Edit tour

Windows Analysis Report
Biolegend.com_Report_93129.pdf

Overview

General Information

Sample name:	Biolegend.com_Report_93129.pdf
Analysis ID:	1514327
MD5:	11933b242bac81dabf26ed3187f3ffd5
SHA1:	0cd313a8d48265e93f0b1b1a67f913ea125bf70b
SHA256:	23b84c577227ff563e2555ff5c31f5609d232d9fd2d28ca8a23225565d245e93

Detection

Score:	20
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

AI detected landing page (webpage, office document or email)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

Acrobat.exe (PID: 6320 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Biolegend.com_Report_93129.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2760 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6564 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1548,i,16262622228483436563,1998081881345400392,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 7892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8100 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1760,i,13068054190579309640,9545765479306105302,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5736 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4176 --field-trial-handle=1760,i,13068054190579309640,9545765479306105302,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6424 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1760,i,13068054190579309640,9545765479306105302,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary
• Persistence and Installation Behavior
• Boot Survival
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion

Click to jump to signature section

Show All Signature Results

Source: unknown

HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49741 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.220.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: id.google.com
Source: global traffic	DNS traffic detected: DNS query: dns-tunnel-check.googlezip.net
Source: global traffic	DNS traffic detected: DNS query: tunnel.googlezip.net
Source: global traffic	DNS traffic detected: DNS query: www.youtube.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown

HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49741 version: TLS 1.2

Source: classification engine

Classification label: sus20.winPDF@54/47@14/336

Source: Biolegend.com_Report_93129.pdf	Initial sample: mailto\072teng\100unipharmnz\056co\056nz
Source: Biolegend.com_Report_93129.pdf	Initial sample: http\072\057\057www\056unipharmnz\056co\056nz\057
Source: Biolegend.com_Report_93129.pdf	Initial sample: \040\150\164\164\160\163\072\057\057\167\145\142\056\156\166\143\143\056\143\157\155\057\143\167\164\057\145\170\164\145\162\156\141\154\057\167\143\160\141\147\145\163\057\162\145\146\145\162\162\141\154\056\141\163\160\170\077\122\145\146\145\162\162\141\154\124\171\160\145\075\127\046\120\162\157\146\151\154\145\111\104\075\066\071\070\067\046\114\151\163\164\151\156\147\111\104\075\067\064\066\071\046\103\141\164\145\147\157\162\171\111\104\075\066\063\067\046\123\165\142\103\141\164\145\147\157\162\171\111\104\075\060\046\165\162\154\075\057\057\144\143\164\157\157\154\163\056\155\157\157\157\056\143\157\155\057\163\155\151\154\145\171\145\163\057\154\157\147\151\156\057\161\167\145\162\164\171\057\160\160\165\150\154\100\142\151\157\154\145\147\145\156\144\056\143\157\155\040\000
Source: Biolegend.com_Report_93129.pdf	Initial sample: \040\150\164\164\160\163\072\057\057\167\167\167\056\142\156\172\056\143\157\056\156\172\057\144\151\163\143\154\141\151\155\145\162\163\040\000
Source: Biolegend.com_Report_93129.pdf	Initial sample: mailto\072mark\137bullers\100bnz\056co\056nz

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-20 00-28-55-861.log

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Biolegend.com_Report_93129.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1548,i,16262622228483436563,1998081881345400392,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding CF860C03CC0485475D594BB66B8594AE
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2248 --field-trial-handle=1548,i,16262622228483436563,1998081881345400392,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1760,i,13068054190579309640,9545765479306105302,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1760,i,13068054190579309640,9545765479306105302,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4176 --field-trial-handle=1760,i,13068054190579309640,9545765479306105302,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1760,i,13068054190579309640,9545765479306105302,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4176 --field-trial-handle=1760,i,13068054190579309640,9545765479306105302,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 --field-trial-handle=1760,i,13068054190579309640,9545765479306105302,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Biolegend.com_Report_93129.pdf	Initial sample: PDF keyword /JS count = 0
Source: Biolegend.com_Report_93129.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: Biolegend.com_Report_93129.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Persistence and Installation Behavior

AI detected landing page (webpage, office document or email)

Source: PDF document	LLM: Page contains button: 'Review Documents' Source: 'PDF document'
Source: PDF document	LLM: PDF document contains prominent button: 'review documents'

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

Process information queried: ProcessInformation

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
x1.i.lencr.org	0%	Virustotal	Browse
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
www.google.com	0%	Virustotal	Browse
plus.l.google.com	0%	Virustotal	Browse
play.google.com	0%	Virustotal	Browse
apis.google.com	0%	Virustotal	Browse
www.youtube.com	0%	Virustotal	Browse
youtube-ui.l.google.com	0%	Virustotal	Browse
id.google.com	0%	Virustotal	Browse
tunnel.googlezip.net	1%	Virustotal	Browse
dns-tunnel-check.googlezip.net	1%	Virustotal	Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown
youtube-ui.l.google.com	216.58.206.78	true	false	0%, Virustotal, Browse	unknown
plus.l.google.com	142.250.184.206	true	false	0%, Virustotal, Browse	unknown
play.google.com	142.250.184.238	true	false	0%, Virustotal, Browse	unknown
dns-tunnel-check.googlezip.net	216.239.34.159	true	false	1%, Virustotal, Browse	unknown
tunnel.googlezip.net	216.239.34.157	true	false	1%, Virustotal, Browse	unknown
id.google.com	216.58.206.35	true	false	0%, Virustotal, Browse	unknown
www.google.com	142.250.181.228	true	false	0%, Virustotal, Browse	unknown
x1.i.lencr.org	unknown	unknown	false	0%, Virustotal, Browse	unknown
www.youtube.com	unknown	unknown	false	0%, Virustotal, Browse	unknown
apis.google.com	unknown	unknown	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.67	unknown	United States	15169	GOOGLEUS	false
142.250.74.202	unknown	United States	15169	GOOGLEUS	false
142.250.185.206	unknown	United States	15169	GOOGLEUS	false
173.194.31.7	unknown	United States	15169	GOOGLEUS	false
184.28.88.176	unknown	United States	16625	AKAMAI-ASUS	false
172.217.18.14	unknown	United States	15169	GOOGLEUS	false
216.58.206.78	youtube-ui.l.google.com	United States	15169	GOOGLEUS	false
216.58.206.35	id.google.com	United States	15169	GOOGLEUS	false
54.144.73.197	unknown	United States	14618	AMAZON-AESUS	false
142.250.185.163	unknown	United States	15169	GOOGLEUS	false
74.125.172.234	unknown	United States	15169	GOOGLEUS	false
172.217.18.97	unknown	United States	15169	GOOGLEUS	false
142.250.186.132	unknown	United States	15169	GOOGLEUS	false
142.250.186.70	unknown	United States	15169	GOOGLEUS	false
74.125.172.138	unknown	United States	15169	GOOGLEUS	false
142.250.184.206	plus.l.google.com	United States	15169	GOOGLEUS	false
142.250.186.97	unknown	United States	15169	GOOGLEUS	false
172.64.41.3	unknown	United States	13335	CLOUDFLARENETUS	false
66.102.1.84	unknown	United States	15169	GOOGLEUS	false
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
216.58.212.138	unknown	United States	15169	GOOGLEUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
142.250.185.234	unknown	United States	15169	GOOGLEUS	false
216.58.206.42	unknown	United States	15169	GOOGLEUS	false
142.250.181.226	unknown	United States	15169	GOOGLEUS	false
2.23.197.184	unknown	European Union	1273	CWVodafoneGroupPLCEU	false
93.184.221.240	unknown	European Union	15133	EDGECASTUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false
74.125.8.231	unknown	United States	15169	GOOGLEUS	false
142.250.185.194	unknown	United States	15169	GOOGLEUS	false
216.58.212.182	unknown	United States	15169	GOOGLEUS	false
142.250.186.142	unknown	United States	15169	GOOGLEUS	false
64.233.184.84	unknown	United States	15169	GOOGLEUS	false
142.250.184.238	play.google.com	United States	15169	GOOGLEUS	false
142.250.186.42	unknown	United States	15169	GOOGLEUS	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false
104.77.220.172	unknown	United States	16625	AKAMAI-ASUS	false
216.239.34.157	tunnel.googlezip.net	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1514327
Start date and time:	2024-09-20 06:28:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Sample name:	Biolegend.com_Report_93129.pdf
Detection:	SUS
Classification:	sus20.winPDF@54/47@14/336
Cookbook Comments:	Found application associated with file extension: .pdf

