Edit tour

Windows Analysis Report
https://acrobat.adobe.com/id/urn:aaid:sc:EU:d940c2ff-debb-48d2-b87d-f7b409a4774e

Overview

General Information

Sample URL:	https://acrobat.adobe.com/id/urn:aaid:sc:EU:d940c2ff-debb-48d2-b87d-f7b409a4774e
Analysis ID:	1541131
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

HTML body contains password input but no form action

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2124 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1732 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1760,i,9693317289183372214,3806923182761325238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6436 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://acrobat.adobe.com/id/urn:aaid:sc:EU:d940c2ff-debb-48d2-b87d-f7b409a4774e" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: chromecache_246.2.dr

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_c71df650-5

Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jsl...

HTTP Parser: Number of links: 0

HTTP Parser: <input type="password" .../> found but no <form action="...

HTTP Parser: <input type="password" .../> found

HTTP Parser: No <meta name="author".. found

HTTP Parser: No <meta name="copyright".. found

Source: chromecache_246.2.dr, chromecache_202.2.dr	String found in binary or memory: http://iso.org/pdf/ssn
Source: chromecache_246.2.dr, chromecache_202.2.dr	String found in binary or memory: http://iso.org/pdf2/ssn
Source: chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	String found in binary or memory: http://typekit.com/eulas/0000000000000000000176ff
Source: chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017701
Source: chromecache_147.2.dr, chromecache_258.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017702
Source: chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017703
Source: chromecache_147.2.dr, chromecache_258.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017704
Source: chromecache_147.2.dr, chromecache_258.2.dr	String found in binary or memory: http://typekit.com/eulas/000000000000000000017706
Source: chromecache_146.2.dr, chromecache_236.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_186.2.dr	String found in binary or memory: https://github.com/WebReflection/url-search-params/blob/master/README.md#ios-10--other-platforms-bug
Source: chromecache_220.2.dr	String found in binary or memory: https://ims-na1.adobelogin.com/
Source: chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	String found in binary or memory: https://p.typekit.net/p.gif
Source: chromecache_171.2.dr, chromecache_160.2.dr	String found in binary or memory: https://sso.behance.net/ims
Source: chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/
Source: chromecache_147.2.dr, chromecache_258.2.dr	String found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/
Source: chromecache_147.2.dr, chromecache_258.2.dr	String found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/
Source: chromecache_147.2.dr, chromecache_258.2.dr	String found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/
Source: chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/
Source: chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/

Source: classification engine

Classification label: clean1.win@17/216@0/43

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1760,i,9693317289183372214,3806923182761325238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://acrobat.adobe.com/id/urn:aaid:sc:EU:d940c2ff-debb-48d2-b87d-f7b409a4774e"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1760,i,9693317289183372214,3806923182761325238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	1 Archive Collected Data	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://p.typekit.net/p.gif	0%	URL Reputation	safe

