7669FF688B4C56F69941A985FA706133B9FFF2612D1564D9F4D1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0	data	01A3C06868C8270E2D89AB5765BC2C5F	D2A448D684FA0C1751C5C4E67815312F3865D01E	4FCBCFFEEF5E8D6BC9A3CE03C2102A53706BB3F89B4CF04295612991C2EDFE13
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0	data	000925A60CA011E904F39C0EDFEC4214	9151BEA33E8E7143C0454099F1EFA41494A9F592	DFAF167FB5910856AFED8AFD70CCB208AC044F582E216510B239ABA5D978C626
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\e58e492b0f04240a_0	data	DA36C2643C7733D19F2BA281720A5B87	373AC6FB69D32E3DB614C9BB465276BD17F11D99	E979043A5B5DFE69C1BA1A67F409D3FED6B1CEFB75BD3D715186BB5376E8DC11
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0	data	22308FCD38E6D4B13CF07BBBC4F00906	0EE4B2E4CE95C74123D0DCDDB3D110AC642B4E5A	96CA11F0C3F9A4295AFF62DEEFA7ACA2E289EDACB8753BC7D9FF9917497FAE48
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0	data	D2F9687B611CA6C6890F121E29CE6A7E	E5939D3CA495C99B99C6D9FC2806ACCF84FA65A2	3B21CBCADF763958AAF52C9467819B7ACE75B09FB169C4C254532F7CF976D313
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0	data	873D0B25AA40C41A7397589C450C97A0	894AAAFBAE8C1532D949CF90B73E68EE7856BD40	CD15C568E5E7E02092DD0E4C0FBA015EF835028EE3E26F9843031A0765AEC810
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0	data	E2E764BE6F225C3113AC9B0271F67D01	9933CD2750572E28C949D393BA6D7917D69EF56C	D402E87048C6392845EFB0BD541B438EABA09BC28297518F6CB2166CBFE9F537
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0	data	EA2B030FC6E0B5AC39C7FB6EC6DD4790	B28248B4B78650464B98B895679E68913E450C67	FA5EF028B53C9F879A95B07A4C0E440CBB91A8289D639DAE728806157B31D8B8
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index	data	914F51E7C48AAF43AFF1DED9814D3075	554E2B48B13F877771F0E138CCAB84007A9A7B5D	D4639E83AF6D4A22D3DDA52EB7F895010C6B369AE08946E92391035C659C2D62
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)	data	914F51E7C48AAF43AFF1DED9814D3075	554E2B48B13F877771F0E138CCAB84007A9A7B5D	D4639E83AF6D4A22D3DDA52EB7F895010C6B369AE08946E92391035C659C2D62
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	7EE87B1C99C2EE4E77875AB4B055BA2F	06013EED1A5ACB0DD9AB1002B5CD0A7131089750	CBEE633C06DFABD7D8DC689A9049252A1B0E8BE68A91F1A17209C349D0F25381
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.1552	PostScript document text	7077109515BD1FBF8EDB99EF26177642	5B69D757ED47A4CB08FD25CA697F01F19D05DBEC	4965B1A9DBE3A95B647CDBF287F1CAFBA299BA98FCAFC459DC67BD2C255E411E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt21.lst (copy)	PostScript document text	7077109515BD1FBF8EDB99EF26177642	5B69D757ED47A4CB08FD25CA697F01F19D05DBEC	4965B1A9DBE3A95B647CDBF287F1CAFBA299BA98FCAFC459DC67BD2C255E411E
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_READER_LAUNCH_CARD	ASCII text, with no line terminators	C6CECBE9B2472FE10F81513600A2BC3F	40CCA938288C71C9845BED7B576B48EB87554460	8C7527259402E31657C7C941755B5D664BB498A8AFBA655D14F0444C095C85E2
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Banner	ASCII text, with very long lines, with no line terminators	6655DB5D36CFD5C7B46B2CDFF9B41BB4	B297982CC8DC4B5486F6ADDAAB878FABB531AC9B	119FFD5FC4574A7F2566A10954E2735DDDA5F1960FDDC7CE20D6D666108CEC53
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\DC_Reader_RHP_Retention	ASCII text, with no line terminators	B6235642AE081CB817C043EC6D2FDABF	05319B41F7E9D9C9F87A6114583ADF42398F1262	D858BCAE57E181CB46D58568E3985EE678BBE0A149062BE4CF0F79E810E33071
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\Edit_InApp_Aug2020	ASCII text, with very long lines, with no line terminators	33F004535DB04C103CA5D561896B995E	523E035C7415B46436E279CBA5BA856C2481B8AC	CFBFE172F7C20A0129ED1111516B5390919A64D4913C61252598DEE6366688FE