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 184.28.88.176, 54.144.73.197, 107.22.247.231, 34.193.227.236, 18.207.85.246, 172.64.41.3, 162.159.61.3, 2.23.197.184, 93.184.221.240, 2.19.126.149, 2.19.126.143
Excluded domains from analysis (whitelisted): e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, acroipm2.adobe.com.edgesuite.net, wu.ec.azureedge.net, ctldl.windowsupdate.com, p13n.adobe.io, wu.azureedge.net, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, geo2.adobe.com, wu-b-net.trafficmanager.net, crl.root-x1.letsencrypt.org.edgekey.net
Not all processes where analyzed, report is missing behavior information

LLM Input / Output

Input	Output
URL: PDF document Model: jbxai	{ "brand":["DocuSign"], "contains_trigger_text":true, "prominent_button_name":"Review Documents", "text_input_field_labels":["unknown"], "pdf_icon_visible":false, "has_visible_captcha":false, "has_urgent_text":false, "has_visible_qrcode":false}

Input

Output

URL: PDF document Model: jbxai

{
"brand":["DocuSign"],
"contains_trigger_text":true,
"prominent_button_name":"Review Documents",
"text_input_field_labels":["unknown"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.183300962633464
Encrypted:	false
SSDEEP:
MD5:	749290865D6D56670266F1E98FFAB685
SHA1:	8FB6FE0B1814E9EFCABF2D39E884296E07F29F62
SHA-256:	C4BC33B797D0F0CA04F083A9E96A2A6B7C272F487DEAE319B0F722F115D72402
SHA-512:	6E44CC86DC9F1A00832449DA16A55A0EC0EA665757A7B24EC46238EBC519480FE6003ECFE4B41D326FDCCEF7D76CAF8915519DADF389E3D3951FAA0ABDC70794
Malicious:	false
Reputation:	unknown
Preview:	2024/09/20-00:28:54.303 1858 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2024/09/20-00:28:54.306 1858 Recovering log #3.2024/09/20-00:28:54.306 1858 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.158739981677264
Encrypted:	false
SSDEEP:
MD5:	0CDEAD65DF49D826C85059DD606CDC20
SHA1:	9A455F6772520AB5C7ABE0E81A1F7C79772C72D8
SHA-256:	F3DC54B45A1A8834130AFA248887E3C9AB0AD68ED78A2AB1A3F5E9A59CAEB23B
SHA-512:	1D0A1491A1F666F0C76F654D61A90D54F6CF03A3D11DF5CA818AE14AB5FD13637DC4228F437883C5FB42E22F109CE82F89730A5A09B9815E3065B5EC5579B9BD
Malicious:	false
Reputation:	unknown
Preview:	2024/09/20-00:28:54.191 19b8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/MANIFEST-000001.2024/09/20-00:28:54.194 19b8 Recovering log #3.2024/09/20-00:28:54.195 19b8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9df3a770-3287-49b4-8e97-81478b0692d8.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	modified
Size (bytes):	403
Entropy (8bit):	4.953858338552356
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5bc3e1.TMP (copy)

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	4C313FE514B5F4E7E89329630909F8DC
SHA1:	916EED77EC8C9DC90C64FF1E5CC9D04D4674EE56
SHA-256:	1EE7C151EF264F91FCDCCB6644F62DC33E27A4E829DAAB748DA1DE4426400873
SHA-512:	1726CAFCBA0121691DFA87A7298E6610BC4C7FD900867FD1B1710811E764918585E56788E08B7CA2CEE001F5DFD110E1BE6F6BBD7C2A7B7E2FC87D3DED210205
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13341145152835463","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":144284},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b7f888d4-e735-40c8-ad81-bc792cde4117.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	403
Entropy (8bit):	4.981514038373017
Encrypted:	false
SSDEEP:
MD5:	F8FEF94E33F1CCD295B0FCA062F1CD27
SHA1:	EC5844A3E0F8B31B0BDC586B973BD98972156E32
SHA-256:	A2B5F1F0BFA85E9C24CF05D3AC372B7B1FC4599364D31E514CCCD169C5DF0025
SHA-512:	5570F1B2FB439E206691E07057F16C063F82DA9B1DD1BF29EF25277B959D65D08715D7882BE6AB6EF7B0BB7BB669FCFACAF5D0D6FC070C954228CE08E6197EC2
Malicious:	false
Reputation:	unknown
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13371366546254944","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":130498},"server":"https://chrome.cloudflare-dns.com","supports_spdy":true}],"supports_quic":{"address":"192.168.2.16","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	4099
Entropy (8bit):	5.229838141044166
Encrypted:	false
SSDEEP:
MD5:	6BB252E8FD92338B2DE269774AC90CF4
SHA1:	044A2C4D28E30B0B3E2D32D6CC9F43427F3E22C6
SHA-256:	0B77C9F1D338B5B7DF8C0FA2E224DFF30BA3EB58D8A1006C28E985C2B009723B
SHA-512:	BF2CF0F8500D8803429C3FD3418D71CDE24E8E077B42030F0A239B567E7956CF7AB5601BDE3C7E3EA52229A733B43DDDC4440D8B94E0BA315E910FEC98F32378
Malicious:	false
Reputation:	unknown
Preview:	*...#................version.1..namespace-e...o................next-map-id.1.Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/.0y.S_r................next-map-id.2.Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/.16.X:r................next-map-id.3.Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/.2.P.@o................next-map-id.4.Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/.346.+^...............Pnamespace-1d95df23_a38f_44a8_b732_4e62dd896a16-https://rna-resource.acrobat.com/....^...............Pnamespace-09c119c2_97bc_4467_8f67_f92472c9e5dc-https://rna-resource.acrobat.com/..?&a...............Snamespace-2a884c18_b39c_4e3d_942f_252e530ca4bd-https://rna-v2-resource.acrobat.com/_...a...............Snamespace-2e78bfda_7188_4688_a4aa_1ff81b6e5eaa-https://rna-v2-resource.acrobat.com/...o................next-map-id.5.Pnamespace-07af9ee9_2076_4f12_94b5_

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.185387580688829
Encrypted:	false
SSDEEP:
MD5:	553B387FF88C7A3575616792A3A98261
SHA1:	4E5844D208E1ED345DF92F3F268EAB2B70EA3523
SHA-256:	01A510497F2CE8D05211EE24D2C0A526850ECF4C61BAED116D3D5DDBC8FF8015
SHA-512:	F5869B0B173E30F164F81BE90D631DF93405FE21273E9C707C84689B6B58996AB98F3F0E4D4E235ADE2793A943A40E7C09BC6D2A356341E9364B297B6535F3A5
Malicious:	false
Reputation:	unknown
Preview:	2024/09/20-00:28:54.354 19b8 Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/MANIFEST-000001.2024/09/20-00:28:54.355 19b8 Recovering log #3.2024/09/20-00:28:54.358 19b8 Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage/000003.log .