Name	Source	Malicious	Antivirus Detection	Reputation
http://typekit.com/eulas/000000000000000000017704	chromecache_147.2.dr, chromecache_258.2.dr	false		unknown
https://sso.behance.net/ims	chromecache_171.2.dr, chromecache_160.2.dr	false		unknown
http://typekit.com/eulas/000000000000000000017706	chromecache_147.2.dr, chromecache_258.2.dr	false		unknown
http://www.apache.org/licenses/LICENSE-2.0	chromecache_146.2.dr, chromecache_236.2.dr	false		unknown
https://p.typekit.net/p.gif	chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	false	URL Reputation: safe	unknown
http://typekit.com/eulas/0000000000000000000176ff	chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	false		unknown
https://use.typekit.net/af/eaf09c/000000000000000000017703/27/	chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	false		unknown
http://typekit.com/eulas/000000000000000000017701	chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	false		unknown
http://typekit.com/eulas/000000000000000000017702	chromecache_147.2.dr, chromecache_258.2.dr	false		unknown
http://typekit.com/eulas/000000000000000000017703	chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	false		unknown
https://use.typekit.net/af/40207f/0000000000000000000176ff/27/	chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	false		unknown
https://github.com/WebReflection/url-search-params/blob/master/README.md#ios-10--other-platforms-bug	chromecache_186.2.dr	false		unknown
https://use.typekit.net/af/a2527e/000000000000000000017704/27/	chromecache_147.2.dr, chromecache_258.2.dr	false		unknown
http://iso.org/pdf2/ssn	chromecache_246.2.dr, chromecache_202.2.dr	false		unknown
https://use.typekit.net/af/74ffb1/000000000000000000017702/27/	chromecache_147.2.dr, chromecache_258.2.dr	false		unknown
https://ims-na1.adobelogin.com/	chromecache_220.2.dr	false		unknown
https://use.typekit.net/af/4b3e87/000000000000000000017706/27/	chromecache_147.2.dr, chromecache_258.2.dr	false		unknown
http://iso.org/pdf/ssn	chromecache_246.2.dr, chromecache_202.2.dr	false		unknown
https://use.typekit.net/af/cb695f/000000000000000000017701/27/	chromecache_147.2.dr, chromecache_264.2.dr, chromecache_258.2.dr, chromecache_194.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
3.236.206.93	unknown	United States	14618	AMAZON-AESUS	false
3.161.82.76	unknown	United States	16509	AMAZON-02US	false
52.215.98.41	unknown	United States	16509	AMAZON-02US	false
54.146.88.98	unknown	United States	14618	AMAZON-AESUS	false
52.209.185.35	unknown	United States	16509	AMAZON-02US	false
151.101.1.138	unknown	United States	54113	FASTLYUS	false
2.16.164.83	unknown	European Union	20940	AKAMAI-ASN1EU	false
13.224.189.18	unknown	United States	16509	AMAZON-02US	false
18.235.168.50	unknown	United States	14618	AMAZON-AESUS	false
184.28.89.29	unknown	United States	16625	AKAMAI-ASUS	false
54.227.187.23	unknown	United States	14618	AMAZON-AESUS	false
52.207.40.124	unknown	United States	14618	AMAZON-AESUS	false
104.18.32.195	unknown	United States	13335	CLOUDFLARENETUS	false
172.64.155.61	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.185.202	unknown	United States	15169	GOOGLEUS	false
63.140.62.222	unknown	United States	15224	OMNITUREUS	false
3.227.75.142	unknown	United States	14618	AMAZON-AESUS	false
23.22.254.206	unknown	United States	14618	AMAZON-AESUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
151.101.129.138	unknown	United States	54113	FASTLYUS	false
13.32.27.44	unknown	United States	7018	ATT-INTERNET4US	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
2.18.64.31	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
172.64.155.179	unknown	United States	13335	CLOUDFLARENETUS	false
162.159.140.165	unknown	United States	13335	CLOUDFLARENETUS	false
2.16.164.57	unknown	European Union	20940	AKAMAI-ASN1EU	false
54.195.71.107	unknown	United States	16509	AMAZON-02US	false
63.140.62.17	unknown	United States	15224	OMNITUREUS	false
54.77.72.255	unknown	United States	16509	AMAZON-02US	false
2.19.126.211	unknown	European Union	16625	AKAMAI-ASUS	false
64.233.167.84	unknown	United States	15169	GOOGLEUS	false
2.19.126.198	unknown	European Union	16625	AKAMAI-ASUS	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.66.0.163	unknown	United States	13335	CLOUDFLARENETUS	false
44.196.228.180	unknown	United States	14618	AMAZON-AESUS	false
52.5.13.197	unknown	United States	14618	AMAZON-AESUS	false
54.216.81.134	unknown	United States	16509	AMAZON-02US	false
52.48.129.25	unknown	United States	16509	AMAZON-02US	false
66.235.152.156	unknown	United States	15224	OMNITUREUS	false
34.120.195.249	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1541131
Start date and time:	2024-10-24 13:43:45 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 35s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://acrobat.adobe.com/id/urn:aaid:sc:EU:d940c2ff-debb-48d2-b87d-f7b409a4774e
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@17/216@0/43
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: https://acrobat.adobe.com/id/urn:aaid:sc:EU:d940c2ff-debb-48d2-b87d-f7b409a4774e

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65471)
Category:	dropped
Size (bytes):	95176
Entropy (8bit):	5.208849037179669
Encrypted:	false
SSDEEP:	1536:hyuxtnj+Atjp1CMojAzSGbaPs0VzM4Mse5+p4TRga/k2js8onV8RJvM+8:hyu1vCbkzdbaPs0VzM4Mse5+KTRgaM2A
MD5:	A779FE24792BA607572C7E8A0757B46B
SHA1:	48BB522274F89E1B4C58FEC9CFB91A726A17B284
SHA-256:	73AD85D7C7C2F31169826DCD257C4AB299AD85894F54D3499313692985EDD12C
SHA-512:	A02583F3E210333473A48852B55160F1E10EE944F4C96EE174DB97A2E52416E1BC421DF348795FEABE74C413C9ADABB6941E085AAA5CC089AF877A688A7F0475
Malicious:	false
Reputation:	low
Preview:	/! For license information please see dc-mobx.js.LICENSE.txt /.(()=>{var e={SDwO:(e,t,n)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),Object.defineProperty(t,"auth",{enumerable:!0,get:function(){return i.auth}}),Object.defineProperty(t,"locale",{enumerable:!0,get:function(){return a.locale}});var r,o=n("y986"),i=n("ewvR"),a=n("Ydhh"),s=(r=n("Z2FK"))&&r.__esModule?r:{default:r};(0,o.useStrict)(!0),window.adobe_dc_sdk.appLauncher.coreFunction().addProvider("asset",s.default.getInstance)},Z2FK:(e,t,n)=>{"use strict";function r(e){return r="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},r(e)}function o(e,t){for(var n=0;n<t.length;n++){var o=t[n];o.enumerable=o.enumerable\|\|!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(e,(void 0,i=function(e,t){if("object"!==r(e)\|\|null===e)return e;var n=e[Symb