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\Files\TESTING	data	DC84B0D741E5BEAE8070013ADDCC8C28	802F4A6A20CBF157AAF6C4E07E4301578D5936A2	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Reader\SOPHIA.json	ASCII text, with very long lines, with no line terminators	E13684FD76A7B87580DFB3AB684891EF	235527C627188290E46410BFD667EC8C671B36CA	ABC921F59A715DC126CCA054B644D08A6665AAB513AEB8FF051757A60EA32644
C:\Users\user\AppData\Local\Google\Chrome\User Data\90ee39b9-898c-4bbc-84a5-b3abe0dbcf95.tmp	ASCII text, with very long lines, with no line terminators	549D76754A5BFFB6B274ED5E03095283	758028EDBF578FBFE4AA52E5CFAAD15F64FDC91D	C4E56759663F91C8A639EAB1EA4707AF9DA377BC4CFAF7DBB9F70405CAB35D91
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	FA7200D6F80CD1757911C45559E59C0E	89C6E99BAEC4EBB3E9A97B928FB473D1498EBA88	D9779EA4D6DD544A23C2A1C53146B6A4E596927F47DFA0680B0A7EE751D43BB2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\64a655de-b89f-431e-8e35-acaadc02e727.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	475D05C6AFA5FCB97A38D605CBB7AEF7	E96ECF2EA61B529CB20C0876154856D4F22F9FFB	DC1A0364CD0EBA82D95BA71D57322BD19531AA9CAEBFB5855B5A881FB309A27A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	58FB7B9F0BD816F6DB20341ABC0A960F	005E25409B6F648D505AB2AEB5A68DB41B54D275	4EEEF82D60C4C2393284BCC05A12432A9C83931D5AA91B51383B366F069103F3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	475D05C6AFA5FCB97A38D605CBB7AEF7	E96ECF2EA61B529CB20C0876154856D4F22F9FFB	DC1A0364CD0EBA82D95BA71D57322BD19531AA9CAEBFB5855B5A881FB309A27A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cb6b73b3-04a7-4d1f-a6df-f433309a40d0.tmp	ASCII text, with very long lines, with no line terminators	3DBA7371D811AA0994A98166BA542770	266B10F5BC79B5CA2049B8AF13AE4B036C807D86	171ACEC816BE03EC97C12D9CBBCBDDFD72F4B1F1E794BF6F4B548F04E5B8AB07
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cc86497f-ed56-4924-a5f1-83364ab7deb6.tmp	ASCII text, with very long lines, with no line terminators	58FB7B9F0BD816F6DB20341ABC0A960F	005E25409B6F648D505AB2AEB5A68DB41B54D275	4EEEF82D60C4C2393284BCC05A12432A9C83931D5AA91B51383B366F069103F3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e3aeef77-a893-4fdb-9658-3de8384825a8.tmp	ASCII text, with very long lines, with no line terminators	AA7315AA5F9213239EE42C46949F4D30	A214693BEB5310D56EEE418F31ECC22010E716C9	861241EF2D90248649E737F3451F324F6568A521FB42C1F9904E6FCFA923EC45
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ee392d12-1008-445d-b43d-9cb8553a0994.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	3393ABFBD1F294EDCBF3BE1124040DE7	4E0B25C570099720F574F17A270EB1DFC00DA8A1	9251729649B806E618E6CA19E1B1D29DB2156452A6B88E5E3272CD8B87881995
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f1a4c216-12d5-426a-b453-44fefa39f947.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	3A0E5D4F452CF99191634D0FFAB744A0	F115BBB898EEFF640D8D19AD44A86C3FCDFFC0AD	B9D528D3AE283039F4700C7E4E790744C58A26353A91B536DD91CBA4F648A35F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	549D76754A5BFFB6B274ED5E03095283	758028EDBF578FBFE4AA52E5CFAAD15F64FDC91D	C4E56759663F91C8A639EAB1EA4707AF9DA377BC4CFAF7DBB9F70405CAB35D91
C:\Users\user\AppData\Local\Temp\46d86dfd-bb38-4c1d-99f2-b24edd8a3ac3.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.acl	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.dic	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
C:\Users\user\AppData\Roaming\Microsoft\Spelling\en-US\default.exc	Little-endian UTF-16 Unicode text, with no line terminators	F3B25701FE362EC84616A93A45CE9998	D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB	B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209

Windows Analysis Report
35

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report 35

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Software Vulnerabilities

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
35