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240920042857Z-162.bmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	PC bitmap, Windows 3.x format, 107 x -152 x 32, cbSize 65110, bits offset 54
Category:	dropped
Size (bytes):	65110
Entropy (8bit):	0.8748368884811276
Encrypted:	false
SSDEEP:
MD5:	FEB74B10E2A4B7D0FB4F67F8D0E1EA8C
SHA1:	EBF3104158D681AC01E4D9E6C3437A6879F2AB57
SHA-256:	BD2D679674D5E1C6FC57C8E01CD86207FBC1C953588C69AAAB6565F3699F8F88
SHA-512:	0EC546C7C6696CC91B2D10B200BEFD5A9FB046725804946E22522CEEDE5E8642F00F738AECA6D540F91BB8CE2EF9A6C28AE2D7C0949817B52E6CA30736633B08
Malicious:	false
Reputation:	unknown
Preview:	BMV.......6...(...k...h..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 2, database pages 14, cookie 0x5, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	3.291927920232006
Encrypted:	false
SSDEEP:
MD5:	A4D5FECEFE05F21D6F81ACF4D9A788CF
SHA1:	1A9AC236C80F2A2809F7DE374072E2FCCA5A775C
SHA-256:	83BE4623D80FFB402FBDEC4125671DF532845A3828A1B378D99BD243A4FD8FF2
SHA-512:	FF106C6B9E1EA4B1F3E3AB01FAEA21BA24A885E63DDF0C36EB0A8C3C89A9430FE676039C076C50D7C46DC4E809F6A7E35A4BFED64D9033FEBD6121AC547AA5E9
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.......1........T...U.1.D............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	16928
Entropy (8bit):	1.213071245460503
Encrypted:	false
SSDEEP:
MD5:	E21BDD3E892E39782DE4AD8603F70F31
SHA1:	B919E019AA255A65AC5776D96C7C900AF55F33A9
SHA-256:	C68BB4A29C967FDA40D2518435489B42116A0246D2A1411B0BB49EDC6AD11DBB
SHA-512:	0F36FBC3155DF6F0D53FEC2ED41F33126EFFBA31273141C47DCA4E02F6EB7EF25EA68FA7EE1E1DA16053A8F1F613DB443AFCBEE5ACB958B8B03A99FDEE073B21
Malicious:	false
Reputation:	unknown
Preview:	.... .c.....HC.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Certificate, Version=3
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	7.705940075877404
Encrypted:	false
SSDEEP:
MD5:	0CD2F9E0DA1773E9ED864DA5E370E74E
SHA1:	CABD2A79A1076A31F21D253635CB039D4329A5E8
SHA-256:	96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
SHA-512:	3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
Malicious:	false
Reputation:	unknown
Preview:	0..k0..S............@.YDc.c...0....H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0....H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.\|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I......A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.\|C.t..t.....0.[q6....00\H..;..}`...).........A.......\|.;F.H..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..\|o..;.....'...}~.."......

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	unknown
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	dropped
Size (bytes):	192
Entropy (8bit):	2.756901573172974
Encrypted:	false
SSDEEP:
MD5:	108C4ECAF8CA9FD5F8E890F06016CDA1
SHA1:	7FA97FEF2D03B62DBBD5129188B952E7A773C3B7
SHA-256:	68B9B129F1E986C19CBF6731FCD4D5D0360F6FF176B0A375652566750D9E64D1
SHA-512:	4E12DD059D9EF70C58C2464B38EC4E5747C82B34EE1D5892BD2CE14E29F1069CF9A93648ECC95B4CD201815B458E0F9F0B75D0E3A4B01D012640E6724D2CC2A7
Malicious:	false
Reputation:	unknown
Preview:	p...... ........Z.:.....(....................................................... ..........W....................o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".6.4.c.d.6.6.5.4.-.5.6.f."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.136375242144002
Encrypted:	false
SSDEEP:
MD5:	A657F657487F1EBA5B998F49B21DB12D
SHA1:	8781094ECC31D836817A2C606AE2B392DC3E7D7D
SHA-256:	220E12010029F72736A95F917B66F73ED28104B48735E4E6B55B478EAFC4A085
SHA-512:	A0479477B4F71A4D19EAF52212D1FE668D3383809B8D9E1FD529696A76483B6638C00B8B507155288006F16B335D3CF06F44963AEEE6A71124605386762EB51A
Malicious:	false
Reputation:	unknown
Preview:	p...... ........d.......(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	295
Entropy (8bit):	5.370048236160699
Encrypted:	false
SSDEEP:
MD5:	2388F022B3021B3B923C97282FA428E0
SHA1:	643CB5AC3BDB762559BD847B94F5A3CF9F5116EA
SHA-256:	2A9D727CB762431D97E99F4D995EFFDE17D44D8EAD0A59FCA5B829AF22F5745F
SHA-512:	FCB57E6320E1A2CF429491B37251444794E9D47F6839F59C7BC29A912C1650A9FADBDDB1BF9B270DA90FD3B594BA53D757D6D11BB09119353CD64EE8F4531D73
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"ACROBAT_READER_MASTER_SURFACEID","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.319970052922619
Encrypted:	false
SSDEEP:
MD5:	FB11075F821E3EFA356B0560D925674B
SHA1:	26998D75A2D529554DDB5BB61936B25F1CAEF445
SHA-256:	99D1DECB1081EF9F2AB89CFCD955D27AB1C8CC4219ECFD1310D0B71CA7FC18CD
SHA-512:	C3F1AC374FEA70C09366013DCE08E5DD86E95D1C4E4AAB7EC616889407066D9579EC2274C9DA7D0AB7F8BF5A83145BCB35F04856655953DEE506A52E0BD2D010
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_FirstMile_Home_View_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	294
Entropy (8bit):	5.2971354067678
Encrypted:	false
SSDEEP:
MD5:	6C93020FDA2A65A5493080F80733419D
SHA1:	7E03C84C13FF60AEA930927FE3D816F7AF01E8F6
SHA-256:	AE30061DA6FB787B9822422B91DAECD54CA96800DBDA1EAE542BE3858E324BAA
SHA-512:	79C1BE2F4855C66614581D8402F07F80A079C252C8899A8F9A8CFF249B1D19C3B95565F29C355C091691FF9AAC33A265A6FCB4944C86C22862C6F4CA89661A26
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_FirstMile_Right_Sec_Surface","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	285
Entropy (8bit):	5.358662981036554
Encrypted:	false
SSDEEP:
MD5:	BFED8CE8906E5BCB222D60110B3F774E
SHA1:	5E6A6332D0D4D7750A786230E79BC5903F14A9C6
SHA-256:	19A3079A8A06C128C3B82AAD1CE52F34BACB5776B51318F7D1EA6CA7B506426F
SHA-512:	00CD684A713D27B5B2DA2E66F1E88CC4A1F79E4C8A1B2494BDF999E0813F52A74250C28434B8EF1A3D58CC96043F7CC05C1C6094DDE9754614A6A989B126DFB7
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_READER_LAUNCH_CARD","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1063
Entropy (8bit):	5.670431133680554
Encrypted:	false
SSDEEP:
MD5:	96E11D611059D28B626A2BFD680125AB
SHA1:	1664E6A40BAE8E55D4392E6ADD07A9E9D44087D6
SHA-256:	383EC2BA538DCDA24224352EBA85041A29D797D43322BCF2979C995B91AAA8FD
SHA-512:	8EBAEF750C0AF64C734874E4BDE72C0A9A2698D3FF24AB8D87A5A7EFC9DD95DD03378856C51DD390639D32752F5D9DF8AFB146C3FF775F9AC4F549331674B0B6
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_Convert_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Convert_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_2","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"afb9c2a3-eaf4-41f9-9d73-768e72f72282","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Convert_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQgZmlsZXMgdG8gYW5kIGZyb20gUERGXG53aXRob3V0IGxpbWl0cy4ifSwidGNhdElkIjpudWxsfQ==","dataType":"application\/json","encodingSc