Target ID:	0
Start time:	07:44:40
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	07:44:44
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1760,i,9693317289183372214,3806923182761325238,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	07:44:51
Start date:	24/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://acrobat.adobe.com/id/urn:aaid:sc:EU:d940c2ff-debb-48d2-b87d-f7b409a4774e"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1395
Entropy (8bit):	5.208290651600866
Encrypted:	false
SSDEEP:	24:tsWIKcRjJhKjY5AV8LVM3xjMAQilUK4clMMAk2iIlXQLxGMA9boilT7OQw/acW/E:fITjVKVUYpQvK47PBOm9cs3wSTW8m
MD5:	02AC94A5A07350ADB0D698C5064D4E1B
SHA1:	CD1777F9A9FC8C7D764C6538F8A0610B6E9F2829
SHA-256:	52CFE86EC6730241C530C5617099657F9B7561994CD257E50ACA4E60737851FD
SHA-512:	90D090E2A4DC7951DBA3526E625DB0C96DA913E18E91867A51D1CAB21CC63F4B93DC3CBF1ECE258549EAB10C8E1E6F66A37427C49E51537CE64CCA907AE5EABE
Malicious:	false
Reputation:	low
URL:	https://auth.services.adobe.com/img/social/sml-google-logo.svg
Preview:	<svg id="Button_-_Google" data-name="Button - Google" xmlns="http://www.w3.org/2000/svg" width="50" height="50" viewBox="0 0 50 50">. <rect id="Background" width="50" height="50" rx="25" fill="#fff"/>. <g id="Group_69890" data-name="Group 69890" transform="translate(13 10.771)">. <g id="logo_googleg_48dp" transform="translate(0 2.228)">. <path id="Shape" d="M20.52,9.818A13.788,13.788,0,0,0,20.3,7.364H9v4.642h6.458a5.52,5.52,0,0,1-2.395,3.622v3.011h3.878a11.7,11.7,0,0,0,3.578-8.82Z" transform="translate(3 2.455)" fill="#4285f4" fill-rule="evenodd"/>. <path id="Shape-2" data-name="Shape" d="M11.681,20.43a11.456,11.456,0,0,0,7.942-2.907l-3.878-3.011a7.24,7.24,0,0,1-10.778-3.8H.957v3.109A12,12,0,0,0,11.681,20.43Z" transform="translate(0.319 3.57)" fill="#34a853" fill-rule="evenodd"/>. <path id="Shape-3" data-name="Shape" d="M5.285,12.627a7.094,7.094,0,0,1,0-4.56V4.958H1.276a12.015,12.015,0,0,0,0,10.778l4.009-3.109Z" transform="translate(0 1.653)" fill="#fbbc05" fill-rul

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65467)
Category:	downloaded
Size (bytes):	304720
Entropy (8bit):	5.340823652665166
Encrypted:	false
SSDEEP:	6144:ZBcnAIK+6O91yP3uGPxUcQxbDMKcVaO/N77/7VSwxrx25Di1SJPOb595yBB9XXky:V4XoXlgg595yBB9XU6J
MD5:	2EA7D67DA6953C38FEF024AA28B264AF
SHA1:	71B6BC0E2C0F92AF60DED8260487F71CCE29DE3C
SHA-256:	84489E90CBCEC3D3A91F8EF2A2F4698643281E24755704DB92887E0BE3DD9611
SHA-512:	1235272EED7A7475EF123D7D3991FE3693128F92C4B3B39687C15E295C7A6D8E093038CC40C186A7D876FF8F31A893206CDBECB8087C413BAA3754CF89817EEB
Malicious:	false
Reputation:	low
URL:	https://acrobat.adobe.com/dc-core/3.52.0/dc-extras.js
Preview:	/! For license information please see dc-extras.js.LICENSE.txt /.(()=>{var e={JJN5:function(e){"use strict";var t;t=function(){return function(e){var t={};function n(o){if(t[o])return t[o].exports;var r=t[o]={exports:{},id:o,loaded:!1};return e[o].call(r.exports,r,r.exports,n),r.loaded=!0,r.exports}return n.m=e,n.c=t,n.p="",n(0)}([function(e,t,n){Object.defineProperty(t,"__esModule",{value:!0});var o=function(){function e(e,t){for(var n=0;n<t.length;n++){var o=t[n];o.enumerable=o.enumerable\|\|!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(e,o.key,o)}}return function(t,n,o){return n&&e(t.prototype,n),o&&e(t,o),t}}(),r=Object.assign\|\|function(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)Object.prototype.hasOwnProperty.call(n,o)&&(e[o]=n[o])}return e};t.default=function(e,t){var n=function(t){function n(e){!function(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}(this,n);var t=function(e,t){if(!e)thr

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1440, components 3
Category:	dropped
Size (bytes):	27957
Entropy (8bit):	7.15342121106909
Encrypted:	false
SSDEEP:	768:qEQm2Hm0wKFtz7ftElSYt9sx5BXvuwaUWW4i+KO1kPQsz/:qEb2Hm8FztxzXW/i+cYsz/
MD5:	C6A4E9DAFF28FFE09453A56AD56C6C84
SHA1:	CD68ECF8F5732A0745A406EA1984DCD536B9FE43
SHA-256:	621FE76A533A43B9CBB6749F6ED34986188558FF5312DE31D9C6DD2A3CE70793
SHA-512:	B355757A21DD3B08C4D0A9B8FECE4AF9AAB8209A392F7CB7323BA624CF7E5733B16276FEBEBC3483C9555D11577A98A71892FC4B1FE67C58B440462945C0F082
Malicious:	false
Reputation:	low
Preview:	......JFIF...........................................+......+&.%#%.&D5//5DNB>BN_UU_wqw................................+......+&.%#%.&D5//5DNB>BN_UU_wqw.............."..........4.................................................................a.z`.........................6x..p2............................................................................................O[...H......................................................c..A..................................r...........................................................3t...=.....................................:.......................................................oms...j.................................Ms.5.......................................................c......................................J..@........................................................w......................................66\|..........................................................~.V.p...................................................................

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (7357), with no line terminators
Category:	downloaded
Size (bytes):	7357
Entropy (8bit):	5.170381500472074
Encrypted:	false
SSDEEP:	192:aRH8BEYGmkxTtZ1LwS8rLYPTbj/X/hq9/LUh2rSdaE:aRQEYGmkxTtZ1LP8rLkbM9MaE
MD5:	8121E8EE50866B1E7AADA5B74842321F
SHA1:	7BDB37B3CCAB6CD97EF0D671C3D258DA0846384C
SHA-256:	D42121B89AE8BEEA781B52445D7DF87C095EFE568DD9E03234E1B8F7EB48379A
SHA-512:	AA8598FA72DBF2D784E34F155EE9AD9980EB78244D866771D756B486578F8E4897D9944E4C3E8043D573F1F77325867FB390A27CCDFC8B8BC88F6E65B8E67FB8
Malicious:	false
Reputation:	low
URL:	https://acrobat.adobe.com/dc-web-app-dropin/3.18.0_2.174.0/translations-en-US.js
Preview:	"use strict";(self["webpackJsonp-web-app"]=self["webpackJsonp-web-app"]\|\|[]).push([[327],{t39f:e=>{e.exports=JSON.parse('{"APPS":"Apps","DOCUMENT_CLOUD":"Document Cloud","FILES":"Files","HOME":"Home","VIEWS":"For Viewing","REVIEWS":"For Review","SIGNATURES":"For Signature","ORGANIZER":"Organizer","SHARE":"Share","SHARED":"Shared","SHARED_DOCUMENTS":"Shared Documents","SIGN":"Sign","SIGN_OUT":"Sign Out","STARRED":"Starred","UPLOAD_ETC":"Upload etc.","SOMETHING_WENT_WRONG":"Something went wrong","TRY_LATER":"We\'re sorry for the inconvenience. Please try again later.","ACCESS_DENIED":"Access Denied","NO_ACCESS_MSG":"You do not have access to this service. Contact your IT administrator to gain access.","SIGN_IN_DIFF":"Sign in with a different account","IN_BETA_COHORT_PARA1":"Thank you for participating in the Beta program for the next generation of Adobe Document Cloud.","IN_BETA_COHORT_PARA2":"We are constantly adding exciting capabilities to the Beta, but this feature is still under dev

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://acrobat.adobe.com/id/urn:aaid:sc:EU:d940c2ff-debb-48d2-b87d-f7b409a4774e

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Cryptography

Phishing

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Chrome Cache Entry: 137

Chrome Cache Entry: 138

Chrome Cache Entry: 139

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 142

Chrome Cache Entry: 143

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 146

Chrome Cache Entry: 147

Chrome Cache Entry: 148

Chrome Cache Entry: 149

Chrome Cache Entry: 150

Chrome Cache Entry: 151

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Windows Analysis Report
https://acrobat.adobe.com/id/urn:aaid:sc:EU:d940c2ff-debb-48d2-b87d-f7b409a4774e