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1050
Entropy (8bit):	5.653349485527221
Encrypted:	false
SSDEEP:
MD5:	D7BEA7474DE1A1E2C57C2AB140E987C8
SHA1:	30C53FAB4F65605A96C097647471CD5635C52EBE
SHA-256:	78ACC69236C8741125B1AAE038744656A73C22136F38F2EF669725AB55DC9B06
SHA-512:	7978DDD3C6A07EF72F741EA8955DBB3C09C9C720890D1D2CC1F94701EC244238510EFF51931A579013FFF2B2DA3D5F69E4CEEB05B32A10F15B70354C72C77AA4
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Disc_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_0","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"0924134e-3c59-4f53-b731-add558c56fec","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Disc_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkNvbnZlcnQsIGVkaXQgYW5kIGUtc2lnblxuZm9ybXMgJiBhZ3JlZW1lbnRzLiJ9LCJ0Y2F0SWQiOm51bGx9","dataType":"application\/json","encodingScheme":true},"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	292
Entropy (8bit):	5.3096330408249575
Encrypted:	false
SSDEEP:
MD5:	3E03A6EFF02A9007E7B46F58AFD37C71
SHA1:	0B921F1126F9D2371A95CB877030CBDD45CEAA48
SHA-256:	79025ACF21B4B2962CF85236BD0623F2921D9FF016FF82EC722A70F300C0DC97
SHA-512:	A4D48480760A94639CAF83C8FE6CC7BC3540D154A4C4EA0971B54165C306F63FB9253C1DDF206CA5BB23283AA2A661A0CF5238F9641FE4CD8F893BF0E13AB979
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_Disc_LHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1038
Entropy (8bit):	5.649190833550366
Encrypted:	false
SSDEEP:
MD5:	13685E45C803042AA37176C7C27BD88E
SHA1:	AD2661481A2FAC53D632874C21A61145AEEB56B9
SHA-256:	448F30C8819C62D7C5A48FBA8F92471465562AC510819A7CC5713D5833048B00
SHA-512:	69E643FC5BB99A9C0C562A8759631CE00C29C3EF06D602E2BEC84AD95EDB10A80D75B1E34914B46A6200A879AF696ECE5D111899A766FB5B0FDCE61EA286785D
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_Edit_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Edit_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_1","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"49d2f713-7aa9-44db-aa50-0a7a22add459","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Edit_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IkVkaXQgdGV4dCwgaW1hZ2VzLCBwYWdlcywgYW5kIG1vcmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme":true},"endDTS":1744

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1164
Entropy (8bit):	5.69936921824815
Encrypted:	false
SSDEEP:
MD5:	AC698D4DA99A234D9942445F42F1279A
SHA1:	8B3D71C91E7CC0A09580BD60CCEC837B8F32AF18
SHA-256:	0A086E7ED713605D13E7278B81BEE7613002F6CA5C667DB7B3F69FD8E60E1ACD
SHA-512:	FB2B47B912708DB913C29E5A8E5BF3BEED02298F91C478E4600645050246135C31496DB632CC593C0ADBC002D88C1D1B75581F1EBB87CFBEF6838DAC13DA7CC6
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_Home_LHP_Trial_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Home_LHP_Trial_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85531_264848ActionBlock_0","campaignId":85531,"containerId":"1","controlGroupId":"","treatmentId":"ee1a7497-76e7-43c2-bb63-9a0551e11d73","variationId":"264848"},"containerId":1,"containerLabel":"JSON for DC_Reader_Home_LHP_Trial_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IlRyeSBBY3JvYmF0IFBybyJ9LCJ1aSI6eyJ0aXRsZV9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjE1cHgiLCJmb250X3N0eWxlIjoiMCJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEzcHgiLCJmb250X3N0eWxlIjoiLTEifSwidGl0bGUiOiJGcmVlIHRyaWFsIiwiZGVzY3JpcHRpb24iOiJHZXQgdW5saW1pdGVkIGFjY2VzcyB0b1xucHJlbWl1bSBQREYgYW5kIGUtc2lnbmluZ1xudG9vbHMuIn0sImJhbm5lcl9zdHlsaW5nIjo

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.314860120466119
Encrypted:	false
SSDEEP:
MD5:	0B524900FEBA1A9A4BD71C7F86B3C26E
SHA1:	97DD079D05F19086CFE5478339D82572F6B69D07
SHA-256:	E2A23B45A4616361B3510B9F58C350C47675886307BC3084D166114D3711C3B2
SHA-512:	2BD6CE66B30DEF2DFF1E85594C11E156D01AE20412CCE9AEC90ACB9DD9FE37DBFCB48DE54FE8288E6B90AC5A46BFA5A2D8547F603BF8B457A3CB37E551CCAE89
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_More_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1395
Entropy (8bit):	5.77517144514389
Encrypted:	false
SSDEEP:
MD5:	80ED96479F378213AD8A224868BF1784
SHA1:	4338D866496E6CB2EB07727BD9F7C697B111D5BB
SHA-256:	AAB736FD296588080243F952E43830AAC09FAE7890E3ADB74936906A7D715269
SHA-512:	11C025692653D25DB5A8D149EA682DFD4705C4ABF9356737D964F921FC98B74399B67DFF3914B7923742C22AC309EEF594DF5FD9A3470A48E34902C120FB6EE1
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_RHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_RHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"57802_176003ActionBlock_0","campaignId":57802,"containerId":"1","controlGroupId":"","treatmentId":"d0374f2d-08b2-49b9-9500-3392758c9e2e","variationId":"176003"},"containerId":1,"containerLabel":"JSON for Reader DC RHP Banner","content":{"data":"eyJjdGEiOnsidHlwZSI6ImJ1dHRvbiIsInRleHQiOiJGcmVlIDctRGF5IFRyaWFsIiwiZ29fdXJsIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9wcm94eS9wcmljaW5nL3VzL2VuL3NpZ24tZnJlZS10cmlhbC5odG1sP3RyYWNraW5naWQ9UEMxUFFMUVQmbXY9aW4tcHJvZHVjdCZtdjI9cmVhZGVyIn0sInVpIjp7InRpdGxlX3N0eWxpbmciOnsiZm9udF9zaXplIjoiMTQiLCJmb250X3N0eWxlIjoiMyJ9LCJkZXNjcmlwdGlvbl9zdHlsaW5nIjp7ImZvbnRfc2l6ZSI6IjEyIiwiZm9udF9zdHlsZSI6IjMifSwidGl0

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.298305086727844
Encrypted:	false
SSDEEP:
MD5:	A61891F1C9E988605AC62CB2868872B5
SHA1:	D91D189701FF6DDCB2F455761D96A9F6D3EF3A0E
SHA-256:	035CA5102FCCEEA3E3BB4E294D75EF180FE1E88D062615E3929D2AAF77A11698
SHA-512:	454057C71E5748BABFB5FEF4C7EDE3BB2EE513A960854CDC1F3171A77E9912067FD68DB24C661D4D961FFD4B42874370712B5BDDD253E38506635DFE6EB0BD5F
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_RHP_Intent_Banner","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	287
Entropy (8bit):	5.301242343209648
Encrypted:	false
SSDEEP:
MD5:	CFCE421C35FCB5271659B08D56A409E7
SHA1:	46C00041098371E8D37A8A604DD5632FC0835576
SHA-256:	A145D3455143887B6E8FC330C843D96BBACD5EFBFF17144746B082A087FEB605
SHA-512:	B734E4D202551924E942E98AEA84CCA93A4DE2AB9B12F573BB795A639845F38E96BF2B8A5F37A709A6B083A4FD81EF7E494973FBA4563F68282687E67700304E
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_RHP_Retention","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1058
Entropy (8bit):	5.657599723902987
Encrypted:	false
SSDEEP:
MD5:	B6DB1AD9CFF0BD264E984B57EEE9CD42
SHA1:	A98DC311EB11232226D28911D697F06DF7AB85FE
SHA-256:	B78CD6515A9BA1F69004C9C8617A7F1DA8C79E64A0724B15BE6D41504F6FABE0
SHA-512:	936C622AA88630CD59008FF73304CB869D6F603153620FF85FC069A7A3C4D6ED8AD3C5EBFF00F9FAB33C4642428085C3934B36FFCAD15688953A918E80D4CC09
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_Sign_LHP_Banner","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"DC_Reader_Sign_LHP_Banner"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"85534_264855ActionBlock_3","campaignId":85534,"containerId":"1","controlGroupId":"","treatmentId":"ece07729-7db6-4f20-9f8d-7976ad373049","variationId":"264855"},"containerId":1,"containerLabel":"JSON for DC_Reader_Sign_LHP_Banner","content":{"data":"eyJjdGEiOnsidGV4dCI6IkZyZWUgdHJpYWwifSwidWkiOnsidGl0bGVfc3R5bGluZyI6eyJmb250X3NpemUiOiIxNHB4IiwiZm9udF9zdHlsZSI6IjAifSwiZGVzY3JpcHRpb25fc3R5bGluZyI6eyJmb250X3NpemUiOiIxMnB4IiwiZm9udF9zdHlsZSI6Ii0xIn0sInRpdGxlIjpudWxsLCJkZXNjcmlwdGlvbiI6IlNlbmQgZG9jdW1lbnRzICYgZm9ybXNcbmZvciBmYXN0IGUtc2lnbmluZyBvbmxpbmUuIn0sInRjYXRJZCI6bnVsbH0=","dataType":"application\/json","encodingScheme"

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	286
Entropy (8bit):	5.276124271322391
Encrypted:	false
SSDEEP:
MD5:	D084AD0D0170900A52171623FBDCF0F3
SHA1:	2D07BAB772A8FED693459656534EB86C292F314C
SHA-256:	B333DE5021EFA221A227373D424BD12E2F63C453B742251FA3FBD5A32B93CADF
SHA-512:	997E80A89BF3C03C66D327F124E32C806F745690B0388AD1784B4548B6492B086DF622E56AC93272FD6D6FC06577D6F3194C703FFF5A53F85E598C0F38DE29D9
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"DC_Reader_Upsell_Cards","surfaceObj":{"SurfaceAnalytics":{},"containerMap":{}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	782
Entropy (8bit):	5.366837736711368
Encrypted:	false
SSDEEP:
MD5:	F46D25C16406CEED2A62A75CA8DC94DB
SHA1:	B8E6765A9007F648D4AAB63C100F6ED2613FF94F
SHA-256:	A9491B84DFE090B78D1FFB23151D6FA7F87ABCBC8D71D466A7FEF8CF7EBD9A3D
SHA-512:	CC0C84F0FD4ACCCF32B7E184E46C98A9A5F7CC877CC7DB4930F13ED2EE2036DF3A63A1B78490A221E10445A0BA0C245C83FC4F52E2EB8835F92AD27CA7BC937C
Malicious:	false
Reputation:	unknown
Preview:	{"analyticsData":{"responseGUID":"006014c8-1df5-41d6-9b00-1d4c7cc13f89","sophiaUUID":"5E8BF9F5-1E3B-447C-A619-6054B1C06D0A"},"encodingScheme":true,"expirationDTS":1726981319655,"statusCode":200,"surfaceID":"Edit_InApp_Aug2020","surfaceObj":{"SurfaceAnalytics":{"surfaceId":"Edit_InApp_Aug2020"},"containerMap":{"1":{"containerAnalyticsData":{"actionBlockId":"20360_57769ActionBlock_0","campaignId":20360,"containerId":"1","controlGroupId":"","treatmentId":"3c07988a-9c54-409d-9d06-53885c9f21ec","variationId":"57769"},"containerId":1,"containerLabel":"JSON for switching in-app test","content":{"data":"eyJ1cHNlbGxleHBlcmltZW50Ijp7InRlc3RpZCI6IjEiLCJjb2hvcnQiOiJicm93c2VyIn19","dataType":"application\/json","encodingScheme":true},"endDTS":1735804679000,"startDTS":1726806539686}}}}

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	data
Category:	dropped
Size (bytes):	4
Entropy (8bit):	0.8112781244591328
Encrypted:	false
SSDEEP:
MD5:	DC84B0D741E5BEAE8070013ADDCC8C28
SHA1:	802F4A6A20CBF157AAF6C4E07E4301578D5936A2
SHA-256:	81FF65EFC4487853BDB4625559E69AB44F19E0F5EFBD6D5B2AF5E3AB267C8E06
SHA-512:	65D5F2A173A43ED2089E3934EB48EA02DD9CCE160D539A47D33A616F29554DBD7AF5D62672DA1637E0466333A78AAA023CBD95846A50AC994947DC888AB6AB71
Malicious:	false
Reputation:	unknown
Preview:	....

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2818
Entropy (8bit):	5.139182769277708
Encrypted:	false
SSDEEP:
MD5:	20FC632BB6BFFD97CC52D7A6E2E946E1
SHA1:	84E01A60E8E8197DEA0E938DC11D699D6CAAFB35
SHA-256:	A19FF5E8A5CF14AA0BAB63EBC772EF15B8274D7CC57A1F1906EBC27F53087C4E
SHA-512:	921F2AF432EB57A5BFE963D61DB46D07B28E8209574CE48A3A9408F7FBA52C4B29F75196C03522893526B5D73708CA160A9194A215C36BCEF025EF8D8EDCE07E
Malicious:	false
Reputation:	unknown
Preview:	{"all":[{"id":"DC_Reader_Disc_LHP_Banner","info":{"dg":"59523243ab6c3310e8e0500b96921df4","sid":"DC_Reader_Disc_LHP_Banner"},"mimeType":"file","size":1050,"ts":1726806539000},{"id":"DC_Reader_Home_LHP_Trial_Banner","info":{"dg":"2250b6db8f2a2ca8e70eac416c52b211","sid":"DC_Reader_Home_LHP_Trial_Banner"},"mimeType":"file","size":1164,"ts":1726806539000},{"id":"DC_Reader_Sign_LHP_Banner","info":{"dg":"5e85bd17421b1d5ca062c343f191adf3","sid":"DC_Reader_Sign_LHP_Banner"},"mimeType":"file","size":1058,"ts":1726806539000},{"id":"DC_Reader_Convert_LHP_Banner","info":{"dg":"54394630a098c521fed207ef18652f7c","sid":"DC_Reader_Convert_LHP_Banner"},"mimeType":"file","size":1063,"ts":1726806539000},{"id":"DC_Reader_Edit_LHP_Banner","info":{"dg":"889c5796722536d37194607a800a3ef7","sid":"DC_Reader_Edit_LHP_Banner"},"mimeType":"file","size":1038,"ts":1726806539000},{"id":"Edit_InApp_Aug2020","info":{"dg":"6cc7328a972c6b6c68a174b675c4dc99","sid":"Edit_InApp_Aug2020"},"mimeType":"file","size":782,"ts":17

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite 3.x database, last written using SQLite version 3040000, file counter 19, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 19
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.987512592287281
Encrypted:	false
SSDEEP:
MD5:	000A37C5BEDCD1C21C3CF8542F78D32F
SHA1:	86F554C62EB8CCB7EEABE987E13C402969E8C221
SHA-256:	8DC57FFAE2F7B1015268539C7CD2C1C62FE51278C3F1392C95A066448F1A7513
SHA-512:	F8A2033FBB5EDA1D271EFBCBEDB7E0770934808780291F85293A189FB4A97AD28154550BBA7F9C76A3F6D10B1E1CB5829D22741DC040A593F2E1F227ADD73093
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................c.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	8720
Entropy (8bit):	1.3436424257433732
Encrypted:	false
SSDEEP:
MD5:	C1AEC8CC42D172711CE79197F39FDBA1
SHA1:	B7B2FCBD0AE5D6A42283E7C1DBD1E81C91EF48A9
SHA-256:	4169E0CA5CA16A303749D4AA0CF9EE128CEB8AD0077002AFB7AB1773106F2E38
SHA-512:	111D170B44865688B892FC3FBC7302582A2A2DACAC8DF92E377DDE240B46667D60FF0E60B12490DA85EDC9BF1181CE1C2D7BDE7FA37C92DE0B2F0682275CE9BF
Malicious:	false
Reputation:	unknown
Preview:	.... .c......\7.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................j...#..#.#.#.#.#.#.#.#.7.7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\MSIab782.LOG

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	246
Entropy (8bit):	3.493870954423123
Encrypted:	false
SSDEEP:
MD5:	4C0EC58F49BB667409F9630FE1070C48
SHA1:	5BED9ED43770D59C85C2EA4A99E55D2A5E78386D
SHA-256:	94A0EF0A1C57BE0CEF35AB102E703E4556634B2B88BC04BD766699664E4D6AF3
SHA-512:	300F4AB99EB297956E5DC83BCE24381ACD59CB01FB60AB78515F0A64E29BBAC620354E0A08BC72FC8DB4393FD3BE8C3B4E68DCBAA56B87D79AFF8CC51CE5F7FE
Malicious:	false
Reputation:	unknown
Preview:	..E.r.r.o.r. .2.7.1.1...T.h.e. .s.p.e.c.i.f.i.e.d. .F.e.a.t.u.r.e. .n.a.m.e. .(.'.A.R.M.'.). .n.o.t. .f.o.u.n.d. .i.n. .F.e.a.t.u.r.e. .t.a.b.l.e.......=.=.=. .L.o.g.g.i.n.g. .s.t.o.p.p.e.d.:. .2.0./.0.9./.2.0.2.4. . .0.0.:.2.9.:.0.1. .=.=.=.....

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-20 00-28-55-861.log

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with very long lines (393)
Category:	dropped
Size (bytes):	16525
Entropy (8bit):	5.353642815103214
Encrypted:	false
SSDEEP:
MD5:	91F06491552FC977E9E8AF47786EE7C1
SHA1:	8FEB27904897FFCC2BE1A985D479D7F75F11CEFC
SHA-256:	06582F9F48220653B0CB355A53A9B145DA049C536D00095C57FCB3E941BA90BB
SHA-512:	A63E6E0D25B88EBB6602885AB8E91167D37267B24516A11F7492F48876D3DDCAE44FFC386E146F3CF6EB4FA6AF251602143F254687B17FCFE6F00783095C5082
Malicious:	false
Reputation:	unknown
Preview:	SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="-------- Initializing session logs --------".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: No operating configs found".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:072+0200 ThreadID=6404 Component=ngl-lib_kOperatingConfig Description="GetRuntimeDetails: Fallback to NAMED_USER_ONLINE!!".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig: OS Name=WINDOWS_64, OS Version=10.0.19045.1".SessionID=ec4bacf2-5410-40d4-850b-5ac338f864f3.1696585143072 Timestamp=2023-10-06T11:39:03:073+0200 ThreadID=6404 Component=ngl-lib_NglAppLib Description="SetConfig:

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	29752
Entropy (8bit):	5.422021015309467
Encrypted:	false
SSDEEP:
MD5:	11A75424E4845A527B2C535B7E18B124
SHA1:	15A0187B80387E935509399F7D36468FF0B2CEC3
SHA-256:	6EAC78311A02B98474E14254B339F81C3AFC3761EAD9108D2E35DE0CE23A05A8
SHA-512:	CEE04813ABA3F3A6EFB9F80E13EDDDC2B41FE4758BE5C95CF57F663B6D75181F4A6C1662929B845AE4B84A2EB41F1A1C3A6D0947C59A3513387D7EE66A362B16
Malicious:	false
Reputation:	unknown
Preview:	06-10-2023 10:08:42:.---2---..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : *************************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : ***********************************..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : **** Starting new session ******..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Starting NGL..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : Setting synchronous launch...06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 ::::: Configuring as AcrobatReader1..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppVersion 23.6.20320.6..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : NGLAppMode NGL_INIT..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : AcroCEFPath, NGLCEFWorkflowModulePath - C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1 C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow..06-10-2023 10:08:42:.AcroNGL Integ ADC-4240758 : isNGLExternalBrowserDisabled - No..06-10-2023 10:08:42:.Closing File..06-10-

C:\Users\user\AppData\Local\Temp\acrocef_low\19a65df3-076f-4a5d-bb57-2818621bc6c4.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
Category:	dropped
Size (bytes):	1419751
Entropy (8bit):	7.976496077007677
Encrypted:	false
SSDEEP:
MD5:	0A347312E361322436D1AF1D5145D2AB
SHA1:	1D6C06A274705F8A295F62AD90CF8CA27555C226
SHA-256:	094501B3CA4E93F626ABFCAE800645C533B61409DC3D1D233F4D053CE6A124D7
SHA-512:	9856C231513B47DD996488DF19EEE44DBB320E55432984C0C041EF568B6EC5C05F5340831132890D1D162E0505CA243D579582EDB9157CF722A86EC8CE2FEAFE
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\42ab28c7-f233-49a6-8fbe-9884a9fa1bc7.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
Category:	dropped
Size (bytes):	386528
Entropy (8bit):	7.9736851559892425
Encrypted:	false
SSDEEP:
MD5:	5C48B0AD2FEF800949466AE872E1F1E2
SHA1:	337D617AE142815EDDACB48484628C1F16692A2F
SHA-256:	F40E3C96D4ED2F7A299027B37B2C0C03EAEEE22CF79C6B300E5F23ACB1EB31FE
SHA-512:	44210CE41F6365298BFBB14F6D850E59841FF555EBA00B51C6B024A12F458E91E43FDA3FA1A10AAC857D4BA7CA6992CCD891C02678DCA33FA1F409DE08859324
Malicious:	false
Reputation:	unknown
Preview:	...........]s[G. Z...{....;...J$%K&..%.[..k...S....$,.`. )Z..m........a.......o..7.VfV...S..HY}Ba.<.NUVVV~W.].;qG4..b,N..#1.=1.#1..o.Fb.........IC.....Z...g_~.OO.l..g.uO...bY.,[..o.s.D<..W....w....?$4..+..%.[.?..h.w<.T.9.vM.!..h0......}..H..$[...lq,....>..K.)=..s.{.g.O...S9".....Q...#...+..)>=.....\|6......<4W.'.U.j$....+..=9...l.....S..<.\.k.'....{.1<.?..<..uk.v;.7n.!...g....."P..4.U........c.KC..w._G..u..g./.g....{'^.-\|..h#.g.\.PO.\|...]x..Kf4..s..............+.Y.....@.K....zI..X......6e?[..u.g"{..h.vKbM<.?i6{%.q)i...v..<P8P3.......CW.fwd...{:@h...;........5..@.C.j.....a.. U.5...].$.L..wW....z...v.......".M.?c.......o..}.a.9..A..%V..o.d....'..\|m.WC.....\|.....e.[W.p.8...rm....^..x'......5!...\|......z..#......X_..Gl..c..R..`...*.s-1f..]x......f...g...k........g....... ).3.B..{"4...!r....v+As...Zn.]K{.8[..M.r.Y..........+%...]...J}f]~}_..K....;.Z.[..V.&..g...>...{F..{I..@~.^.\|P..G.R>....U..../HY...(.z.<.~.9OW.Sxo.Y

C:\Users\user\AppData\Local\Temp\acrocef_low\757606f4-5de3-4792-ad6c-effddf94c603.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
Category:	dropped
Size (bytes):	1407294
Entropy (8bit):	7.97605879016224
Encrypted:	false
SSDEEP:
MD5:	1D64D25345DD73F100517644279994E6
SHA1:	DE807F82098D469302955DCBE1A963CD6E887737
SHA-256:	0A05C4CE0C4D8527D79A3C9CEE2A8B73475F53E18544622E4656C598BC814DFC
SHA-512:	C0A37437F84B4895A7566E278046CFD50558AD84120CA0BD2EAD2259CA7A30BD67F0BDC4C043D73257773C607259A64B6F6AE4987C8B43BB47241F3C78EB9416
Malicious:	false
Reputation:	unknown
Preview:	...........[.s.8..}.....!#..gw.n.`uNl.f6.3....d%EK.D["...#.......!)...r.$.G.......Z..u.._>.~....^e..<..u..........._D.r.Z..M.:...$.I..N.....\`.B.wj...:...E\|.P..$ni.{.....T.^~<m-..J....RQk....f.....q.......V.rC.M.b.DiL\.....wq....$&j....O.........~.U.+..So.]..n..#OJ..p./..-......<...5..WB.O....i....<./T.P.L.;.....h.ik..DT...<...j..o..fz~..~."...w&.fB...4..@[.g.......Y.>/M.".....-..N.{.2.....\....h..ER..._..(.-..o97..[.t:..>..W..0.....u...?.%...1u..fg..`.Z.....m ~.GKG.q{.vU.nr..W.%.W..#z..l.T......1.....}.6......D.O...:....PX.........R.....j.WD).M..9.Fw...W.-a..z.l\..u.^....L..^.`.T...l.^.B.DMc.d....i...o.\|M.uF\|.nQ.L.E,.b!..NG.....<...J......g.o....;&5..'a.M...l..1.V.iB2.T._I....".+.W.yA ._.......<.O......O$."C....n!H.L`..q.....5..~./.._t.......A....S..3........Q[..+..e..P;...O...x~<B........'.)...n.$e.m.:...m.....&..Y.".H.s....5.9..A5)....s&.k0,.g4.V.K.,.e....5...X.}6.P....y\.s\|..Si..BB..y...~.....D^g...7'T-.5.!K.$\...2.

C:\Users\user\AppData\Local\Temp\acrocef_low\8c748172-416e-47de-9c93-9c03dc8e1c70.tmp

Download File

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
Category:	dropped
Size (bytes):	758601
Entropy (8bit):	7.98639316555857
Encrypted:	false
SSDEEP:
MD5:	3A49135134665364308390AC398006F1
SHA1:	28EF4CE5690BF8A9E048AF7D30688120DAC6F126
SHA-256:	D1858851B2DC86BA23C0710FE8526292F0F69E100CEBFA7F260890BD41F5F42B
SHA-512:	BE2C3C39CA57425B28DC36E669DA33B5FF6C7184509756B62832B5E2BFBCE46C9E62EAA88274187F7EE45474DCA98CD8084257EA2EBE6AB36932E28B857743E5
Malicious:	false
Reputation:	unknown
Preview:	...........kWT..0...W`.........b..@..nn........5.._..I.R3I..9g.x....s.\+.J......F...P......V]u......t....jK...C.fD..]..K....;......y._.U..}......S.........7...Q.............W.D..S.....y......%..=.....e..^.RG......L..].T.9.y.zqm.Q]..y..(......Q]..~~..}..q...@.T..xI.B.L.a.6...{..W..}.mK?u...5.#.{...n...........z....m^.6!.`.....u...eFa........N....o..hA-..s.N..B.q..{..z.{=..va4_`5Z........3.uG.n...+...t...z.M."2..x.-...DF..VtK.....o]b.Fp.>........c....,..t..an[............5.1.(}..q.q......K3.....[>..;e..f.Y.........mV.cL...]eF..7.e.<.._.o\.S..Z...`..}......>@......\|.......ox.........h.......o....-Yj=.s.g.Cc\.i..\..A.B>.X..8`...P......[..O...-.g...r..u\...k..7..#E....N}...8.....(..0....w....j.......>.L....H.....y.x3...[>..t......0..z.qw..]X..i8..w.b..?0.wp..XH.A.[.....S..g.g..I.A.15.0?._n.Q.]..r8.....l..18...(.].m...!\|G.1...... .3.`./....`~......G.............\|..pS.e.C....:o.u_..oi.:..\|....joi...eM.m.K...2%...Z..j...VUh..9.}.....

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 20 03:29:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.983172957750133
Encrypted:	false
SSDEEP:
MD5:	C1A0E84E31BD1C74952E4115B4DE0562
SHA1:	9F838C409D4F98378B0D438662C736289EF2F8FB
SHA-256:	D299DA3CC5DD38B3BF1C1666C2317E611CF400E01BB02EC771218C581A06A15E
SHA-512:	589258082E0775C13667D3811B0228885B1084A502123A5B0A15BA2E8C0A9506DFD08268E6A0E9DA4ED4CFDE3C994C04B306DD11A5DCCBDF0CD66344BFBB9246
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y.#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y.#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y.#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V4Y.#...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 20 03:29:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	3.9958845055676773
Encrypted:	false
SSDEEP:
MD5:	841C3A9243B5AD28D4BEBD393CA4BE9D
SHA1:	7A986AEF191D0781D709959F67D2C75FDBA062CA
SHA-256:	75FC45FD79FE21A90F4BFFEB2DD7F08E7AC35665A355B1D87D2BF476B5D99EF2
SHA-512:	2905A32F8E82840EDAA7827B1178B85E295D4E489E183D83B6CCC081EA6A3DE0E1C8975C225894144ECD6F2AE31DF81FF24B6CB23FFA1CC7EC23A77B1B6F4118
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....Cf......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y.#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y.#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y.#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V4Y.#...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.006708603621057
Encrypted:	false
SSDEEP:
MD5:	3F7475BDC0B38A032877E73598C2CAEE
SHA1:	E99FD8EE7503B371AF03DAC1389FBDCB0468E2C9
SHA-256:	6C73CB50D5FE39F2F5517B380AAAC12302441E3A88772D167129588D5220373F
SHA-512:	F0735CE8960895F72F32194D3CF5D581594A5C8F5C8E248918BAF65D8ADD84463CD7A09F6C21778A6166518EFE739166ADE8660896AF9162F01DEDDFD41F0544
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y.#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y.#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y.#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 20 03:29:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.994622635527335
Encrypted:	false
SSDEEP:
MD5:	EED79D6251AE67D8BCB9CB013C4B98F7
SHA1:	E0A54CB41253749EEBEF8B5CB64622A4DA5AA6E4
SHA-256:	D2D6C7E3B6DCB71DF5F6E03EF308A3C22D79BAB6825C7A45D0F2F4C17F62F23C
SHA-512:	813BD5CE8F49DD4B99C9C353B4EBE5DB748FF322F5C1593D8556F4862CC6516AC2952A71CE894EFB5600C1AB922BBF6F9C8705F315BF157D4268DF7914A7B8B6
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....r......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y.#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y.#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y.#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V4Y.#...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 20 03:29:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985920440752801
Encrypted:	false
SSDEEP:
MD5:	59343616EF6E2BF85D1FA97D312D42B4
SHA1:	B1DD25460EFDF713198E86CC02C6D9D842557CC2
SHA-256:	09494D6C16C849FF8E1108C8BC6024DF659A89F14E0888E2D8BE3A385D7ECC13
SHA-512:	66860A2F21A24984D6E9ECA6FF12A148C886D8F09D99253821F0FE1DD2C3417DED079A7A2898F65388C4C08396548DA6A6A4CE291B46EC9E3A8A1373D420CB5C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....D......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y.#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y.#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y.#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V4Y.#...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 20 03:29:32 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.99564454918042
Encrypted:	false
SSDEEP:
MD5:	1EF3F7FA3DA5E075464318F217068FE5
SHA1:	015ADCA17150A5B8C71C4866B210CB24C83FDE5B
SHA-256:	BEBE97E38A7CAA8E0F7A6D3C47785AB4EEE6D587CB5080C329C6C35EF93CC8E8
SHA-512:	3A9F94A647DD684000E873413EB65F8EA90DAF166A2D072AEB0F31CCACD18514792B836F2144C9F6AB9926355E817B6381D72F3C79E8269F9E610DA3116E59DC
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I4Y.#....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V4Y.#....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V4Y.#....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V4Y.#..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V4Y.#...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............e.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Static File Info

General

File type:	PDF document, version 1.4, 3 pages
Entropy (8bit):	7.983421696185147
TrID:	Adobe Portable Document Format (5005/1) 100.00%
File name:	Biolegend.com_Report_93129.pdf
File size:	220'029 bytes
MD5:	11933b242bac81dabf26ed3187f3ffd5
SHA1:	0cd313a8d48265e93f0b1b1a67f913ea125bf70b
SHA256:	23b84c577227ff563e2555ff5c31f5609d232d9fd2d28ca8a23225565d245e93
SHA512:	1b595b250e41c7755b028973b38e537fcb980665c1a6a76d0efd39082c2fc4d516c6f665b333de7c74c17d60eb54fc5703537a62ac72915436b65399dd0d37de
SSDEEP:	3072:D5aZsOsNqVe++7b2CWoMeOogaZMneW6LXO9C7No0iOazTATd3crveHqngpV5nFV3:sZhY6k2CTBgmMneLS9W3KGQgRnnENSAK
TLSH:	B22412EFE009671CD5ED0BF0CE1B4FD0615EB2A34AB75B820E2C60519ACC12A5A5F5E3
File Content Preview:	%PDF-1.4.............. ! . ..... . . . . . . ........ . ! a ; k1) X g z - lo. LC 5\| ar ~7& ( `_E 7l tIZ{6\ #j w UZG $ 4 8 ; g i (" M). _ -d 3 du`G} f * \ x k c :nVw3 >a S

File Icon


Icon Hash:	62cc8caeb29e8ae0

Static PDF Info

General
Header:	%PDF-1.4ÃƒÆ’\x90
Total Entropy:	7.983422
Total Bytes:	220029
Stream Entropy:	7.989982
Stream Bytes:	211546
Entropy outside Streams:	5.317423
Bytes outside Streams:	8483
Number of EOF found:	1
Bytes after EOF:

Keywords Statistics

Name	Count
obj	29
endobj	29
stream	10
endstream	10
xref	1
trailer	1
startxref	1
/Page	3
/Encrypt	0
/ObjStm	0
/URI	10
/JS	0
/JavaScript	0
/AA	0
/OpenAction	0
/AcroForm	0
/JBIG2Decode	0
/RichMedia	0
/Launch	0
/EmbeddedFile	0

Image Streams

ID	DHASH	MD5	Preview
7	0000000000000000	392b1602d46223fae97f2b6a62dac5bb
9	0000000000000000	cbf9a34dd2db3d73116b1d623808502c

Description:	Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems. Spearphishing with a link is a specific variant of spearphishing. It is different from other forms of spearphishing in that it employs the use of links to download malware contained in email, instead of attaching malicious files to the email itself, to avoid defenses that may inspect email attachments. Spearphishing may also involve social engineering techniques, such as posing as a trusted source.
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Google Workspace, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Biolegend.com_Report_93129.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

LLM Input / Output

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\9df3a770-3287-49b4-8e97-81478b0692d8.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State~RF5bc3e1.TMP (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\b7f888d4-e735-40c8-ad81-bc792cde4117.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240920042857Z-162.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Temp\MSIab782.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-09-20 00-28-55-861.log

Windows Analysis Report
Biolegend.com_Report_93129.pdf